diff --git a/artisan b/artisan index 66a0cc09f..8f7bfe4e2 100644 --- a/artisan +++ b/artisan @@ -3,7 +3,7 @@ * Laravel - A PHP Framework For Web Artisans * * @package Laravel - * @version 3.1.4 + * @version 3.1.5 * @author Taylor Otwell * @link http://laravel.com */ diff --git a/changes.md b/changes.md index 89d246ef1..80d9b7757 100644 --- a/changes.md +++ b/changes.md @@ -2,6 +2,8 @@ ## Contents +- [Laravel 3.1.5](#3.1.5) +- [Upgrading From 3.1.4](#upgrade-3.1.5) - [Laravel 3.1.4](#3.1.4) - [Upgrading From 3.1.3](#upgrade-3.1.4) - [Laravel 3.1.3](#3.1.3) @@ -13,6 +15,16 @@ - [Laravel 3.1](#3.1) - [Upgrading From 3.0](#upgrade-3.1) + +## Laravel 3.1.5 + +- Fixes bug that could allow secure cookies to be sent over HTTP. + + +## Upgrading From 3.1.4 + +- Replace the **laravel** folder. + ## Laravel 3.1.4 diff --git a/laravel/cookie.php b/laravel/cookie.php index fc48212e8..0f92818f5 100644 --- a/laravel/cookie.php +++ b/laravel/cookie.php @@ -63,6 +63,14 @@ class Cookie { } else { + // We don't want to send secure cookies over HTTP unless the developer has + // turned off the "SSL" application configuration option, which is used + // while developing the application but should be true in production. + if ($secure and ! Request::secure() and Config::get('application.ssl')) + { + return; + } + setcookie($name, $value, $time, $path, $domain, $secure); } } diff --git a/paths.php b/paths.php index 152a4f795..f0136e1a8 100644 --- a/paths.php +++ b/paths.php @@ -3,7 +3,7 @@ * Laravel - A PHP Framework For Web Artisans * * @package Laravel - * @version 3.1.4 + * @version 3.1.5 * @author Taylor Otwell * @link http://laravel.com */ diff --git a/public/index.php b/public/index.php index 561d13a3d..56896d97e 100644 --- a/public/index.php +++ b/public/index.php @@ -3,7 +3,7 @@ * Laravel - A PHP Framework For Web Artisans * * @package Laravel - * @version 3.1.4 + * @version 3.1.5 * @author Taylor Otwell * @link http://laravel.com */