gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-05-13 21:21:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

allways use http only cookie, pass referuri to controller

Browse Source
This commit is contained in:
Uwe Steinmann 2020-08-26 11:38:25 +02:00
parent 22fa26bdb7
commit b1560bb87b
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
controllers/class.Login.php
View File

@ -36,6 +36,7 @@ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common {
$settings = $this->params['settings']; $settings = $this->params['settings'];
$session = $this->params['session']; $session = $this->params['session'];
$sesstheme = $this->params['sesstheme']; $sesstheme = $this->params['sesstheme'];
$referuri = $this->params['referuri'];
$lang = $this->params['lang']; $lang = $this->params['lang'];
$login = $this->params['login']; $login = $this->params['login'];
$pwd = $this->params['pwd']; $pwd = $this->params['pwd'];
@ -199,8 +200,8 @@ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common {
$dms_session = $_COOKIE["mydms_session"]; $dms_session = $_COOKIE["mydms_session"];
if(!$resArr = $session->load($dms_session)) { if(!$resArr = $session->load($dms_session)) {
/* Turn off http only cookies if jumploader is enabled */ /* Turn off http only cookies if jumploader is enabled */
setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot, null, null, !$settings->_enableLargeFileUpload); //delete cookie setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot, null, false, true); //delete cookie
header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$refer); header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$referuri);
exit; exit;
} else { } else {
$session->updateAccess($dms_session); $session->updateAccess($dms_session);
@ -218,7 +219,7 @@ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common {
$lifetime = time() + intval($settings->_cookieLifetime); $lifetime = time() + intval($settings->_cookieLifetime);
else else
$lifetime = 0; $lifetime = 0;
setcookie("mydms_session", $id, $lifetime, $settings->_httpRoot, null, null, !$settings->_enableLargeFileUpload); setcookie("mydms_session", $id, $lifetime, $settings->_httpRoot, null, false, true);
} }
if($this->callHook('postLogin', $user)) { if($this->callHook('postLogin', $user)) {