Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
fusiondirectory
fusiondirectory
Commits
8fda542b
Commit
8fda542b
authored
Aug 11, 2014
by
Côme Bernigaud
Committed by
Benoit Mortier
Aug 11, 2014
Browse files
Fixes
#3263
Fixed vulnerability in user expiration system
parent
67794705
Changes
2
Hide whitespace changes
Inline
Side-by-side
html/index.php
View file @
8fda542b
...
...
@@ -316,7 +316,6 @@ if (($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['login'])) || $htacces
/* Save userinfo and plugin structure */
session
::
global_set
(
'ui'
,
$ui
);
session
::
global_set
(
'session_cnt'
,
0
);
/* Let FusionDirectory trigger a new connection for each POST, save config to session. */
session
::
global_set
(
'config'
,
$config
);
...
...
@@ -339,6 +338,7 @@ if (($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['login'])) || $htacces
/* Not account expired or password forced change go to main page */
new
log
(
"security"
,
"login"
,
""
,
array
(),
"User
\"
$username
\"
logged in successfully"
);
session
::
global_set
(
'connected'
,
1
);
$config
->
checkLdapConfig
();
// check that newly installed plugins have their configuration in the LDAP
header
(
"Location: main.php?global_check=1"
);
exit
;
...
...
html/main.php
View file @
8fda542b
...
...
@@ -48,7 +48,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
@
DEBUG
(
DEBUG_SESSION
,
__LINE__
,
__FUNCTION__
,
__FILE__
,
session
::
get_all
(),
"_SESSION"
);
/* Logged in? Simple security check */
if
(
!
session
::
global_is_set
(
'con
fig
'
))
{
if
(
!
session
::
global_is_set
(
'con
nected
'
))
{
new
log
(
"security"
,
"login"
,
""
,
array
(),
"main.php called without session - logging out"
);
header
(
"Location: logout.php"
);
exit
;
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment