From 3d2ee95f1e06972188967b2bc19720001a4f1395 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Wed, 26 Aug 2015 14:29:36 +0200 Subject: Remove last occurence of `forcessl` This shoudl have been adjusted as well, now it's consistent with `setMagicInCookie`. While it does not have a security impact directly some automated scanners reported this all the time. --- lib/private/user/session.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/private/user/session.php b/lib/private/user/session.php index 75a884fb452..baceeb43956 100644 --- a/lib/private/user/session.php +++ b/lib/private/user/session.php @@ -297,8 +297,8 @@ class Session implements IUserSession, Emitter { * Remove cookie for "remember username" */ public function unsetMagicInCookie() { - //TODO: DI for cookies and OC_Config - $secureCookie = \OC_Config::getValue('forcessl', false); + //TODO: DI for cookies and IRequest + $secureCookie = \OC::$server->getRequest()->getServerProtocol() === 'https'; unset($_COOKIE["oc_username"]); //TODO: DI unset($_COOKIE["oc_token"]); -- cgit v1.2.3