Commit 1de98223 authored by Thomas Citharel's avatar Thomas Citharel
Browse files

Add a check at install to suggest setting session.cookie_httponly inside php.ini


Signed-off-by: default avatarThomas Citharel <tcit@tcit.fr>
parent 2328b2c8
......@@ -124,6 +124,12 @@ if (extension_loaded('openssl')) {
$messages[] = new Message('warning', __('Check','Consider enabling the PHP extension OpenSSL for increased security.'));
}
if (ini_get('session.cookie_httponly') === '1') {
$messages[] = new Message('info', __('Check', 'Cookies are served from HTTP only.'));
} else {
$messages[] = new Message('warning', __('Check', "Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript."));
}
// Datetime
$timezone = ini_get('date.timezone');
if (!empty($timezone)) {
......
......@@ -422,6 +422,8 @@
"The config file exists.": "Amañ mañ ar restr kefnluniañ.",
"The config file directory (%s) is writable.": "Gallout a raer skrivañ e kavlec'h ar restr kefluniañ (%s).",
"OpenSSL extension loaded.": "Askouezh OpenSSL karget.",
"Cookies are served from HTTP only.": "BR_Cookies are served from HTTP only.",
"Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "BR_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.",
"Consider enabling the PHP extension OpenSSL for increased security.": "Aliañ a reomp gweredekaat an askouezh OpenSSL evit ;uioc'h a surentez.",
"date.timezone is set.": "Arventennet eo date.timezone.",
"Consider setting the date.timezone in php.ini.": "Aliañ a reomp da lakaat date.timezone e php.ini.",
......
......@@ -423,6 +423,8 @@
"The config file exists.": "Die Konfigurationsdatei existiert.",
"The config file directory (%s) is writable.": "Die Konfigurationsdatei (%s) ist beschreibbar.",
"OpenSSL extension loaded.": "Die OpenSSL-Erweiterung ist geladen.",
"Cookies are served from HTTP only.": "DE_Cookies are served from HTTP only.",
"Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "DE_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.",
"Consider enabling the PHP extension OpenSSL for increased security.": "Ziehen Sie in Erwägung, für eine verbesserte Sicherheit die OpenSSL-Erweiterung zu aktivieren.",
"date.timezone is set.": "date.timezone ist konfiguriert.",
"Consider setting the date.timezone in php.ini.": "Ziehen Sie in Erwägung, date.timezone in php.ini zu konfigurieren.",
......
......@@ -430,6 +430,8 @@
"The config file exists.": "The config file exists.",
"The config file directory (%s) is writable.": "The config file directory (%s) is writable.",
"OpenSSL extension loaded.": "OpenSSL extension loaded.",
"Cookies are served from HTTP only.": "Cookies are served from HTTP only.",
"Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.",
"Consider enabling the PHP extension OpenSSL for increased security.": "Consider enabling the PHP extension OpenSSL for increased security.",
"date.timezone is set.": "date.timezone is set.",
"Consider setting the date.timezone in php.ini.": "Consider setting the date.timezone in php.ini.",
......
......@@ -424,6 +424,8 @@
"The config file directory (%s) is writable.": "ES_Le dossier du fichier de configuration (%s) est accessible en écriture.",
"OpenSSL extension loaded.": "ES_L'extension PHP OpenSSL est chargée.",
"Consider enabling the PHP extension OpenSSL for increased security.": "ES_Veuillez considérer l'activation de l'extension PHP OpenSSL pour améliorer la sécurité.",
"Cookies are served from HTTP only.": "ES_Cookies are served from HTTP only.",
"Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "ES_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.",
"date.timezone is set.": "ES_date.timezone est défini.",
"Consider setting the date.timezone in php.ini.": "ES_Veuillez considérer la définition de date.timezone dans le php.ini.",
"Check again": "ES_Vérifier à nouveau",
......
......@@ -430,6 +430,8 @@
"The config file exists.": "Le fichier de configuration existe.",
"The config file directory (%s) is writable.": "Le dossier du fichier de configuration (%s) est accessible en écriture.",
"OpenSSL extension loaded.": "L'extension PHP OpenSSL est chargée.",
"Cookies are served from HTTP only.": "Les cookies sont accessibles uniquement via HTTP.",
"Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "Pensez à définir « session.cookie_httponly = 1 » dans votre fichier php.ini ou bien ajouter « php_value session.cookie_httponly 1 » à votre fichier .htaccess de telle sorte que les cookies ne puissent pas être accessibles depuis Javascript.",
"Consider enabling the PHP extension OpenSSL for increased security.": "Veuillez considérer l'activation de l'extension PHP OpenSSL pour améliorer la sécurité.",
"date.timezone is set.": "date.timezone est défini.",
"Consider setting the date.timezone in php.ini.": "Veuillez considérer la définition de date.timezone dans le php.ini.",
......
......@@ -423,7 +423,9 @@
"The config file exists.": "IT_Le fichier de configuration existe.",
"The config file directory (%s) is writable.": "IT_Le dossier du fichier de configuration (%s) est accessible en écriture.",
"OpenSSL extension loaded.": "IT_L'extension PHP OpenSSL est chargée.",
"Cookies are served from HTTP only.": "IT_Cookies are served from HTTP only.",
"Consider enabling the PHP extension OpenSSL for increased security.": "IT_Veuillez considérer l'activation de l'extension PHP OpenSSL pour améliorer la sécurité.",
"Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "IT_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.",
"date.timezone is set.": "IT_date.timezone est défini.",
"Consider setting the date.timezone in php.ini.": "IT_Veuillez considérer la définition de date.timezone dans le php.ini.",
"Check again": "Verificare di nuovo",
......
......@@ -424,6 +424,8 @@
"The config file directory (%s) is writable.": "De map van het configuratiebestand (%s) is schrijfbaar.",
"OpenSSL extension loaded.": "PHP OpenSSL extensie opgeladen.",
"Consider enabling the PHP extension OpenSSL for increased security.": "Overweeg de activering van de PHP OpenSSL extensie om de veiligheid te verhogen.",
"Cookies are served from HTTP only.": "NL_Cookies are served from HTTP only.",
"Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "NL_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.",
"date.timezone is set.": "date.timezone is ingesteld.",
"Consider setting the date.timezone in php.ini.": "Overweeg de instelling van date.timezone in het php.ini bestand.",
"Check again": "Controleer opnieuw",
......
......@@ -424,6 +424,8 @@
"The config file directory (%s) is writable.": "Lo dorsièr del fichièr de configuracion (%s) es accessible en escritura.",
"OpenSSL extension loaded.": "L’extension PHP OpenSSL es cargada.",
"Consider enabling the PHP extension OpenSSL for increased security.": "Mercés de pensar a activar l’extension PHP OpenSSL per milhorar la seguritat.",
"Cookies are served from HTTP only.": "OC_Cookies are served from HTTP only.",
"Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.": "OC_Consider setting « session.cookie_httponly = 1 » inside your php.ini or add « php_value session.cookie_httponly 1 » to your .htaccess so that cookies can't be accessed through Javascript.",
"date.timezone is set.": "date.timezone es definit.",
"Consider setting the date.timezone in php.ini.": "Mercés de far cas a la definicion de date.timezone dins lo php.ini.",
"Check again": "Tornar verificar",
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment