Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-06 01:28:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fi:x Restore a security system broken by adding alt feature.

Browse Source
This commit is contained in:
Laurent Destailleur
2010-12-27 19:13:06 +00:00
parent dfe9bbe286
commit 14e70e6e53
6 changed files with 31 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
htdocs/lib/functions.lib.php
View File

@@ -63,6 +63,20 @@ function GETPOST($paramname,$check='',$method=0)
return $out;
}
/**
* Return a prefix to use for this Dolibarr instance for session or cookie names
* @return string A calculated prefix
*/
function dol_getprefix()
{
// Add real path in session name
$realpath='';
if (preg_match('/^([^.]+)\/htdocs\//i', realpath($_SERVER["SCRIPT_FILENAME"]), $regs)) $realpath = isset($regs[1])?$regs[1]:'';
if (defined('DOL_DOCUMENT_ROOT_ALT') && DOL_DOCUMENT_ROOT_ALT) $realpath=''; // warning, using alt feature is a security hole because path is not in session name, so being authenticated into an instance allow access on another
return $realpath;
}
/**
* Make an include_once using default root and alternate root if it fails.
* @param relpath Relative path to file (Ie: mydir/myfile, ../myfile, ...)