[Pkg-owncloud-commits] [owncloud] 48/73: destroy invalid sessions
David Prévot
taffit at alioth.debian.org
Fri Nov 8 23:09:09 UTC 2013
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to annotated tag v4.0.10
in repository owncloud.
commit d8e0be18c87df30999d88cc00e49077f04eb5cf9
Author: Arthur Schiwon <blizzz at owncloud.com>
Date: Mon Oct 8 13:53:08 2012 +0200
destroy invalid sessions
---
lib/base.php | 24 ++++++++++++++----------
1 file changed, 14 insertions(+), 10 deletions(-)
diff --git a/lib/base.php b/lib/base.php
index f949e2a..9db3219 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -276,7 +276,7 @@ class OC{
ini_set('session.cookie_httponly','1;');
session_start();
}
-
+
public static function loadapp(){
if(file_exists(OC::$APPSROOT . '/apps/' . OC::$REQUESTEDAPP . '/index.php')){
require_once(OC::$APPSROOT . '/apps/' . OC::$REQUESTEDAPP . '/index.php');
@@ -284,7 +284,7 @@ class OC{
trigger_error('The requested App was not found.', E_USER_ERROR);//load default app instead?
}
}
-
+
public static function loadfile(){
if(file_exists(OC::$APPSROOT . '/apps/' . OC::$REQUESTEDAPP . '/' . OC::$REQUESTEDFILE)){
if(substr(OC::$REQUESTEDFILE, -3) == 'css'){
@@ -303,7 +303,7 @@ class OC{
exit;
}elseif(substr(OC::$REQUESTEDFILE, -3) == 'php'){
require_once(OC::$APPSROOT . '/apps/' . OC::$REQUESTEDAPP . '/' . OC::$REQUESTEDFILE);
- }
+ }
}else{
header('HTTP/1.0 404 Not Found');
exit;
@@ -314,7 +314,7 @@ class OC{
// register autoloader
spl_autoload_register(array('OC','autoload'));
setlocale(LC_ALL, 'en_US.UTF-8');
-
+
// set some stuff
//ob_start();
error_reporting(E_ALL | E_STRICT);
@@ -333,7 +333,7 @@ class OC{
//try to configure php to enable big file uploads.
//this doesn´t work always depending on the webserver and php configuration.
//Let´s try to overwrite some defaults anyways
-
+
//try to set the maximum execution time to 60min
@set_time_limit(3600);
@ini_set('max_execution_time',3600);
@@ -363,7 +363,7 @@ class OC{
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
-
+
self::initPaths();
// register the stream wrappers
@@ -381,7 +381,7 @@ class OC{
if(isset($refererhost['host'])) $refererhost=$refererhost['host']; else $refererhost='';
$server=OC_Helper::serverHost();
$serverhost=explode(':',$server);
- $serverhost=$serverhost['0'];
+ $serverhost=$serverhost['0'];
if(($_SERVER['REQUEST_METHOD']=='POST') and ($refererhost<>$serverhost)) {
$url = OC_Helper::serverProtocol().'://'.$server.OC::$WEBROOT.'/index.php';
header("Location: $url");
@@ -414,6 +414,10 @@ class OC{
OC_User::useBackend( OC_Config::getValue( "userbackend", "database" ));
OC_Group::useBackend(new OC_Group_Database());
+ if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SESSION['user_id']) && $_SERVER['PHP_AUTH_USER'] != $_SESSION['user_id']) {
+ OC_User::logout();
+ }
+
// Set up file system unless forbidden
global $RUNTIME_NOSETUPFS;
if(!$RUNTIME_NOSETUPFS ){
@@ -431,14 +435,14 @@ class OC{
OC_App::loadApps();
}
}
-
+
// Check for blacklisted files
OC_Hook::connect('OC_Filesystem','write','OC_Filesystem','isBlacklisted');
OC_Hook::connect('OC_Filesystem', 'rename', 'OC_Filesystem', 'isBlacklisted');
//make sure temporary files are cleaned up
register_shutdown_function(array('OC_Helper','cleanTmp'));
-
+
//parse the given parameters
self::$REQUESTEDAPP = (isset($_GET['app']) && trim($_GET['app']) != '' && !is_null($_GET['app'])?str_replace(array('\0', '/', '\\', '..'), '', strip_tags($_GET['app'])):OC_Config::getValue('defaultapp', 'files'));
if(substr_count(self::$REQUESTEDAPP, '?') != 0){
@@ -490,7 +494,7 @@ if(!function_exists('get_temp_dir')) {
return dirname($temp);
}
if( $temp=sys_get_temp_dir()) return $temp;
-
+
return null;
}
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git
More information about the Pkg-owncloud-commits
mailing list