Version Notes
# 1.0.0
* Marking the frontend cookie with "Secure" when the store is on HTTPS
* System config option to turn this feature on/off
* German locale
Download this release
Release Info
Developer | Magento Core Team |
Extension | Etailer_SecureCookie |
Version | 1.0.0 |
Comparing to | |
See all releases |
Version 1.0.0
- app/code/community/Etailer/SecureCookie/Helper/Data.php +29 -0
- app/code/community/Etailer/SecureCookie/Model/Cookie.php +67 -0
- app/code/community/Etailer/SecureCookie/etc/config.xml +60 -0
- app/code/community/Etailer/SecureCookie/etc/system.xml +46 -0
- app/etc/modules/Etailer_SecureCookie.xml +32 -0
- app/locale/de_DE/Etailer_SecureCookie.csv +2 -0
- package.xml +23 -0
app/code/community/Etailer/SecureCookie/Helper/Data.php
ADDED
@@ -0,0 +1,29 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
/**
|
3 |
+
* This file is part of the mage-secure-cookie Magento extension.
|
4 |
+
*
|
5 |
+
* mage-secure-cookie is free software: you can redistribute it and/or modify
|
6 |
+
* it under the terms of the GNU Lesser General Public License as published by
|
7 |
+
* the Free Software Foundation, either version 3 of the License, or
|
8 |
+
* (at your option) any later version.
|
9 |
+
*
|
10 |
+
* mage-secure-cookie is distributed in the hope that it will be useful,
|
11 |
+
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
12 |
+
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
13 |
+
* GNU Lesser General Public License for more details.
|
14 |
+
*
|
15 |
+
* You should have received a copy of the GNU Lesser General Public License
|
16 |
+
* along with mage-secure-cookie. If not, see <http://www.gnu.org/licenses/>.
|
17 |
+
*
|
18 |
+
* @author Axel Helmert <ah@luka.de>
|
19 |
+
* @copyright Copyright (c) 2012 LUKA netconsult GmbH (www.luka.de)
|
20 |
+
* @license http://www.gnu.org/licenses/lgpl-3.0.txt
|
21 |
+
* @version $Id$
|
22 |
+
*/
|
23 |
+
|
24 |
+
/**
|
25 |
+
* Default Data helper
|
26 |
+
*/
|
27 |
+
class Etailer_SecureCookie_Helper_Data extends Mage_Core_Helper_Abstract
|
28 |
+
{
|
29 |
+
}
|
app/code/community/Etailer/SecureCookie/Model/Cookie.php
ADDED
@@ -0,0 +1,67 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
/**
|
3 |
+
* This file is part of the mage-secure-cookie Magento extension.
|
4 |
+
*
|
5 |
+
* mage-secure-cookie is free software: you can redistribute it and/or modify
|
6 |
+
* it under the terms of the GNU Lesser General Public License as published by
|
7 |
+
* the Free Software Foundation, either version 3 of the License, or
|
8 |
+
* (at your option) any later version.
|
9 |
+
*
|
10 |
+
* mage-secure-cookie is distributed in the hope that it will be useful,
|
11 |
+
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
12 |
+
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
13 |
+
* GNU Lesser General Public License for more details.
|
14 |
+
*
|
15 |
+
* You should have received a copy of the GNU Lesser General Public License
|
16 |
+
* along with mage-secure-cookie. If not, see <http://www.gnu.org/licenses/>.
|
17 |
+
*
|
18 |
+
* @author Axel Helmert <ah@luka.de>
|
19 |
+
* @copyright Copyright (c) 2012 LUKA netconsult GmbH (www.luka.de)
|
20 |
+
* @license http://www.gnu.org/licenses/lgpl-3.0.txt
|
21 |
+
* @version $Id$
|
22 |
+
*/
|
23 |
+
|
24 |
+
/**
|
25 |
+
* Mage core cookie overwrite to secure the frontend cookie
|
26 |
+
*/
|
27 |
+
class Etailer_SecureCookie_Model_Cookie extends Mage_Core_Model_Cookie
|
28 |
+
{
|
29 |
+
/**
|
30 |
+
* XML path to cookie config "secure"
|
31 |
+
*/
|
32 |
+
const XML_PATH_COOKIE_SECURE = 'web/cookie/cookie_secure';
|
33 |
+
|
34 |
+
/**
|
35 |
+
* Check for a secure frontend
|
36 |
+
*
|
37 |
+
* This only applies if
|
38 |
+
*
|
39 |
+
* 1. The secure cookie Option is turned on in the store config.
|
40 |
+
* 2. "Use secure urls in Frontend" is turned on in the store config
|
41 |
+
* 3. The unsecure base URL is a https:// url
|
42 |
+
*
|
43 |
+
* @return boolean
|
44 |
+
*/
|
45 |
+
protected function _checkSecureFrontend()
|
46 |
+
{
|
47 |
+
$store = $this->getStore();
|
48 |
+
if (!$store->getConfig(self::XML_PATH_COOKIE_SECURE) || !$store->getConfig(Mage_Core_Model_Store::XML_PATH_SECURE_IN_FRONTEND)) {
|
49 |
+
return false;
|
50 |
+
}
|
51 |
+
|
52 |
+
$baseLinkUrl = $store->getConfig(Mage_Core_Model_Store::XML_PATH_UNSECURE_BASE_LINK_URL);
|
53 |
+
return (substr($baseLinkUrl, 0, 8) == 'https://');
|
54 |
+
}
|
55 |
+
|
56 |
+
/**
|
57 |
+
* @see Mage_Core_Model_Cookie::isSecure()
|
58 |
+
*/
|
59 |
+
public function isSecure()
|
60 |
+
{
|
61 |
+
if ($this->getStore()->isAdmin() || $this->_checkSecureFrontend()) {
|
62 |
+
return $this->_getRequest()->isSecure();
|
63 |
+
}
|
64 |
+
|
65 |
+
return false;
|
66 |
+
}
|
67 |
+
}
|
app/code/community/Etailer/SecureCookie/etc/config.xml
ADDED
@@ -0,0 +1,60 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?xml version="1.0" encoding="UTF-8"?>
|
2 |
+
<!--
|
3 |
+
/**
|
4 |
+
* This file is part of the mage-secure-cookie Magento extension.
|
5 |
+
*
|
6 |
+
* mage-secure-cookie is free software: you can redistribute it and/or modify
|
7 |
+
* it under the terms of the GNU Lesser General Public License as published by
|
8 |
+
* the Free Software Foundation, either version 3 of the License, or
|
9 |
+
* (at your option) any later version.
|
10 |
+
*
|
11 |
+
* mage-secure-cookie is distributed in the hope that it will be useful,
|
12 |
+
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
13 |
+
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
14 |
+
* GNU Lesser General Public License for more details.
|
15 |
+
*
|
16 |
+
* You should have received a copy of the GNU Lesser General Public License
|
17 |
+
* along with mage-secure-cookie. If not, see <http://www.gnu.org/licenses/>.
|
18 |
+
*
|
19 |
+
* @author Axel Helmert <ah@luka.de>
|
20 |
+
* @copyright Copyright (c) 2012 LUKA netconsult GmbH (www.luka.de)
|
21 |
+
* @license http://www.gnu.org/licenses/lgpl-3.0.txt
|
22 |
+
* @version $Id$
|
23 |
+
*/
|
24 |
+
-->
|
25 |
+
<config>
|
26 |
+
<modules>
|
27 |
+
<Etailer_SecureCookie>
|
28 |
+
<version>1.0.0</version>
|
29 |
+
<description>This module allows to secure the frontend cookie when running the whole store on https</description>
|
30 |
+
</Etailer_SecureCookie>
|
31 |
+
</modules>
|
32 |
+
|
33 |
+
<global>
|
34 |
+
<models>
|
35 |
+
<core>
|
36 |
+
<rewrite>
|
37 |
+
<cookie>Etailer_SecureCookie_Model_Cookie</cookie>
|
38 |
+
</rewrite>
|
39 |
+
</core>
|
40 |
+
</models>
|
41 |
+
|
42 |
+
<helpers>
|
43 |
+
<etailersecurecookie>
|
44 |
+
<class>Etailer_SecureCookie_Helper</class>
|
45 |
+
</etailersecurecookie>
|
46 |
+
</helpers>
|
47 |
+
</global>
|
48 |
+
|
49 |
+
<adminhtml>
|
50 |
+
<translate>
|
51 |
+
<modules>
|
52 |
+
<Etailer_SecureCookie>
|
53 |
+
<files>
|
54 |
+
<default>Etailer_SecureCookie.csv</default>
|
55 |
+
</files>
|
56 |
+
</Etailer_SecureCookie>
|
57 |
+
</modules>
|
58 |
+
</translate>
|
59 |
+
</adminhtml>
|
60 |
+
</config>
|
app/code/community/Etailer/SecureCookie/etc/system.xml
ADDED
@@ -0,0 +1,46 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?xml version="1.0" encoding="UTF-8"?>
|
2 |
+
<!--
|
3 |
+
/**
|
4 |
+
* This file is part of the mage-secure-cookie Magento extension.
|
5 |
+
*
|
6 |
+
* mage-secure-cookie is free software: you can redistribute it and/or modify
|
7 |
+
* it under the terms of the GNU Lesser General Public License as published by
|
8 |
+
* the Free Software Foundation, either version 3 of the License, or
|
9 |
+
* (at your option) any later version.
|
10 |
+
*
|
11 |
+
* mage-secure-cookie is distributed in the hope that it will be useful,
|
12 |
+
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
13 |
+
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
14 |
+
* GNU Lesser General Public License for more details.
|
15 |
+
*
|
16 |
+
* You should have received a copy of the GNU Lesser General Public License
|
17 |
+
* along with mage-secure-cookie. If not, see <http://www.gnu.org/licenses/>.
|
18 |
+
*
|
19 |
+
* @author Axel Helmert <ah@luka.de>
|
20 |
+
* @copyright Copyright (c) 2012 LUKA netconsult GmbH (www.luka.de)
|
21 |
+
* @license http://www.gnu.org/licenses/lgpl-3.0.txt
|
22 |
+
* @version $Id$
|
23 |
+
*/
|
24 |
+
-->
|
25 |
+
<config>
|
26 |
+
<sections>
|
27 |
+
<web>
|
28 |
+
<groups>
|
29 |
+
<cookie>
|
30 |
+
<fields>
|
31 |
+
<cookie_secure translate="label comment" module="etailersecurecookie">
|
32 |
+
<label>Secure On Frontend</label>
|
33 |
+
<comment><![CDATA[This is only effective when "Use Secure URLs in Frontend" is turned on and the unsecure base url starts with "https://".]]></comment>
|
34 |
+
<frontend_type>select</frontend_type>
|
35 |
+
<source_model>adminhtml/system_config_source_yesno</source_model>
|
36 |
+
<sort_order>45</sort_order>
|
37 |
+
<show_in_default>1</show_in_default>
|
38 |
+
<show_in_website>1</show_in_website>
|
39 |
+
<show_in_store>1</show_in_store>
|
40 |
+
</cookie_secure>
|
41 |
+
</fields>
|
42 |
+
</cookie>
|
43 |
+
</groups>
|
44 |
+
</web>
|
45 |
+
</sections>
|
46 |
+
</config>
|
app/etc/modules/Etailer_SecureCookie.xml
ADDED
@@ -0,0 +1,32 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?xml version="1.0" encoding="UTF-8"?>
|
2 |
+
<!--
|
3 |
+
/**
|
4 |
+
* This file is part of the mage-secure-cookie Magento extension.
|
5 |
+
*
|
6 |
+
* mage-secure-cookie is free software: you can redistribute it and/or modify
|
7 |
+
* it under the terms of the GNU Lesser General Public License as published by
|
8 |
+
* the Free Software Foundation, either version 3 of the License, or
|
9 |
+
* (at your option) any later version.
|
10 |
+
*
|
11 |
+
* mage-secure-cookie is distributed in the hope that it will be useful,
|
12 |
+
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
13 |
+
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
14 |
+
* GNU Lesser General Public License for more details.
|
15 |
+
*
|
16 |
+
* You should have received a copy of the GNU Lesser General Public License
|
17 |
+
* along with mage-secure-cookie. If not, see <http://www.gnu.org/licenses/>.
|
18 |
+
*
|
19 |
+
* @author Axel Helmert <ah@luka.de>
|
20 |
+
* @copyright Copyright (c) 2012 LUKA netconsult GmbH (www.luka.de)
|
21 |
+
* @license http://www.gnu.org/licenses/lgpl-3.0.txt
|
22 |
+
* @version $Id$
|
23 |
+
*/
|
24 |
+
-->
|
25 |
+
<config>
|
26 |
+
<modules>
|
27 |
+
<Etailer_SecureCookie>
|
28 |
+
<codePool>community</codePool>
|
29 |
+
<active>true</active>
|
30 |
+
</Etailer_SecureCookie>
|
31 |
+
</modules>
|
32 |
+
</config>
|
app/locale/de_DE/Etailer_SecureCookie.csv
ADDED
@@ -0,0 +1,2 @@
|
|
|
|
|
1 |
+
"Secure On Frontend","Im Frontend Absichern"
|
2 |
+
"This is only effective when ""Use Secure URLs in Frontend"" is turned on and the unsecure base url starts with ""https://"".","Diese Einstellung wird erst wirksam, wenn ""Sichere URLs im Frontend"" aktiviert wurde und die Unsichere Basis-URL mit ""https://"" beginnt."
|
package.xml
ADDED
@@ -0,0 +1,23 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?xml version="1.0"?>
|
2 |
+
<package>
|
3 |
+
<name>Etailer_SecureCookie</name>
|
4 |
+
<version>1.0.0</version>
|
5 |
+
<stability>stable</stability>
|
6 |
+
<license uri="http://www.luka.de/licenses/pending.txt">LUKA Pending License</license>
|
7 |
+
<channel>community</channel>
|
8 |
+
<extends/>
|
9 |
+
<summary>This Module allows to secure the frontend cookie on https only stores.</summary>
|
10 |
+
<description>This module allows to secure the frontend cookie for stores that will run the entire site on https.
|
11 |
+
This module is sponsored by www.offtheback.co.nz</description>
|
12 |
+
<notes># 1.0.0
|
13 |
+
|
14 |
+
* Marking the frontend cookie with "Secure" when the store is on HTTPS
|
15 |
+
* System config option to turn this feature on/off
|
16 |
+
* German locale</notes>
|
17 |
+
<authors><author><name>Axel Helmert</name><user>auto-converted</user><email>ah@luka.de</email></author></authors>
|
18 |
+
<date>2013-07-09</date>
|
19 |
+
<time>07:51:20</time>
|
20 |
+
<contents><target name="magelocale"><dir name="de_DE"><file name="Etailer_SecureCookie.csv" hash="2d2a4e4dc22746eeaf05363dc2ef3695"/></dir></target><target name="magecommunity"><dir name="Etailer"><dir name="SecureCookie"><dir name="etc"><file name="config.xml" hash="cfbc6b282a65c256443f08fe1184eb09"/><file name="system.xml" hash="442ca821d4ac352c005027375067bb76"/></dir><dir name="Helper"><file name="Data.php" hash="0e0653116cfef4878f431aa808f08284"/></dir><dir name="Model"><file name="Cookie.php" hash="7c0b03bbfd1a91c148534614c97a824d"/></dir></dir></dir></target><target name="mageetc"><dir name="modules"><file name="Etailer_SecureCookie.xml" hash="b018deca3bb1ac045320aa326fd6754b"/></dir></target></contents>
|
21 |
+
<compatible/>
|
22 |
+
<dependencies/>
|
23 |
+
</package>
|