Index: drupalvb.inc.php =================================================================== RCS file: /cvs/drupal-contrib/contributions/modules/drupalvb/drupalvb.inc.php,v retrieving revision 1.31 diff -u -p -r1.31 drupalvb.inc.php --- drupalvb.inc.php 15 Oct 2008 02:31:03 -0000 1.31 +++ drupalvb.inc.php 18 Oct 2008 17:15:27 -0000 @@ -30,10 +30,17 @@ function drupalvb_set_login_cookies($use $cookie_prefix = (isset($vb_config['Misc']['cookieprefix']) ? $vb_config['Misc']['cookieprefix'] : 'bb'); $cookie_path = $vb_options['cookiepath']; - $cookie_domain = (!empty($vb_options['cookiedomain']) ? $vb_options['cookiedomain'] : $GLOBALS['cookie_domain']); + $vb_cookie_domain = (!empty($vb_options['cookiedomain']) ? $vb_options['cookiedomain'] : $GLOBALS['cookie_domain']); $now = time(); $expire = $now + (@ini_get('session.cookie_lifetime') ? ini_get('session.cookie_lifetime') : 60 * 60 * 24 * 365); + // Per RFC 2109, cookie domains must contain at least one dot other than the + // first. For hosts such as 'localhost' or IP Addresses we don't set a cookie domain. + // @see conf_init() + if (!(count(explode('.', $vb_cookie_domain)) > 2 && !is_numeric(str_replace('.', '', $vb_cookie_domain)))) { + $vb_cookie_domain = ''; + } + // Clear out old session (if available). if (!empty($_COOKIE[$cookie_prefix .'sessionhash'])) { drupalvb_db_query("DELETE FROM {session} WHERE sessionhash = '%s'", $_COOKIE[$cookie_prefix .'sessionhash']); @@ -47,11 +54,11 @@ function drupalvb_set_login_cookies($use drupalvb_db_query("REPLACE INTO {session} (sessionhash, userid, host, idhash, lastactivity, location, useragent, loggedin) VALUES ('%s', %d, '%s', '%s', %d, '%s', '%s', %d)", $sessionhash, $vbuser['userid'], substr($_SERVER['REMOTE_ADDR'], 0, 15), $idhash, $now, '/forum/', $_SERVER['HTTP_USER_AGENT'], 2); // Setup cookies. - setcookie($cookie_prefix .'sessionhash', $sessionhash, $expire, $cookie_path, $cookie_domain); - setcookie($cookie_prefix .'lastvisit', $now, $expire, $cookie_path, $cookie_domain); - setcookie($cookie_prefix .'lastactivity', $now, $expire, $cookie_path, $cookie_domain); - setcookie($cookie_prefix .'userid', $vbuser['userid'], $expire, $cookie_path, $cookie_domain); - setcookie($cookie_prefix .'password', md5($vbuser['password'] . variable_get('drupalvb_license', '')), $expire, $cookie_path, $cookie_domain); + setcookie($cookie_prefix .'sessionhash', $sessionhash, $expire, $cookie_path, $vb_cookie_domain); + setcookie($cookie_prefix .'lastvisit', $now, $expire, $cookie_path, $vb_cookie_domain); + setcookie($cookie_prefix .'lastactivity', $now, $expire, $cookie_path, $vb_cookie_domain); + setcookie($cookie_prefix .'userid', $vbuser['userid'], $expire, $cookie_path, $vb_cookie_domain); + setcookie($cookie_prefix .'password', md5($vbuser['password'] . variable_get('drupalvb_license', '')), $expire, $cookie_path, $vb_cookie_domain); return TRUE; }