Changeset 2942075

Timestamp:

07/23/2023 12:06:42 PM (13 months ago)

Author:

ayeshrajans

Message:

Add v2.0

Location:

samesite

Files:

• assets/screenshot-1.png (added)
• tags/2.0 (added)
• tags/2.0/composer.json (added)
• tags/2.0/readme.txt (added)
• tags/2.0/samesite.php (added)
• trunk/composer.json (modified) (1 diff)
• trunk/readme.txt (modified) (4 diffs)
• trunk/samesite.php (modified) (5 diffs)

samesite/trunk/composer.json

@@ -8 +8 @@
             {
                 "name": "Ayesh Karunaratne",
-                "email": "ayesh@ayesh.me",
-                "homepage": "https://ayesh.me"
+                "email": "ayesh@aye",
+                "homepage": "https://aye"
             }
         ],
-    "keywords": ["password", "password_hash", "bcrypt", "argon2", "argon2i", "sodium", "password-security", "security", "wordpress", "wordpress-security", "wordpress-plugin"],
+    "keywords": ["s", "wordpress-security", "wordpress-plugin"],
     "support": {
         "issues": "https://github.com/phpwatch/WordPress-SameSite/issues"
     },
     "require": {
-        "php": ">=5.6.0",
+        "php": ">=.0",
         "composer/installers": "~1.0"
     },

samesite/trunk/readme.txt

@@ -2 +2 @@
 Contributors: ayeshrajans
 Tags: security, csrf, cookies, samesite
-Requires at least: 4.3
-Tested up to: 5.6
+Requires at least: 
+Tested up to: 
 License: GPLv2 or later
-Stable tag: 1.5
+Stable tag: 2.0
+Requires PHP: 7.0
 
 CSRF-protection for authentication cookies. When enabled, this plugin makes sure the "SameSite" flag is set in authentication cookies. SameSite flag on a cookie prevents the browser from sending the cookie (thus, the authentication) on Cross-Site requests. This protects users from Cross-Site Request Forgery attacks.
@@ -14 +15 @@
 SameSite cookie flag support was added to PHP on version 7.3, but this plugin ships with a workaround to **support all PHP versions** WordPress supports.
 
-There is no administrative UI provided: Activate this plugin and you are all set!
+There is no administrative UI provided: Activate this plugin and you are all set!
 
 You can configure the SameSite flag value from your WordPress configuration file. You cna pick a value from `Lax` (default), `Strict`, or `None`. You can read about [SameSite cookies here](https://php.watch/articles/PHP-Samesite-cookies).
@@ -24 +25 @@
 ```
 
-Note that only the authentication cookies are affected. Regular cookies that your installed plugins set will **not** be affected, nor provide any meaningful value with `SameSite` flags.
+Note that . Regular cookies that your installed plugins set will **not** be affected, nor provide any meaningful value with `SameSite` flags.
 
 == Installation ==
 1. Install this plugin as you would with any other plugin.
 2. Enable it.
-3. There is no third step - From this point afterwards, authentication cookies your WordPress site uses will contain SameSite flag, and you will be protected from CSRF attacks.
+3. There is no third step - From this point afterward, authentication cookies your WordPress site uses will contain SameSite flag, and you will be protected from CSRF attacks.
 
 If you find this plugin useful, I'd appreciate you leaving a review on the plugin page.
 
 == Frequently Asked Questions ==
+
+
+
+
+
+
+
+
+
+
+
 = Do I need to have PHP 7.3 or later? =
 No. [PHP 7.3 officially added SameSite cookie support](https://php.watch/versions/7.3/same-site-cookies), but this plugin comes with a polyfill to extend support to all previous PHP versions.
@@ -41 +53 @@
 
 
+
+
+
+
 == Changelog ==
 
 = 1.5 =
 * Fixes a cookie expiration issue that was reported multiple times in the issue queue. Thanks to Jamie Magin (@jamagin at GitHub).
+
+
+
+

samesite/trunk/samesite.php

@@ -6 +6 @@
 Plugin Name: SameSite
 Plugin URI: https://wordpress.org/plugins/samesite
-Description: CSRF-protection for authentication cookies. When enable, this plugin makes sure the "SameSite" flag is set in authentication cookies, which protects users from Cross-Site Request Forgery attacks.
-Version: 1.5
+Description: CSRF-protection for authentication cookies. When enable, this plugin makes sure the "SameSite" flag is set in authentication cookies, which protects users from Cross-Site Request Forgery attacks.
+Version: 
 Author: Ayesh Karunaratne
-Author URI: https://ayesh.me/open-source
+Author URI: https://aye/open-source
 License: GPLv2 or later
 */
@@ -31 +31 @@
  * @param string $token    Optional. User's session token to use for this cookie.
  */
-function wp_set_auth_cookie( $user_id, $remember = false, $secure = '', $token = '' ) {
+function wp_set_auth_cookie(  $token = '' ) {
     if ( $remember ) {
         /**
@@ -59 +59 @@
     }
 
-    // Front-end cookie is secure when the auth cookie is secure and the site's home URL is forced HTTPS.
+    // Front-end cookie is secure when the auth cookie is secure and the site's home URL  HTTPS.
     $secure_logged_in_cookie = $secure && 'https' === parse_url( get_option( 'home' ), PHP_URL_SCHEME );
 
     /**
-     * Filters whether the connection is secure.
+     * Filters whether the .
      *
      * @since 3.1.0
@@ -77 +77 @@
      * @since 3.1.0
      *
-     * @param bool $secure_logged_in_cookie Whether to use a secure cookie when logged-in.
+     * @param bool $secure_logged_in_cookie Whether t.
      * @param int  $user_id                 User ID.
-     * @param bool $secure                  Whether the connection is secure.
+     * @param bool $secure                  Whether the .
      */
     $secure_logged_in_cookie = apply_filters( 'secure_logged_in_cookie', $secure_logged_in_cookie, $user_id, $secure );
@@ -137 +137 @@
      *
      * @since 4.7.4
-     *
-     * @param bool $send Whether to send auth cookies to the client.
-     */
-    if ( ! apply_filters( 'send_auth_cookies', true ) ) {
+     * @since 6.2.0 The `$expire`, `$expiration`, `$user_id`, `$scheme`, and `$token` parameters were added.
+     *
+     * @param bool   $send       Whether to send auth cookies to the client. Default true.
+     * @param int    $expire     The time the login grace period expires as a UNIX timestamp.
+     *                           Default is 12 hours past the cookie's expiration time. Zero when clearing cookies.
+     * @param int    $expiration The time when the logged-in authentication cookie expires as a UNIX timestamp.
+     *                           Default is 14 days from now. Zero when clearing cookies.
+     * @param int    $user_id    User ID. Zero when clearing cookies.
+     * @param string $scheme     Authentication scheme. Values include 'auth' or 'secure_auth'.
+     *                           Empty string when clearing cookies.
+     * @param string $token      User's session token to use for this cookie. Empty string when clearing cookies.
+     */
+    if ( ! apply_filters( 'send_auth_cookies', true, $expire, $expiration, $user_id, $scheme, $token ) ) {
         return;
     }