Commit f066dc29 authored by sept_7's avatar sept_7

[FIX] fix unwanted access to multiple instances of tikiwiki on the same

			server. This is done by specifiying a tikiroot as the cookie_path at the
      creation of the session cookie. Seems to work, comments ?
parent 0d8d107c
......@@ -11,6 +11,11 @@ session.
The parameters in the session will be stored under
$_SESSION['tiki_cookie_jar'][ $parameter_name ]
*/
$tikiroot = dirname($_SERVER['PHP_SELF']);
$session_params = session_get_cookie_params();
session_set_cookie_params($session_params['lifetime'],$tikiroot);
unset($session_params);
session_start();
if( isset( $_GET ) )
......
......@@ -6,7 +6,13 @@ $force_no_compression = true;
$skip = false;
if ( isset($_GET['fileId']) && isset($_GET['thumbnail']) && isset($_COOKIE['PHPSESSID']) && count($_GET) == 2 ) {
$tikiroot = dirname($_SERVER['PHP_SELF']);
$session_params = session_get_cookie_params();
session_set_cookie_params($session_params['lifetime'],$tikiroot);
unset($session_params);
session_start();
if ( isset($_SESSION['allowed'][$_GET['fileId']]) ) {
include('db/tiki-db.php');
include('lib/tikidblib.php');
......
......@@ -41,6 +41,10 @@ if( file_exists( 'db/lock' ) ) {
createPage($title,$content);
}
$tikiroot = dirname($_SERVER['PHP_SELF']);
$session_params = session_get_cookie_params();
session_set_cookie_params($session_params['lifetime'],$tikiroot);
unset($session_params);
session_start();
if ( file_exists( 'db/local.php' ) ) {
......
......@@ -91,6 +91,9 @@ if ( isset($_GET['PHPSESSID']) && $_SERVER['REMOTE_ADDR'] == '127.0.0.1' ) {
}
if ( $prefs['sessions_silent'] == 'disabled' or !empty($_COOKIE) ) {
// enabing silent sessions mean a session is only started when a cookie is presented
$session_params = session_get_cookie_params();
session_set_cookie_params($session_params['lifetime'],$tikiroot);
unset($session_params);
session_start();
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment