adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2025-01-19 02:56:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Applying previous patch to _checkValid method. Fixes #5450.

Browse source 
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@7892 3807eeeb-6ff5-0310-8944-8be069107fe0
This commit is contained in:
renan.saddam 2008-11-25 16:35:20 +00:00
parent f9557c7611
commit aa1abdda9a
1 changed files with 9 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
cake/libs/session.php
View file

@ -560,14 +560,14 @@ class CakeSession extends Object {
*/ */
function _checkValid() { function _checkValid() {
if ($this->read('Config')) { if ($this->read('Config')) {
if (Configure::read('Session.checkAgent') === false || $this->_userAgent == $this->read("Config.userAgent") && $this->time <= $this->read("Config.time")) { if ((Configure::read('Session.checkAgent') === false || $this->_userAgent == $this->read('Config.userAgent')) && $this->time <= $this->read('Config.time')) {
$time = $this->read("Config.time"); $time = $this->read('Config.time');
$this->write("Config.time", $this->sessionTime); $this->write('Config.time', $this->sessionTime);
if (Configure::read('Security.level') === 'high') { if (Configure::read('Security.level') === 'high') {
$check = $this->read("Config.timeout"); $check = $this->read('Config.timeout');
$check = $check - 1; $check = $check - 1;
$this->write("Config.timeout", $check); $this->write('Config.timeout', $check);
if (time() > ($time - (Security::inactiveMins() * Configure::read('Session.timeout')) + 2) || $check < 1) { if (time() > ($time - (Security::inactiveMins() * Configure::read('Session.timeout')) + 2) || $check < 1) {
$this->renew(); $this->renew();
@ -578,16 +578,16 @@ class CakeSession extends Object {
} else { } else {
$this->destroy(); $this->destroy();
$this->valid = false; $this->valid = false;
$this->__setError(1, "Session Highjacking Attempted !!!"); $this->__setError(1, 'Session Highjacking Attempted !!!');
} }
} else { } else {
srand ((double)microtime() * 1000000); srand ((double)microtime() * 1000000);
$this->write("Config.userAgent", $this->_userAgent); $this->write('Config.userAgent', $this->_userAgent);
$this->write("Config.time", $this->sessionTime); $this->write('Config.time', $this->sessionTime);
$this->write('Config.rand', mt_rand()); $this->write('Config.rand', mt_rand());
$this->write('Config.timeout', 10); $this->write('Config.timeout', 10);
$this->valid = true; $this->valid = true;
$this->__setError(1, "Session is valid"); $this->__setError(1, 'Session is valid');
} }
} }
/** /**