Commit 89b976ed authored by Mike gabriel's avatar Mike gabriel Committed by Benoit Mortier
Browse files

1002_no-underscores-in-http-request-header-vars

parent 9fa6a35a
......@@ -204,7 +204,7 @@ sub encrypt_passwords {
print "* creating '$fd_secrets'\n";
my $fp_file = file($fd_secrets);
my $fp = $fp_file->openw() or die "! Unable to open '$fd_secrets' in write mode\n";
$fp->print("RequestHeader set FD_KEY $master_key\n");
$fp->print("RequestHeader set FDKEY $master_key\n");
$fp->close or die "! Can't close '$fd_secrets'\n";
chmod 0600, $fd_secrets or die "! Unable to change '$fd_secrets' rights\n";
my $root_uid = getpwnam("root");
......@@ -736,7 +736,7 @@ sub get_ldap_connexion {
open(SECRETS, $fd_secrets) || die ("Could not open $fd_secrets");
my $key = "";
while(<SECRETS>) {
if ($_ =~ m/RequestHeader set FD_KEY ([^ \n]+)\n/) {
if ($_ =~ m/RequestHeader set FDKEY ([^ \n]+)\n/) {
$key = $1;
last;
}
......
......@@ -286,15 +286,15 @@ class config {
*/
function get_credentials($creds)
{
if (isset($_SERVER['HTTP_FD_KEY'])) {
if (!session::global_is_set('HTTP_FD_KEY_CACHE')) {
session::global_set('HTTP_FD_KEY_CACHE', array());
if (isset($_SERVER['HTTP_FDKEY'])) {
if (!session::global_is_set('HTTP_FDKEY_CACHE')) {
session::global_set('HTTP_FDKEY_CACHE', array());
}
$cache = session::global_get('HTTP_FD_KEY_CACHE');
$cache = session::global_get('HTTP_FDKEY_CACHE');
if (!isset($cache[$creds])) {
try {
$cache[$creds] = cred_decrypt($creds, $_SERVER['HTTP_FD_KEY']);
session::global_set('HTTP_FD_KEY_CACHE', $cache);
$cache[$creds] = cred_decrypt($creds, $_SERVER['HTTP_FDKEY']);
session::global_set('HTTP_FDKEY_CACHE', $cache);
} catch (Exception $e) {
$msg = sprintf(
_('It seems you are trying to decode something which is not encoded : %s<br/>\n'.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment