diff --git a/auth/auth.go b/auth/auth.go index 540185f2..0a134ea2 100644 --- a/auth/auth.go +++ b/auth/auth.go @@ -21,6 +21,8 @@ func init() { gob.Register(&models.User{}) gob.Register(&models.Flash{}) Store.Options.HttpOnly = true + // This sets the maxAge to 5 days for all cookies + Store.MaxAge(86400 * 5) } // Store contains the session information for the request diff --git a/gophish.go b/gophish.go index 2b55a8d9..783984b6 100644 --- a/gophish.go +++ b/gophish.go @@ -33,6 +33,7 @@ import ( "sync" "github.com/NYTimes/gziphandler" + "github.com/gophish/gophish/auth" "github.com/gophish/gophish/config" "github.com/gophish/gophish/controllers" "github.com/gophish/gophish/models" @@ -53,6 +54,7 @@ func main() { go func() { defer wg.Done() adminHandler := gziphandler.GzipHandler(controllers.CreateAdminRouter()) + auth.Store.Options.Secure = config.Conf.AdminConf.UseTLS if config.Conf.AdminConf.UseTLS { // use TLS for Admin web server if available Logger.Printf("Starting admin server at https://%s\n", config.Conf.AdminConf.ListenURL) Logger.Fatal(http.ListenAndServeTLS(config.Conf.AdminConf.ListenURL, config.Conf.AdminConf.CertPath, config.Conf.AdminConf.KeyPath, diff --git a/static/js/app/campaigns.js b/static/js/app/campaigns.js index 559da966..47f5f867 100644 --- a/static/js/app/campaigns.js +++ b/static/js/app/campaigns.js @@ -29,7 +29,7 @@ function launch() { groups = [] $.each($("#groupTable").DataTable().rows().data(), function(i, group) { groups.push({ - name: group[0] + name: unescapeHtml(group[0]) }) }) campaign = { @@ -311,13 +311,13 @@ $(document).ready(function() { $.each(campaigns, function(i, campaign) { label = labels[campaign.status] || "label-default"; campaignTable.row.add([ - campaign.name, + escapeHtml(campaign.name), moment(campaign.created_date).format('MMMM Do YYYY, h:mm:ss a'), "" + campaign.status + "", "
\ \ \ - \