From e53199fd287b5bdfa095fc57ff1a56c6ebf3299a Mon Sep 17 00:00:00 2001 From: Alex <40072887+alexdcrane@users.noreply.github.com> Date: Fri, 3 Oct 2025 15:06:47 -0700 Subject: [PATCH] Add HttpOnly, Secure, and Samesite session settings to config.conf (#7547) * Add HttpOnly, Secure, and Samesite session settings to config.conf * Update upgrade_menu.php * Update upgrade.php * Update upgrade.php * Update install.php --- core/install/resources/classes/install.php | 5 +++++ core/upgrade/upgrade.php | 8 ++++++-- core/upgrade/upgrade_menu.php | 5 +++++ resources/require.php | 6 +++--- 4 files changed, 19 insertions(+), 5 deletions(-) diff --git a/core/install/resources/classes/install.php b/core/install/resources/classes/install.php index a27c5d972c..88c7307194 100644 --- a/core/install/resources/classes/install.php +++ b/core/install/resources/classes/install.php @@ -128,6 +128,11 @@ $conf .= "php.dir = ".$php_dir."\n"; $conf .= "php.bin = php\n"; $conf .= "\n"; + $conf .= "#session settings\n"; + $conf .= "session.cookie_httponly = true\n"; + $conf .= "session.cookie_secure = true\n"; + $conf .= "session.cookie_samesite = Lax\n"; + $conf .= "\n"; $conf .= "#cache settings\n"; $conf .= "cache.method = file\n"; $conf .= "cache.location = ".$cache_location."\n"; diff --git a/core/upgrade/upgrade.php b/core/upgrade/upgrade.php index 06809178bb..2b1af92690 100644 --- a/core/upgrade/upgrade.php +++ b/core/upgrade/upgrade.php @@ -112,6 +112,11 @@ $conf .= "php.dir = ".$php_dir."\n"; $conf .= "php.bin = php\n"; $conf .= "\n"; + $conf .= "#session settings\n"; + $conf .= "session.cookie_httponly = true\n"; + $conf .= "session.cookie_secure = true\n"; + $conf .= "session.cookie_samesite = Lax\n"; + $conf .= "\n"; $conf .= "#cache settings\n"; $conf .= "cache.method = file\n"; $conf .= "cache.location = ".$cache_location."\n"; @@ -627,7 +632,7 @@ function update_file_permissions($text, settings $settings) { //skip /dev/shm directory if (strpos($dir, '/dev/shm') !== false) { - continue; + continue; } //execute @@ -709,4 +714,3 @@ function find_service_name(string $file) { function is_root(): bool { return posix_getuid() === 0; } - diff --git a/core/upgrade/upgrade_menu.php b/core/upgrade/upgrade_menu.php index 09438233fb..4c02ef2b41 100644 --- a/core/upgrade/upgrade_menu.php +++ b/core/upgrade/upgrade_menu.php @@ -537,6 +537,11 @@ function load_config_php() { $conf .= "php.dir = " . PHP_BINDIR . "\n"; $conf .= "php.bin = php\n"; $conf .= "\n"; + $conf .= "#session settings\n"; + $conf .= "session.cookie_httponly = true\n"; + $conf .= "session.cookie_secure = true\n"; + $conf .= "session.cookie_samesite = Lax\n"; + $conf .= "\n"; $conf .= "#cache settings\n"; $conf .= "cache.method = file\n"; $conf .= "cache.location = /var/cache/fusionpbx\n"; diff --git a/resources/require.php b/resources/require.php index 855be2329c..71f46666b1 100644 --- a/resources/require.php +++ b/resources/require.php @@ -91,9 +91,9 @@ //start the session if not using the command line global $no_session; if (!defined('STDIN') && empty($no_session)) { - ini_set('session.cookie_httponly', 'true'); - ini_set('session.cookie_secure', 'true'); - ini_set('session.cookie_samesite', 'Lax'); + ini_set('session.cookie_httponly', !isset($conf['session.cookie_httponly']) ? 'true' : (!empty($config->get('session.cookie_httponly')) ? 'true' : 'false')); + ini_set('session.cookie_secure', !isset($conf['session.cookie_secure']) ? 'true' : (!empty($config->get('session.cookie_secure')) ? 'true' : 'false')); + ini_set('session.cookie_samesite', $config->get('session.cookie_samesite', 'Lax')); session_start(); }