Use SameSite cookies (except session cookie)

diff --git a/adminer/include/functions.inc.php b/adminer/include/functions.inc.php
index eb3d22c55469bae9f4d893008d1104923d3683f4..928f01a1b6d409fa320fc899de26117ba008a2ef 100644 (file)
--- a/adminer/include/functions.inc.php
+++ b/adminer/include/functions.inc.php
@@ -477,18 +477,12 @@ function convert_fields($columns, $fields, $select = array()) {
 */
 function cookie($name, $value, $lifetime = 2592000) { // 2592000 - 30 days
        global $HTTPS;
-       $params = array(
-               $name,
-               (preg_match("~\n~", $value) ? "" : $value), // HTTP Response Splitting protection in PHP < 5.1.2
-               ($lifetime ? time() + $lifetime : 0),
-               preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]),
-               "",
-               $HTTPS
+       return header("Set-Cookie: $name=" . urlencode($value)
+               . ($lifetime ? "; expires=" . gmdate("D, d M Y H:i:s", time() + $lifetime) . " GMT" : "")
+               . "; path=" . preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"])
+               . ($HTTPS ? "; secure" : "")
+               . "; HttpOnly; SameSite=lax"
        );
-       if (version_compare(PHP_VERSION, '5.2.0') >= 0) {
-               $params[] = true; // HttpOnly
-       }
-       return call_user_func_array('setcookie', $params);
 }
 
 /** Restart stopped session