Changeset 1853 in ExiteCMS for trunk/includes/session_functions.php


Ignore:
Timestamp:
10/16/08 11:37:18 (4 years ago)
Author:
hverton
Message:

fixed session issue in the albums module
blog previous now breaks after a complete paragraph
fixed PHP notice in feeds.php when using PHP5
fixed MySQL error in viewforum.php/viewposts.php when using MySQL v5.x
fixed PHP warning in calls.httpdownload.php when using PHP5
added locale direction (ltr/rtl) to hoteditor
fixed issue with ocassional empty [URL] tags in hoteditor
fixed wrong returncode from sendemail() in sendmail_include.php
fixed issues in session management when behind loadbalanced proxies or ISP links (changing public IP address)
fixed typo in the album gallery edit template
fixed mismatched quotes in pm post causing hoteditor message retrieval to fail
fixed versioning issue in the menu, user info and welcome panel module installers
fixed PHP notice in setuser.php

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/includes/session_functions.php

    r1802 r1853  
    3636// to stay in the same session when uploading file(s) 
    3737// (session hijacking is mitigated by the session_ua function) 
    38 if (isset($_POST['SWFSESSIONID']) && !empty($_POST['SWFSESSIONID'])) { 
    39     $_COOKIE['site_visited'] = $_POST['SWFSESSIONID']; 
    40 } 
    4138if (isset($_POST[$settings['session_name']]) && !empty($_POST[$settings['session_name']])) { 
    4239    session_id($_POST[$settings['session_name']]); 
     
    207204 
    208205    $session_ua = ""; 
    209 //  $session_ua .= isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ""; 
    210     $session_ua .= isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : ""; 
    211     $session_ua .= isset($_SERVER['HTTP_VIA']) ? $_SERVER['HTTP_VIA'] : ""; 
    212     $session_ua .= isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : ""; 
     206 
     207    // when called from SWFUpload, set the session cookies from the post variable 
     208    // to stay in the same session when uploading file(s) 
     209    // (session hijacking is mitigated by the session_ua function) 
     210    if (isset($_POST['SWFSESSIONID']) && !empty($_POST['SWFSESSIONID']) && strlen($_POST['SWFSESSIONID'])==32) { 
     211        return $_POST['SWFSESSIONID']; 
     212    } 
     213    $session_ua .= isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ""; 
     214//  $session_ua .= isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : ""; 
    213215    $session_ua .= isset($_COOKIE['site_visited']) ? $_COOKIE['site_visited'] : ""; 
    214216 
Note: See TracChangeset for help on using the changeset viewer.