From f70bd2eafc2fdac9fa528a3e649db0178c601b41 Mon Sep 17 00:00:00 2001
From: xXx-caillou-xXx
Date: Mon, 18 Dec 2017 16:27:00 +0100
Subject: Fix cookie encryption

Previously, when a cookie was set with the `httpOnly` flag, it was automatically encrypted, due to a logic flaw. This is now fixed and tested.---
 src/sp_cookie_encryption.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/sp_cookie_encryption.c')

diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c
index 08be9a6..5189c20 100644
--- a/src/sp_cookie_encryption.c
+++ b/src/sp_cookie_encryption.c
@@ -180,7 +180,7 @@ PHP_FUNCTION(sp_setcookie) {
   }
 
   /* Shall we encrypt the cookie's value? */
-  if (httponly && value) {
+  if (cookie_node && cookie_node->encrypt && value) {
     zend_string *encrypted_data = encrypt_data(value->val, value->len);
     ZVAL_STR_COPY(&params[1], encrypted_data);
     zend_string_release(encrypted_data);
-- 
cgit v1.3