fix bug regarding SSL cookies.

3e00ce2e · Taylor Otwell · bf886f32 · 3e00ce2e · 3e00ce2e · 3e00ce2e
Commit 3e00ce2e authored Apr 04, 2012 by Taylor Otwell
Show whitespace changes
Inline Side-by-side

Showing with 23 additions and 3 deletions

artisan artisan +1 -1

changes.md changes.md +12 -0

cookie.php laravel/cookie.php +8 -0

paths.php paths.php +1 -1

index.php public/index.php +1 -1

No files found.
--- a/artisan
+++ b/artisan
@@ -3,7 +3,7 @@
 * Laravel - A PHP Framework For Web Artisans
 *
 * @package  Laravel
- * @version  3.1.4
+ * @version  3.1.5
 * @author   Taylor Otwell <taylorotwell@gmail.com>
 * @link     http://laravel.com
 */

--- a/changes.md
+++ b/changes.md
@@ -2,6 +2,8 @@

 ## Contents

+- [Laravel 3.1.5](#3.1.5)
+- [Upgrading From 3.1.4](#upgrade-3.1.5)
 - [Laravel 3.1.4](#3.1.4)
 - [Upgrading From 3.1.3](#upgrade-3.1.4)
 - [Laravel 3.1.3](#3.1.3)
@@ -13,6 +15,16 @@
 - [Laravel 3.1](#3.1)
 - [Upgrading From 3.0](#upgrade-3.1)

+<a name="3.1.5"></a>
+## Laravel 3.1.5
+
+- Fixes bug that could allow secure cookies to be sent over HTTP.
+
+<a name="upgrade-3.1.5"></a>
+## Upgrading From 3.1.4
+
+- Replace the **laravel** folder.
+
 <a name="3.1.4"></a>
 ## Laravel 3.1.4


--- a/laravel/cookie.php
+++ b/laravel/cookie.php
@@ -63,6 +63,14 @@ class Cookie {
 		}
 		else
 		{
+			// We don't want to send secure cookies over HTTP unless the developer has
+			// turned off the "SSL" application configuration option, which is used
+			// while developing the application but should be true in production.
+			if ($secure and ! Request::secure() and Config::get('application.ssl'))
+			{
+				return;
+			}
+
 			setcookie($name, $value, $time, $path, $domain, $secure);
 		}
 	}

--- a/paths.php
+++ b/paths.php
@@ -3,7 +3,7 @@
 * Laravel - A PHP Framework For Web Artisans
 *
 * @package  Laravel
- * @version  3.1.4
+ * @version  3.1.5
 * @author   Taylor Otwell <taylorotwell@gmail.com>
 * @link     http://laravel.com
 */

--- a/public/index.php
+++ b/public/index.php
@@ -3,7 +3,7 @@
 * Laravel - A PHP Framework For Web Artisans
 *
 * @package  Laravel
- * @version  3.1.4
+ * @version  3.1.5
 * @author   Taylor Otwell <taylorotwell@gmail.com>
 * @link     http://laravel.com
 */