Protect session cookie

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@1057 7c3ca157-0c34-0410-bff1-cbf682f78f5c

diff --git a/adminer/include/bootstrap.inc.php b/adminer/include/bootstrap.inc.php
index 92ac974a9f2834072bb719a7fcee05082160ab3a..037861b8ac70598feac84a5ed5591b06df1262b5 100644 (file)
--- a/adminer/include/bootstrap.inc.php
+++ b/adminer/include/bootstrap.inc.php
@@ -44,10 +44,13 @@ if (!isset($_SERVER["REQUEST_URI"])) {
 }
 
 if (!ini_get("session.auto_start")) {
-       // use specific session name to get own namespace
-       @ini_set("session.use_trans_sid", false); // @ - may be disabled
-       session_name("adminer_sid");
-       session_set_cookie_params(0, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"])); //! use HttpOnly in PHP 5
+       @ini_set("session.use_trans_sid", false); // protect links in export, @ - may be disabled
+       session_name("adminer_sid"); // use specific session name to get own namespace
+       $params = array(0, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]), "", $_SERVER["HTTPS"]);
+       if (version_compare(PHP_VERSION, '5.2.0') >= 0) {
+               $params[] = true; // HttpOnly
+       }
+       call_user_func_array('session_set_cookie_params', $params);
        session_start();
 }