From 9d7d30891eec00a060e5b92d8f113e4aa9923808 Mon Sep 17 00:00:00 2001
From: Jakub Vrana <jakub@vrana.cz>
Date: Tue, 7 Mar 2017 18:12:23 +0100
Subject: [PATCH] Use SameSite cookies (except session cookie)

---
 adminer/include/functions.inc.php | 16 +++++-----------
 1 file changed, 5 insertions(+), 11 deletions(-)

diff --git a/adminer/include/functions.inc.php b/adminer/include/functions.inc.php
index eb3d22c5..928f01a1 100644
--- a/adminer/include/functions.inc.php
+++ b/adminer/include/functions.inc.php
@@ -477,18 +477,12 @@ function convert_fields($columns, $fields, $select = array()) {
 */
 function cookie($name, $value, $lifetime = 2592000) { // 2592000 - 30 days
 	global $HTTPS;
-	$params = array(
-		$name,
-		(preg_match("~\n~", $value) ? "" : $value), // HTTP Response Splitting protection in PHP < 5.1.2
-		($lifetime ? time() + $lifetime : 0),
-		preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]),
-		"",
-		$HTTPS
+	return header("Set-Cookie: $name=" . urlencode($value)
+		. ($lifetime ? "; expires=" . gmdate("D, d M Y H:i:s", time() + $lifetime) . " GMT" : "")
+		. "; path=" . preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"])
+		. ($HTTPS ? "; secure" : "")
+		. "; HttpOnly; SameSite=lax"
 	);
-	if (version_compare(PHP_VERSION, '5.2.0') >= 0) {
-		$params[] = true; // HttpOnly
-	}
-	return call_user_func_array('setcookie', $params);
 }
 
 /** Restart stopped session