0009690: Wrong parameter count for session_set_cookie_params() - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update
0009690	mantisbt	other	public	2008-10-14 11:17	2008-10-18 18:33

Reporter	kynx	Assigned To	jreese
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	fixed
Platform	PHP5.1.6	OS	CentOS	OS Version	5
Product Version	1.1.3
Fixed in Version	1.1.4

Summary	0009690: Wrong parameter count for session_set_cookie_params()
Description	I'm getting the following warning at the top of every page: "SYSTEM WARNING: Wrong parameter count for session_set_cookie_params()" According to the manual, the 5th param (httponly) for session_set_cookie_params was added in PHP 5.2.0. CentOS 5 is still on 5.1.6. Editing lines 59 and 61 of core/session_api.php to remove the 5th param fixes the problem, but hopefully there's a more elegant way of addressing this?
Tags	No tags attached.
Attached Files	session_set_cookie_params.diff (981 bytes) --- mantis-1.1.3.orig/core/session_api.php 2008-09-27 15:28:01.000000000 +0100 +++ mantis-1.1.3/core/session_api.php 2008-10-14 17:31:19.000000000 +0100 @@ -55,10 +55,11 @@ } session_cache_limiter( 'private_no_expire' ); - if ( isset( $_SERVER['HTTPS'] ) && ( strtolower( $_SERVER['HTTPS'] ) != 'off' ) ) { - session_set_cookie_params( 0, config_get( 'cookie_path' ), config_get( 'cookie_domain' ), true, true ); + $secure = ( isset( $_SERVER['HTTPS'] ) && ( strtolower( $_SERVER['HTTPS'] ) != 'off' ) ) ? true : false; + if ( version_compare( PHP_VERSION, '5.2.0' ) >= 0 ) { + session_set_cookie_params( 0, config_get( 'cookie_path' ), config_get( 'cookie_domain' ), $secure, true ); } else { - session_set_cookie_params( 0, config_get( 'cookie_path' ), config_get( 'cookie_domain' ), false, true ); + session_set_cookie_params( 0, config_get( 'cookie_path' ), config_get( 'cookie_domain' ), $secure ); } session_start(); $this->id = session_id(); session_set_cookie_params.diff (981 bytes)

kynx 2008-10-14 11:33 reporter ~0019552	Oh, just saw the min version for Mantis is 5.2. My mistake. Will just have to add this to the list of patches I apply to each new version :(

giallu 2008-10-14 12:13 reporter ~0019554	5.2, where's that stated? I remember we decided to stick with 5.1 exactly because CentOS 5 is still on 5.1.6

kynx 2008-10-14 12:35 reporter ~0019555	http://www.mantisbt.org/requirements.php

kynx 2008-10-14 12:36 reporter ~0019556	My quick and dirty fix attached. Note I've only tested it on PHP 5.1.6.

jreese 2008-10-14 13:00 reporter ~0019557	I agree with Giallu that the requiremets for 1.2.x should only be PHP 5.1+. The requirements page is incorrect.

jreese 2008-10-14 13:06 reporter ~0019558	The fix has been committed to SVN trunk, r5669, and SVN 1.1.x, r5670. I opted to simply remove the fifth parameter altogether because it is not yet supported by all browsers, and since our official PHP (should) state PHP 5.1 (4.x for the 1.1.x branch).

MantisBT: master 8b9f1cb6 2008-10-14 13:02 jreese Details Diff	Fix 0009690: httponly flag for session_set_cookie_params() is only in PHP 5.2+ git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@5669 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9		Affected Issues 0009690
	mod - core/session_api.php		Diff File
MantisBT: master-1.1.x a044f157 2008-10-14 13:03 jreese Details Diff	Fix 0009690: httponly flag for session_set_cookie_params() is only in PHP 5.2+ git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/branches/BRANCH_1_1_0@5670 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9		Affected Issues 0009690
	mod - core/session_api.php		Diff File