Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-58391

"is_moodle_cookie_secure()" is buggy

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Not a bug
    • Affects Version/s: 3.0.9, 3.2.2
    • Fix Version/s: None
    • Component/s: Authentication
    • Labels:
      None
    • Affected Branches:
      MOODLE_30_STABLE, MOODLE_32_STABLE

      Description

      "is_moodle_cookie_secure()" function returns wrong result. It cause wrong report at moodle security review page.

      https://github.com/moodle/moodle/blob/master/lib/sessionlib.php#L99

      orisinal

      if (!empty($CFG->loginhttps)) {
          return false;
      }

      correct

      if (empty($CFG->loginhttps)) {
          return false;
      }
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              papillon326 Mitsuru Udagawa
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: