[wp-trac] Re: [WordPress Trac] #7677: WordPress should implement
HttpOnly Cookies to slow down XSS
WordPress Trac
wp-trac at lists.automattic.com
Wed Sep 3 15:17:17 GMT 2008
#7677: WordPress should implement HttpOnly Cookies to slow down XSS
----------------------+-----------------------------------------------------
Reporter: _ck_ | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone: 2.6.2
Component: Security | Version:
Severity: major | Resolution:
Keywords: cookies |
----------------------+-----------------------------------------------------
Changes (by _ck_):
* component: General => Security
* severity: normal => major
Comment:
It's this freaking simple. Should be added ASAP:
{{{
if (PHP_VERSION < 5.2) {
@setcookie( $name, $value, $expires, $path, $domain. '; HttpOnly' );
} else {
@setcookie( $name, $value, $expires, $path, $domain, NULL, TRUE );
}
}}}
--
Ticket URL: <http://trac.wordpress.org/ticket/7677#comment:1>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list