oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: Security bug in session env

Browse source
This commit is contained in:
JT Smith 2006-07-11 20:32:46 +00:00
parent 63b22dc502
commit a440cb5f41
10 changed files with 30 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

4
lib/WebGUI/Session/Var.pm
View file

@ -181,7 +181,7 @@ sub new {
$self->start(1,$sessionId);
} elsif ($self->{_var}{sessionId} ne "") {
$self->{_var}{lastPageView} = $session->datetime->time();
$self->{_var}{lastIP} = $session->env->get("REMOTE_ADDR");
$self->{_var}{lastIP} = $session->env->getIp;
$self->{_var}{expires} = $session->datetime->time() + $session->setting->get("sessionTimeout");
$self->session->{_sessionId} = $self->{_var}{sessionId};
$session->db->setRow("userSession","sessionId",$self->{_var});
@ -232,7 +232,7 @@ sub start {
$self->{_var} = {
expires=>$self->session->datetime->time() + $self->session->setting->get("sessionTimeout"),
lastPageView=>$self->session->datetime->time(),
lastIP => $self->session->env->get("REMOTE_ADDR"),
lastIP => $self->session->env->getIp,
adminOn => 0,
userId => $userId
};