From df5d307ea8bac1f5030d42af363ae9f7469a63f2 Mon Sep 17 00:00:00 2001
From: Gerrit Uitslag <klapinklapin@gmail.com>
Date: Thu, 10 Oct 2013 15:53:03 +0200
Subject: [PATCH] add cookie secure parameter to cookies set by javascript

---
 lib/exe/js.php        | 8 ++++++--
 lib/scripts/cookie.js | 2 +-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/lib/exe/js.php b/lib/exe/js.php
index fc7a869c2..040b8874d 100644
--- a/lib/exe/js.php
+++ b/lib/exe/js.php
@@ -86,16 +86,20 @@ function js_out(){
     // start output buffering and build the script
     ob_start();
 
+    $json = new JSON();
     // add some global variables
     print "var DOKU_BASE   = '".DOKU_BASE."';";
     print "var DOKU_TPL    = '".tpl_basedir()."';";
-    print "var DOKU_COOKIEPATH = '" . (empty($conf['cookiedir']) ? DOKU_REL : $conf['cookiedir']) . "';";
+    print "var DOKU_COOKIE_PARAM = " . $json->encode(
+            array(
+                 'path' => empty($conf['cookiedir']) ? DOKU_REL : $conf['cookiedir'],
+                 'secure' => $conf['securecookie'] && is_ssl()
+            )).";";
     // FIXME: Move those to JSINFO
     print "var DOKU_UHN    = ".((int) useHeading('navigation')).";";
     print "var DOKU_UHC    = ".((int) useHeading('content')).";";
 
     // load JS specific translations
-    $json = new JSON();
     $lang['js']['plugins'] = js_pluginstrings();
     $templatestrings = js_templatestrings();
     if(!empty($templatestrings)) {
diff --git a/lib/scripts/cookie.js b/lib/scripts/cookie.js
index 4cb527f26..8417d2064 100644
--- a/lib/scripts/cookie.js
+++ b/lib/scripts/cookie.js
@@ -30,7 +30,7 @@ var DokuCookie = {
                 text.push(encodeURIComponent(key)+'#'+encodeURIComponent(val));
             }
         });
-        jQuery.cookie(this.name, text.join('#'), {expires: 365, path: DOKU_COOKIEPATH});
+        jQuery.cookie(this.name, text.join('#'), {expires: 365, path: DOKU_COOKIE_PARAM.path, secure: DOKU_COOKIE_PARAM.secure});
     },
 
     /**
-- 
GitLab