Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Do not use dol_hash anymore for the name of cookies.

Browse Source
This commit is contained in:
Laurent Destailleur
2022-02-21 12:21:43 +01:00
parent 9e6f782907
commit 00e6d2786d
10 changed files with 16 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
htdocs/core/lib/functions.lib.php
View File

@@ -870,31 +870,32 @@ if (!function_exists('dol_getprefix')) {
* Return a prefix to use for this Dolibarr instance, for session/cookie names or email id.
* The prefix is unique for instance and avoid conflict between multi-instances, even when having two instances with same root dir
* or two instances in same virtual servers.
* This function must not use dol_hash (that is used for password hash) and need to have all context $conf loaded.
*
* @param string $mode '' (prefix for session name) or 'email' (prefix for email id)
* @return string A calculated prefix
*/
function dol_getprefix($mode = '')
{
// If prefix is for email (we need to have $conf alreayd loaded for this case)
// If prefix is for email (we need to have $conf already loaded for this case)
if ($mode == 'email') {
global $conf;
if (!empty($conf->global->MAIL_PREFIX_FOR_EMAIL_ID)) { // If MAIL_PREFIX_FOR_EMAIL_ID is set (a value initialized with a random value is recommended)
if (!empty($conf->global->MAIL_PREFIX_FOR_EMAIL_ID)) { // If MAIL_PREFIX_FOR_EMAIL_ID is set
if ($conf->global->MAIL_PREFIX_FOR_EMAIL_ID != 'SERVER_NAME') {
return $conf->global->MAIL_PREFIX_FOR_EMAIL_ID;
} elseif (isset($_SERVER["SERVER_NAME"])) {
} elseif (isset($_SERVER["SERVER_NAME"])) { // If MAIL_PREFIX_FOR_EMAIL_ID is set to 'SERVER_NAME'
return $_SERVER["SERVER_NAME"];
}
}
// The recommended value (may be not defined for old versions)
// The recommended value if MAIL_PREFIX_FOR_EMAIL_ID is not defined (may be not defined for old versions)
if (!empty($conf->file->instance_unique_id)) {
return $conf->file->instance_unique_id;
return sha1('dolibarr'.$conf->file->instance_unique_id);
}
// For backward compatibility
return dol_hash(DOL_DOCUMENT_ROOT.DOL_URL_ROOT, '3');
// For backward compatibility when instance_unique_id is not set
return sha1(DOL_DOCUMENT_ROOT.DOL_URL_ROOT);
}
// If prefix is for session (no need to have $conf loaded)
@@ -903,15 +904,15 @@ if (!function_exists('dol_getprefix')) {
// The recommended value (may be not defined for old versions)
if (!empty($tmp_instance_unique_id)) {
return $tmp_instance_unique_id;
return sha1('dolibarr'.$tmp_instance_unique_id);
}
// For backward compatibility
// For backward compatibility when instance_unique_id is not set
if (isset($_SERVER["SERVER_NAME"]) && isset($_SERVER["DOCUMENT_ROOT"])) {
return dol_hash($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"].DOL_DOCUMENT_ROOT.DOL_URL_ROOT, '3');
return sha1($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"].DOL_DOCUMENT_ROOT.DOL_URL_ROOT);
} else {
return sha1(DOL_DOCUMENT_ROOT.DOL_URL_ROOT);
}
return dol_hash(DOL_DOCUMENT_ROOT.DOL_URL_ROOT, '3');
}
}