Branch: refs/heads/master
Home:
https://github.com/phpmyadmin/phpmyadmin
Commit: 7adff6b57c648200e27f17f9b412ba30584c6878
https://github.com/phpmyadmin/phpmyadmin/commit/7adff6b57c648200e27f17f9b41…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2017-03-21 (Tue, 21 Mar 2017)
Changed paths:
M ChangeLog
M js/functions.js
M libraries/Header.php
M libraries/plugins/auth/AuthenticationCookie.php
Log Message:
-----------
Indicate when HTTPS is not properly reported on the server
This can happen in both directions which both can have undesired side
effects:
- when server thinks it's serving HTTPS, but it's not, the cookies are
set as secure and thus never returned back by client
- whene server thinks it's not serving HTTPS, the secure flag for
cookies is not set, making it possible to leak them over HTTP
Fixes #13110
Signed-off-by: Michal Čihař <michal(a)cihar.com>