webcraftmedia/system
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fixed between directory user exploit - now the session depends on its brwoser/server scope and the baseurl in your config

Browse Source
This commit is contained in:
Ulf Gebhardt 2014-01-24 22:56:19 +01:00
parent ff3b3b6b8d
commit 482a5009b5
2 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
security/Security.php
View File

@ -61,7 +61,8 @@ class Security {
getenv('REMOTE_ADDR'), getenv('REMOTE_ADDR'),
0, 0,
NULL, NULL,
$row[\SYSTEM\DBD\system_user::FIELD_LOCALE]); $row[\SYSTEM\DBD\system_user::FIELD_LOCALE],
\SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL));
if(isset($locale)){ if(isset($locale)){
\SYSTEM\locale::set($locale);} \SYSTEM\locale::set($locale);}
// track succesful user login // track succesful user login
@ -121,7 +122,7 @@ class Security {
public static function isLoggedIn(){ public static function isLoggedIn(){
self::startSession(); self::startSession();
return (isset($_SESSION['user']) && $_SESSION['user'] instanceof User);} return (isset($_SESSION['user']) && $_SESSION['user'] instanceof User && $_SESSION['user']->base_url === \SYSTEM\CONFIG\config::get(\SYSTEM\CONFIG\config_ids::SYS_CONFIG_PATH_BASEURL));}
private static function startSession(){ private static function startSession(){
if(!isset($_SESSION) && !headers_sent()){ if(!isset($_SESSION) && !headers_sent()){

4
security/User.php
View File

@ -13,8 +13,9 @@ class User {
public $passwordWrongCount = NULL; public $passwordWrongCount = NULL;
public $rights = NULL; public $rights = NULL;
public $locale = NULL; public $locale = NULL;
public $base_url = NULL;
public function __construct($id, $username, $email, $creationDate, $lastLoginDate, $lastLoginIP, $passwordWrongCount, $rights, $locale){ public function __construct($id, $username, $email, $creationDate, $lastLoginDate, $lastLoginIP, $passwordWrongCount, $rights, $locale, $base_url){
$this->id = $id; $this->id = $id;
$this->username = $username; $this->username = $username;
$this->email = $email; $this->email = $email;
@ -24,5 +25,6 @@ class User {
$this->passwordWrongCount = $passwordWrongCount; $this->passwordWrongCount = $passwordWrongCount;
$this->rights = $rights; $this->rights = $rights;
$this->locale = $locale; $this->locale = $locale;
$this->base_url = $base_url;
} }
} }