Changeset 2756


Ignore:
Timestamp:
Oct 16, 2008, 2:35:30 AM (16 years ago)
Author:
rvelices
Message:
  • security paranoia: protect session/remember me cookies from XSS attacks (works only if php>=5.2 and with IE/FF maybe others)
Location:
branches/2.0/include
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • branches/2.0/include/functions_session.inc.php

    r2521 r2756  
    6767    ini_set('session.use_only_cookies', $conf['session_use_only_cookies']);
    6868    ini_set('session.use_trans_sid', intval($conf['session_use_trans_sid']));
     69    ini_set('session.cookie_httponly', 1);
    6970  }
    7071  session_name($conf['session_name']);

  • branches/2.0/include/functions_user.inc.php

    r2753 r2756  
    10141014    {
    10151015      $cookie = $user_id.'-'.$now.'-'.$key;
    1016       setcookie($conf['remember_me_name'],
     1016      if (version_compare(PHP_VERSION, '5.2', '>=') )
     1017      {
     1018        setcookie($conf['remember_me_name'],
    10171019            $cookie,
    10181020            time()+$conf['remember_me_length'],
    1019             cookie_path()
     1021            cookie_path(),ini_get('session.cookie_domain'),ini_get('session.cookie_secure'),
     1022            ini_get('session.cookie_httponly')
    10201023          );
     1024      }
     1025      else
     1026      {
     1027        setcookie($conf['remember_me_name'],
     1028            $cookie,
     1029            time()+$conf['remember_me_length'],
     1030            cookie_path(),ini_get('session.cookie_domain'),ini_get('session.cookie_secure')
     1031          );
     1032      }
    10211033    }
    10221034  }
    10231035  else
    10241036  { // make sure we clean any remember me ...
    1025     setcookie($conf['remember_me_name'], '', 0, cookie_path());
     1037    setcookie($conf['remember_me_name'], '', 0, cookie_path(),ini_get('session.cookie_domain'));
    10261038  }
    10271039  if ( session_id()!="" )
     
    10631075      }
    10641076    }
    1065     setcookie($conf['remember_me_name'], '', 0, cookie_path());
     1077    setcookie($conf['remember_me_name'], '', 0, cookie_path(),ini_get('session.cookie_domain'));
    10661078  }
    10671079  return false;
     
    10911103  trigger_action('login_failure', $username);
    10921104  return false;
     1105}
     1106
     1107/** Performs all the cleanup on user logout */
     1108function logout_user()
     1109{
     1110  global $conf;
     1111  $_SESSION = array();
     1112  session_unset();
     1113  session_destroy();
     1114  setcookie(session_name(),'',0,
     1115      ini_get('session.cookie_path'),
     1116      ini_get('session.cookie_domain')
     1117    );
     1118  setcookie($conf['remember_me_name'], '', 0, cookie_path(),ini_get('session.cookie_domain'));
    10931119}
    10941120

  • branches/2.0/include/user.inc.php

    r2425 r2756  
    3030  if (isset($_GET['act']) and $_GET['act'] == 'logout')
    3131  { // logout
    32     $_SESSION = array();
    33     session_unset();
    34     session_destroy();
    35     setcookie(session_name(),'',0,
    36         ini_get('session.cookie_path'),
    37         ini_get('session.cookie_domain')
    38       );
    39     setcookie($conf['remember_me_name'], '', 0, cookie_path());
     32    logout_user();
    4033    redirect(make_index_url());
    4134  }

  • branches/2.0/include/ws_functions.inc.php

    r2722 r2756  
    11081108function ws_session_logout($params, &$service)
    11091109{
    1110   global $user, $conf;
    11111110  if (!is_a_guest())
    11121111  {
    1113     $_SESSION = array();
    1114     session_unset();
    1115     session_destroy();
    1116     setcookie(session_name(),'',0,
    1117         ini_get('session.cookie_path'),
    1118         ini_get('session.cookie_domain')
    1119       );
    1120     setcookie($conf['remember_me_name'], '', 0, cookie_path());
     1112    logout_user();
    11211113  }
    11221114  return true;
     
    13561348
    13571349  invalidate_user_cache();
    1358  
     1350
    13591351  return $creation_output;
    13601352}
     
    13941386    PREG_SPLIT_NO_EMPTY
    13951387    );
    1396  
     1388
    13971389  $query = '
    13981390SELECT
     
    14001392    md5sum
    14011393  FROM '.IMAGES_TABLE.'
    1402   WHERE md5sum IN (\''.implode("','", $md5sums).'\') 
     1394  WHERE md5sum IN (\''.implode("','", $md5sums).'\')
    14031395;';
    14041396  $id_of_md5 = simple_hash_from_query($query, 'md5sum', 'id');
    14051397
    14061398  $result = array();
    1407  
     1399
    14081400  foreach ($md5sums as $md5sum)
    14091401  {
     
    14321424  // thumbnail_content
    14331425  // thumbnail_sum
    1434  
     1426
    14351427  $params['image_id'] = (int)$params['image_id'];
    14361428  if ($params['image_id'] <= 0)
     
    14861478      );
    14871479  }
    1488  
     1480
    14891481  if (isset($params['categories']))
    14901482  {
Note: See TracChangeset for help on using the changeset viewer.