adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2025-01-19 02:56:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Adding fix for Ticket #2387

Browse source 
Fixed issue in view with $session->valid() always returning false.


git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@4839 3807eeeb-6ff5-0310-8944-8be069107fe0
This commit is contained in:
phpnut 2007-04-11 20:47:17 +00:00
parent 8df2d428ff
commit 4f78065c14
1 changed files with 16 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
cake/libs/session.php
View file

@ -122,6 +122,13 @@ class CakeSession extends Object {
* @access public
*/
function __construct($base = null, $start = true) {
if (env('HTTP_USER_AGENT') != null) {
$this->_userAgent = md5(env('HTTP_USER_AGENT') . CAKE_SESSION_STRING);
} else {
$this->_userAgent = "";
}
$this->time = time();
if($start === true) {
$this->host = env('HTTP_HOST');
@ -135,13 +142,6 @@ class CakeSession extends Object {
$this->host = substr($this->host, 0, strpos($this->host, ':'));
}
if (env('HTTP_USER_AGENT') != null) {
$this->_userAgent = md5(env('HTTP_USER_AGENT') . CAKE_SESSION_STRING);
} else {
$this->_userAgent = "";
}
$this->time = time();
$this->sessionTime = $this->time + (Security::inactiveMins() * CAKE_SESSION_TIMEOUT);
$this->security = CAKE_SECURITY;
@ -264,6 +264,14 @@ class CakeSession extends Object {
* @access public
*/
function valid() {
if ($this->read('Config')) {
if ($this->_userAgent == $this->read("Config.userAgent") && $this->time <= $this->read("Config.time")) {
$this->valid = true;
} else {
$this->valid = false;
$this->__setError(1, "Session Highjacking Attempted !!!");
}
}
return $this->valid;
}
/**
@ -362,7 +370,7 @@ class CakeSession extends Object {
function __close() {
$probability = mt_rand(1, 150);
if($probability <= 3) {
$this->__gc();
CakeSession::__gc();
}
return true;
}