X-Git-Url: http://koha-dev.rot13.org:8081/gitweb/?a=blobdiff_plain;f=C4%2FAuth.pm;h=0c57a3f75efcf3f6855355abd4610e35c598774c;hb=4da872e51f8ccf60d9f012d1490f87d6d92972d1;hp=2eb63f5170a417a52e8cbc4950527d8fa67a090a;hpb=9970c7e93c2b0383e5522b593fe12462a0228b32;p=koha_fer

diff --git a/C4/Auth.pm b/C4/Auth.pm
index 2eb63f5170..0c57a3f75e 100644
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -264,12 +264,13 @@ sub get_template_and_user {
 						       $_->{'time'},
                             ) foreach @recentSearches;
 
-					# And then, delete the cookie's content
-					my $newsearchcookie = $in->{'query'}->cookie(
-												-name => 'KohaOpacRecentSearches',
-												-value => freeze([]),
-												-expires => ''
-											 );
+                    # And then, delete the cookie's content
+                    my $newsearchcookie = $in->{'query'}->cookie(
+                                                -name => 'KohaOpacRecentSearches',
+                                                -value => freeze([]),
+                                                -HttpOnly => 1,
+                                                -expires => ''
+                                             );
 					$cookie = [$cookie, $newsearchcookie];
 				}
 			}
@@ -300,6 +301,7 @@ sub get_template_and_user {
  	}
 
     if(C4::Context->preference('dateformat')){
+        $template->param( dateformat => C4::Context->preference('dateformat') );
         if(C4::Context->preference('dateformat') eq "metric"){
             $template->param(dateformat_metric => 1);
         } elsif(C4::Context->preference('dateformat') eq "us"){
@@ -632,8 +634,8 @@ sub checkauth {
     # when using authentication against multiple CAS servers, as configured in Auth_cas_servers.yaml
     my $casparam = $query->param('cas');
 
-    if ( $userid = $ENV{'REMOTE_USER'} ) {
-        # Using Basic Authentication, no cookies required
+        if ( $userid = $ENV{'REMOTE_USER'} ) {
+            # Using Basic Authentication, no cookies required
         $cookie = $query->cookie(
             -name     => 'CGISESSID',
             -value    => '',
@@ -1135,7 +1137,11 @@ sub check_api_auth {
                 $sessionID = undef;
                 return ("expired", undef, undef);
             } else {
-                my $cookie = $query->cookie( CGISESSID => $session->id );
+                my $cookie = $query->cookie(
+                    -name  => 'CGISESSID',
+                    -value => $session->id,
+                    -HttpOnly => 1,
+                );
                 $session->param('lasttime',time());
                 my $flags = haspermission($userid, $flagsrequired);
                 if ($flags) {
@@ -1179,7 +1185,11 @@ sub check_api_auth {
 
             my $sessionID = $session->id;
             C4::Context->_new_userenv($sessionID);
-            my $cookie = $query->cookie(CGISESSID => $sessionID);
+            my $cookie = $query->cookie(
+                -name  => 'CGISESSID',
+                -value => $sessionID,
+                -HttpOnly => 1,
+            );
             if ( $return == 1 ) {
                 my (
                     $borrowernumber, $firstname,  $surname,