Home Explore Help
Sign In
mirrors
/
mailcow-dockerized
mirror of https://github.com/mailcow/mailcow-dockerized
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Destroy session when invalid, use more compatible js path

andryyy 8 years ago
parent
e795898b80
commit
d06e938d0e
2 changed files with 7 additions and 3 deletions
Unified View Show Diff Stats
  1. 2 2
      data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/config.php
  2. 5 1
      data/web/inc/sessions.inc.php

+ 2 - 2
data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/config.php
View File 

@@ -39,9 +39,9 @@ return array(
 
 	"customErrorMessage" => "",
 
 	"customErrorMessage" => "",
 
 	"jsPath" => "../js/csrfprotector.js",
 
 	"jsPath" => "../js/csrfprotector.js",
 
   // Fetching IS_HTTPS from sessions handler
 
   // Fetching IS_HTTPS from sessions handler
 
-	"jsUrl" => get_trusted_hostname(),
 
+	"jsUrl" => "/inc/lib/vendor/owasp/csrf-protector-php/js/csrfprotector.js",
 
 	"tokenLength" => 10,
 
 	"tokenLength" => 10,
 
 	"secureCookie" => false,
 
 	"secureCookie" => false,
 
 	"disabledJavascriptMessage" => "",
 
 	"disabledJavascriptMessage" => "",
 
 	 "verifyGetFor" => array()
 
 	 "verifyGetFor" => array()
 
-);
 
+);

+ 5 - 1
data/web/inc/sessions.inc.php
View File 

@@ -54,5 +54,9 @@ function session_check() {
 
   return true;

   return true;

 }

 }

 if (isset($_SESSION['mailcow_cc_role']) && session_check() === false) {

 if (isset($_SESSION['mailcow_cc_role']) && session_check() === false) {

-  exit("Invalid session");

+  session_regenerate_id(true);

+  session_unset();

+  session_destroy();

+  session_write_close();

+  header("Location: /");

 }

 }