Etailer_SecureCookie - Version 1.0.0

Version Notes

# 1.0.0

* Marking the frontend cookie with "Secure" when the store is on HTTPS
* System config option to turn this feature on/off
* German locale

Download this release

Release Info

Developer Magento Core Team
Extension Etailer_SecureCookie
Version 1.0.0
Comparing to
See all releases


Version 1.0.0

Files changed (7) hide show
  1. app/code/community/Etailer/SecureCookie/Helper/Data.php +29 -0
  2. app/code/community/Etailer/SecureCookie/Model/Cookie.php +67 -0
  3. app/code/community/Etailer/SecureCookie/etc/config.xml +60 -0
  4. app/code/community/Etailer/SecureCookie/etc/system.xml +46 -0
  5. app/etc/modules/Etailer_SecureCookie.xml +32 -0
  6. app/locale/de_DE/Etailer_SecureCookie.csv +2 -0
  7. package.xml +23 -0
app/code/community/Etailer/SecureCookie/Helper/Data.php ADDED
@@ -0,0 +1,29 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * This file is part of the mage-secure-cookie Magento extension.
4
+ *
5
+ * mage-secure-cookie is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU Lesser General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * mage-secure-cookie is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU Lesser General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU Lesser General Public License
16
+ * along with mage-secure-cookie. If not, see <http://www.gnu.org/licenses/>.
17
+ *
18
+ * @author Axel Helmert <ah@luka.de>
19
+ * @copyright Copyright (c) 2012 LUKA netconsult GmbH (www.luka.de)
20
+ * @license http://www.gnu.org/licenses/lgpl-3.0.txt
21
+ * @version $Id$
22
+ */
23
+
24
+ /**
25
+ * Default Data helper
26
+ */
27
+ class Etailer_SecureCookie_Helper_Data extends Mage_Core_Helper_Abstract
28
+ {
29
+ }
app/code/community/Etailer/SecureCookie/Model/Cookie.php ADDED
@@ -0,0 +1,67 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * This file is part of the mage-secure-cookie Magento extension.
4
+ *
5
+ * mage-secure-cookie is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU Lesser General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * mage-secure-cookie is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU Lesser General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU Lesser General Public License
16
+ * along with mage-secure-cookie. If not, see <http://www.gnu.org/licenses/>.
17
+ *
18
+ * @author Axel Helmert <ah@luka.de>
19
+ * @copyright Copyright (c) 2012 LUKA netconsult GmbH (www.luka.de)
20
+ * @license http://www.gnu.org/licenses/lgpl-3.0.txt
21
+ * @version $Id$
22
+ */
23
+
24
+ /**
25
+ * Mage core cookie overwrite to secure the frontend cookie
26
+ */
27
+ class Etailer_SecureCookie_Model_Cookie extends Mage_Core_Model_Cookie
28
+ {
29
+ /**
30
+ * XML path to cookie config "secure"
31
+ */
32
+ const XML_PATH_COOKIE_SECURE = 'web/cookie/cookie_secure';
33
+
34
+ /**
35
+ * Check for a secure frontend
36
+ *
37
+ * This only applies if
38
+ *
39
+ * 1. The secure cookie Option is turned on in the store config.
40
+ * 2. "Use secure urls in Frontend" is turned on in the store config
41
+ * 3. The unsecure base URL is a https:// url
42
+ *
43
+ * @return boolean
44
+ */
45
+ protected function _checkSecureFrontend()
46
+ {
47
+ $store = $this->getStore();
48
+ if (!$store->getConfig(self::XML_PATH_COOKIE_SECURE) || !$store->getConfig(Mage_Core_Model_Store::XML_PATH_SECURE_IN_FRONTEND)) {
49
+ return false;
50
+ }
51
+
52
+ $baseLinkUrl = $store->getConfig(Mage_Core_Model_Store::XML_PATH_UNSECURE_BASE_LINK_URL);
53
+ return (substr($baseLinkUrl, 0, 8) == 'https://');
54
+ }
55
+
56
+ /**
57
+ * @see Mage_Core_Model_Cookie::isSecure()
58
+ */
59
+ public function isSecure()
60
+ {
61
+ if ($this->getStore()->isAdmin() || $this->_checkSecureFrontend()) {
62
+ return $this->_getRequest()->isSecure();
63
+ }
64
+
65
+ return false;
66
+ }
67
+ }
app/code/community/Etailer/SecureCookie/etc/config.xml ADDED
@@ -0,0 +1,60 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <!--
3
+ /**
4
+ * This file is part of the mage-secure-cookie Magento extension.
5
+ *
6
+ * mage-secure-cookie is free software: you can redistribute it and/or modify
7
+ * it under the terms of the GNU Lesser General Public License as published by
8
+ * the Free Software Foundation, either version 3 of the License, or
9
+ * (at your option) any later version.
10
+ *
11
+ * mage-secure-cookie is distributed in the hope that it will be useful,
12
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
13
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
+ * GNU Lesser General Public License for more details.
15
+ *
16
+ * You should have received a copy of the GNU Lesser General Public License
17
+ * along with mage-secure-cookie. If not, see <http://www.gnu.org/licenses/>.
18
+ *
19
+ * @author Axel Helmert <ah@luka.de>
20
+ * @copyright Copyright (c) 2012 LUKA netconsult GmbH (www.luka.de)
21
+ * @license http://www.gnu.org/licenses/lgpl-3.0.txt
22
+ * @version $Id$
23
+ */
24
+ -->
25
+ <config>
26
+ <modules>
27
+ <Etailer_SecureCookie>
28
+ <version>1.0.0</version>
29
+ <description>This module allows to secure the frontend cookie when running the whole store on https</description>
30
+ </Etailer_SecureCookie>
31
+ </modules>
32
+
33
+ <global>
34
+ <models>
35
+ <core>
36
+ <rewrite>
37
+ <cookie>Etailer_SecureCookie_Model_Cookie</cookie>
38
+ </rewrite>
39
+ </core>
40
+ </models>
41
+
42
+ <helpers>
43
+ <etailersecurecookie>
44
+ <class>Etailer_SecureCookie_Helper</class>
45
+ </etailersecurecookie>
46
+ </helpers>
47
+ </global>
48
+
49
+ <adminhtml>
50
+ <translate>
51
+ <modules>
52
+ <Etailer_SecureCookie>
53
+ <files>
54
+ <default>Etailer_SecureCookie.csv</default>
55
+ </files>
56
+ </Etailer_SecureCookie>
57
+ </modules>
58
+ </translate>
59
+ </adminhtml>
60
+ </config>
app/code/community/Etailer/SecureCookie/etc/system.xml ADDED
@@ -0,0 +1,46 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <!--
3
+ /**
4
+ * This file is part of the mage-secure-cookie Magento extension.
5
+ *
6
+ * mage-secure-cookie is free software: you can redistribute it and/or modify
7
+ * it under the terms of the GNU Lesser General Public License as published by
8
+ * the Free Software Foundation, either version 3 of the License, or
9
+ * (at your option) any later version.
10
+ *
11
+ * mage-secure-cookie is distributed in the hope that it will be useful,
12
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
13
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
+ * GNU Lesser General Public License for more details.
15
+ *
16
+ * You should have received a copy of the GNU Lesser General Public License
17
+ * along with mage-secure-cookie. If not, see <http://www.gnu.org/licenses/>.
18
+ *
19
+ * @author Axel Helmert <ah@luka.de>
20
+ * @copyright Copyright (c) 2012 LUKA netconsult GmbH (www.luka.de)
21
+ * @license http://www.gnu.org/licenses/lgpl-3.0.txt
22
+ * @version $Id$
23
+ */
24
+ -->
25
+ <config>
26
+ <sections>
27
+ <web>
28
+ <groups>
29
+ <cookie>
30
+ <fields>
31
+ <cookie_secure translate="label comment" module="etailersecurecookie">
32
+ <label>Secure On Frontend</label>
33
+ <comment><![CDATA[This is only effective when "Use Secure URLs in Frontend" is turned on and the unsecure base url starts with "https://".]]></comment>
34
+ <frontend_type>select</frontend_type>
35
+ <source_model>adminhtml/system_config_source_yesno</source_model>
36
+ <sort_order>45</sort_order>
37
+ <show_in_default>1</show_in_default>
38
+ <show_in_website>1</show_in_website>
39
+ <show_in_store>1</show_in_store>
40
+ </cookie_secure>
41
+ </fields>
42
+ </cookie>
43
+ </groups>
44
+ </web>
45
+ </sections>
46
+ </config>
app/etc/modules/Etailer_SecureCookie.xml ADDED
@@ -0,0 +1,32 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <!--
3
+ /**
4
+ * This file is part of the mage-secure-cookie Magento extension.
5
+ *
6
+ * mage-secure-cookie is free software: you can redistribute it and/or modify
7
+ * it under the terms of the GNU Lesser General Public License as published by
8
+ * the Free Software Foundation, either version 3 of the License, or
9
+ * (at your option) any later version.
10
+ *
11
+ * mage-secure-cookie is distributed in the hope that it will be useful,
12
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
13
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
+ * GNU Lesser General Public License for more details.
15
+ *
16
+ * You should have received a copy of the GNU Lesser General Public License
17
+ * along with mage-secure-cookie. If not, see <http://www.gnu.org/licenses/>.
18
+ *
19
+ * @author Axel Helmert <ah@luka.de>
20
+ * @copyright Copyright (c) 2012 LUKA netconsult GmbH (www.luka.de)
21
+ * @license http://www.gnu.org/licenses/lgpl-3.0.txt
22
+ * @version $Id$
23
+ */
24
+ -->
25
+ <config>
26
+ <modules>
27
+ <Etailer_SecureCookie>
28
+ <codePool>community</codePool>
29
+ <active>true</active>
30
+ </Etailer_SecureCookie>
31
+ </modules>
32
+ </config>
app/locale/de_DE/Etailer_SecureCookie.csv ADDED
@@ -0,0 +1,2 @@
 
 
1
+ "Secure On Frontend","Im Frontend Absichern"
2
+ "This is only effective when ""Use Secure URLs in Frontend"" is turned on and the unsecure base url starts with ""https://"".","Diese Einstellung wird erst wirksam, wenn ""Sichere URLs im Frontend"" aktiviert wurde und die Unsichere Basis-URL mit ""https://"" beginnt."
package.xml ADDED
@@ -0,0 +1,23 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?xml version="1.0"?>
2
+ <package>
3
+ <name>Etailer_SecureCookie</name>
4
+ <version>1.0.0</version>
5
+ <stability>stable</stability>
6
+ <license uri="http://www.luka.de/licenses/pending.txt">LUKA Pending License</license>
7
+ <channel>community</channel>
8
+ <extends/>
9
+ <summary>This Module allows to secure the frontend cookie on https only stores.</summary>
10
+ <description>This module allows to secure the frontend cookie for stores that will run the entire site on https.
11
+ This module is sponsored by www.offtheback.co.nz</description>
12
+ <notes># 1.0.0
13
+
14
+ * Marking the frontend cookie with "Secure" when the store is on HTTPS
15
+ * System config option to turn this feature on/off
16
+ * German locale</notes>
17
+ <authors><author><name>Axel Helmert</name><user>auto-converted</user><email>ah@luka.de</email></author></authors>
18
+ <date>2013-07-09</date>
19
+ <time>07:51:20</time>
20
+ <contents><target name="magelocale"><dir name="de_DE"><file name="Etailer_SecureCookie.csv" hash="2d2a4e4dc22746eeaf05363dc2ef3695"/></dir></target><target name="magecommunity"><dir name="Etailer"><dir name="SecureCookie"><dir name="etc"><file name="config.xml" hash="cfbc6b282a65c256443f08fe1184eb09"/><file name="system.xml" hash="442ca821d4ac352c005027375067bb76"/></dir><dir name="Helper"><file name="Data.php" hash="0e0653116cfef4878f431aa808f08284"/></dir><dir name="Model"><file name="Cookie.php" hash="7c0b03bbfd1a91c148534614c97a824d"/></dir></dir></dir></target><target name="mageetc"><dir name="modules"><file name="Etailer_SecureCookie.xml" hash="b018deca3bb1ac045320aa326fd6754b"/></dir></target></contents>
21
+ <compatible/>
22
+ <dependencies/>
23
+ </package>