Instiki 0.19.1

tex_list, Rails 2.3.10, etc.
2010-10-15 10:47:59 -05:00 · 2010-10-15 10:47:59 -05:00 · cebd381d0d
commit cebd381d0d
parent 46da49485f
73 changed files with 1090 additions and 867 deletions
--- a/vendor/rails/actionpack/lib/action_controller/session/abstract_store.rb
+++ b/vendor/rails/actionpack/lib/action_controller/session/abstract_store.rb
@ -180,6 +180,10 @@ module ActionController
        options = env[ENV_SESSION_OPTIONS_KEY]

        if !session_data.is_a?(AbstractStore::SessionHash) || session_data.loaded? || options[:expire_after]
+          request = ActionController::Request.new(env)
+
+          return response if (options[:secure] && !request.ssl?)
+        
          session_data.send(:load!) if session_data.is_a?(AbstractStore::SessionHash) && !session_data.loaded?

          sid = options[:id] || generate_sid
@ -188,7 +192,9 @@ module ActionController
            return response
          end

-          if (env["rack.request.cookie_hash"] && env["rack.request.cookie_hash"][@key] != sid) || options[:expire_after]
+          request_cookies = env["rack.request.cookie_hash"]
+
+          if (request_cookies.nil? || request_cookies[@key] != sid) || options[:expire_after]
            cookie = Rack::Utils.escape(@key) + '=' + Rack::Utils.escape(sid)
            cookie << "; domain=#{options[:domain]}" if options[:domain]
            cookie << "; path=#{options[:path]}" if options[:path]
@ -196,7 +202,7 @@ module ActionController
              expiry = Time.now + options[:expire_after]
              cookie << "; expires=#{expiry.httpdate}"
            end
-            cookie << "; Secure" if options[:secure]
+            cookie << "; secure" if options[:secure]
            cookie << "; HttpOnly" if options[:httponly]

            headers = response[1]
--- a/vendor/rails/actionpack/lib/action_controller/session/cookie_store.rb
+++ b/vendor/rails/actionpack/lib/action_controller/session/cookie_store.rb
@ -101,8 +101,9 @@ module ActionController

        session_data = env[ENV_SESSION_KEY]
        options = env[ENV_SESSION_OPTIONS_KEY]
-
-        if !session_data.is_a?(AbstractStore::SessionHash) || session_data.loaded? || options[:expire_after]
+        request = ActionController::Request.new(env)
+        
+        if !(options[:secure] && !request.ssl?) && (!session_data.is_a?(AbstractStore::SessionHash) || session_data.loaded? || options[:expire_after])
          session_data.send(:load!) if session_data.is_a?(AbstractStore::SessionHash) && !session_data.loaded?

          persistent_session_id!(session_data)