Hi,
At line 91 of /frontend/php/account/login.php :
## UNSECURE
##if ($session_hash)
##{
## #nuke their old session
## session_cookie('session_hash','');
## db_query("DELETE FROM session WHERE session_hash='$session_hash'");
##}
possibly can be solved by doing something like this:
=======================
if ($_GET['session_hash'] ||
$_POST['session_hash'] )
{
die("Confused.");
}
$session_hash = $_COOKIE['session_hash'];
$session_hash = addslashes($session_hash);
if (eregi('',$session_hash) ||
eregi('[something for check if session is not a
wildcard]',$session_hash))
{
die ("Confused.");
}
if ($session_hash)
{
#nuke their old session
session_cookie('session_hash','');
db_query("DELETE FROM session WHERE session_hash='$session_hash'");
}
=======================
Tell me for hacks of this , to make it better , any idea for check SQL
wildcards ( * , etc )
in $session_hash value ? ( note that possibly inserting an * into the eregi
will cause a BAD_RPT warning ).
Best regards,
--------------------------------------
Lorenzo Hernandez Garcia-Hierro
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
G d>-- s>:() a---- C++++(++++)>++++ UL>++++ P++(++)>++ L++(++)>+++ E()>-
W+++(+++)>+++ N+(+)>+ o+(+)>+
K-(-)>- w++(++)>+++ !O !M !V PS+(+)>+ PE+(+)>+ Y()> PGP++(++)>++ t++(++)>++
!5
X++++(++++)>++++ R++(++)>++ tv+(+)>+ b++++(++++)>++++ DI+(+)>+
D+(+)>+ G+(+)>+ e()> h++(++)>++ r++(++)>++ y-(-)>-
------END GEEK CODE BLOCK------
PGP: Keyfingerprint:
4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B
ID: 0x91805F5B
http://www.tuxedo-es.org
______________________________________
