(#2 reformated, f*ck webmailer...)
Hallo,
Our services must pass a scan test.
Nikto say:
+ GET Cookie SQMSESSID created without the httponly flag
I have not found a config option.
I found following function:
# vi ./functions/global.php
589 function sqsetcookie($sName, $sValue='deleted', $iExpire=0, $sPath="", $sDomain="",
590 $bSecure=false, $bHttpOnly=true, $bReplace=false) {
But all calls use only 4 options (example):
663 sqsetcookie(session_name(), session_id(), 0, $base_uri);
I have tried following changes, but without success:
# diff ./functions/global.php.org ./functions/global.php
590c590
$bSecure=true, $bHttpOnly=true, $bReplace=false) {
Howto create Cookie with httponly flag?
Regards Heimo.
SquirrelMail version 1.5.1
--
Schon gewusst?! Neben dem E-Mail-Postfach bietet freenet.de auch eine
INTEGRIERTE CLOUD-LÖSUNG MIT 3 GB SPEICHER und das alles KOMPLETT
KOSTENFREI.
https://email.freenet.de/index.html
[https://email.freenet.de/index.html?utm_medium=Mail%20Basic&utm_source=Mailfooter&utm_campaign=Footer%20A&epid=e9900000927&utm_content=Link]
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
