Thread: [Weberp-svn] SF.net SVN: weberp:[4198] trunk/includes/session.inc
Brought to you by:
sotandeka,
tim_schofield
Menu
▾
▴
weberp-svn
|
From: <tim...@us...> - 2011-01-09 13:15:12
|
Revision: 4198
http://weberp.svn.sourceforge.net/weberp/?rev=4198&view=rev
Author: tim_schofield
Date: 2011-01-09 13:15:06 +0000 (Sun, 09 Jan 2011)
Log Message:
-----------
Database updates for changes to conversion factor code
Modified Paths:
--------------
trunk/includes/session.inc
Modified: trunk/includes/session.inc
===================================================================
--- trunk/includes/session.inc 2011-01-09 12:53:51 UTC (rev 4197)
+++ trunk/includes/session.inc 2011-01-09 13:15:06 UTC (rev 4198)
@@ -13,7 +13,7 @@
header('Location:' . $rootpath . '/install/index.php');
}
include($PathPrefix . 'config.php');
-$DBVersion=56;
+$DBVersion=57;
if (isset($SessionSavePath)){
session_save_path($SessionSavePath);
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <sot...@us...> - 2011-01-09 16:00:40
|
Revision: 4213
http://weberp.svn.sourceforge.net/weberp/?rev=4213&view=rev
Author: sotandeka
Date: 2011-01-09 16:00:34 +0000 (Sun, 09 Jan 2011)
Log Message:
-----------
Increased Dbversion value to 58
Modified Paths:
--------------
trunk/includes/session.inc
Modified: trunk/includes/session.inc
===================================================================
--- trunk/includes/session.inc 2011-01-09 15:58:16 UTC (rev 4212)
+++ trunk/includes/session.inc 2011-01-09 16:00:34 UTC (rev 4213)
@@ -13,7 +13,7 @@
header('Location:' . $rootpath . '/install/index.php');
}
include($PathPrefix . 'config.php');
-$DBVersion=57;
+$DBVersion=58;
if (isset($SessionSavePath)){
session_save_path($SessionSavePath);
}
@@ -325,4 +325,4 @@
}
}
-?>
\ No newline at end of file
+?>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2011-01-09 20:28:11
|
Revision: 4236
http://weberp.svn.sourceforge.net/weberp/?rev=4236&view=rev
Author: tim_schofield
Date: 2011-01-09 20:28:05 +0000 (Sun, 09 Jan 2011)
Log Message:
-----------
Correct the quotes in the sql literals
Modified Paths:
--------------
trunk/includes/session.inc
Modified: trunk/includes/session.inc
===================================================================
--- trunk/includes/session.inc 2011-01-09 20:27:55 UTC (rev 4235)
+++ trunk/includes/session.inc 2011-01-09 20:28:05 UTC (rev 4236)
@@ -157,7 +157,7 @@
$CurrencyRates = GetECBCurrencyRates(); // gets rates from ECB see includes/MiscFunctions.php
/*Loop around the defined currencies and get the rate from ECB */
if ($CurrencyRates!=false) {
- $CurrenciesResult = DB_query('SELECT currabrev FROM currencies',$db);
+ $CurrenciesResult = DB_query("SELECT currabrev FROM currencies",$db);
while ($CurrencyRow = DB_fetch_row($CurrenciesResult)){
if ($CurrencyRow[0]!=$_SESSION['CompanyRecord']['currencydefault']){
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2011-01-17 12:26:37
|
Revision: 4323
http://weberp.svn.sourceforge.net/weberp/?rev=4323&view=rev
Author: tim_schofield
Date: 2011-01-17 12:26:31 +0000 (Mon, 17 Jan 2011)
Log Message:
-----------
Fix security settings problem with supplier login
Modified Paths:
--------------
trunk/includes/session.inc
Modified: trunk/includes/session.inc
===================================================================
--- trunk/includes/session.inc 2011-01-16 12:28:42 UTC (rev 4322)
+++ trunk/includes/session.inc 2011-01-17 12:26:31 UTC (rev 4323)
@@ -270,10 +270,6 @@
} else {
$SupplierLogin=0;
}
-/* Nasty kludge to allow Supplier only logins as well as Customer logins - .... hmmmmm some work to do here then! */
-if ($SupplierLogin==1) {
- $_SESSION['AllowedPageSecurityTokens'][0]=9;
-}
if (!isset($AllowAnyone)){
@@ -295,6 +291,10 @@
exit;
}
}
+/* Nasty kludge to allow Supplier only logins as well as Customer logins - .... hmmmmm some work to do here then! */
+if ($SupplierLogin==1) {
+ $_SESSION['AllowedPageSecurityTokens'][0]=9;
+}
if (in_array(15, $_SESSION['AllowedPageSecurityTokens'])) { /*System administrator login */
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <sot...@us...> - 2011-01-24 06:52:59
|
Revision: 4395
http://weberp.svn.sourceforge.net/weberp/?rev=4395&view=rev
Author: sotandeka
Date: 2011-01-24 06:52:53 +0000 (Mon, 24 Jan 2011)
Log Message:
-----------
Update to correct version number in sessions page
Modified Paths:
--------------
trunk/includes/session.inc
Modified: trunk/includes/session.inc
===================================================================
--- trunk/includes/session.inc 2011-01-22 10:45:25 UTC (rev 4394)
+++ trunk/includes/session.inc 2011-01-24 06:52:53 UTC (rev 4395)
@@ -13,7 +13,7 @@
header('Location:' . $rootpath . '/install/index.php');
}
include($PathPrefix . 'config.php');
-$DBVersion=61;
+$DBVersion=60;
if (isset($SessionSavePath)){
session_save_path($SessionSavePath);
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2011-01-24 13:12:04
|
Revision: 4405
http://weberp.svn.sourceforge.net/weberp/?rev=4405&view=rev
Author: tim_schofield
Date: 2011-01-24 13:11:58 +0000 (Mon, 24 Jan 2011)
Log Message:
-----------
Update to correct version number in sessions page
Modified Paths:
--------------
trunk/includes/session.inc
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <sot...@us...> - 2011-02-06 13:27:41
|
Revision: 4548
http://weberp.svn.sourceforge.net/weberp/?rev=4548&view=rev
Author: sotandeka
Date: 2011-02-06 13:27:35 +0000 (Sun, 06 Feb 2011)
Log Message:
-----------
Increase in Version Number to 63
Modified Paths:
--------------
trunk/includes/session.inc
Modified: trunk/includes/session.inc
===================================================================
--- trunk/includes/session.inc 2011-02-06 13:16:55 UTC (rev 4547)
+++ trunk/includes/session.inc 2011-02-06 13:27:35 UTC (rev 4548)
@@ -13,7 +13,7 @@
header('Location:' . $rootpath . '/install/index.php');
}
include($PathPrefix . 'config.php');
-$DBVersion=62;
+$DBVersion=63;
if (isset($SessionSavePath)){
session_save_path($SessionSavePath);
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2011-03-30 12:12:49
|
Revision: 4985
http://weberp.svn.sourceforge.net/weberp/?rev=4985&view=rev
Author: tim_schofield
Date: 2011-03-30 12:12:43 +0000 (Wed, 30 Mar 2011)
Log Message:
-----------
Do not call the LanguagSetup.php script until after the users default language setting has been found
Modified Paths:
--------------
trunk/includes/session.inc
Modified: trunk/includes/session.inc
===================================================================
--- trunk/includes/session.inc 2011-03-30 11:55:14 UTC (rev 4984)
+++ trunk/includes/session.inc 2011-03-30 12:12:43 UTC (rev 4985)
@@ -23,7 +23,6 @@
session_start();
-include($PathPrefix . 'includes/LanguageSetup.php');
include($PathPrefix . 'includes/ConnectDB.inc');
include($PathPrefix . 'includes/DateFunctions.inc');
@@ -111,7 +110,9 @@
}
} /* only do security checks if AllowAnyone is not true */
+include($PathPrefix . 'includes/LanguageSetup.php');
+
/*User is logged in so get configuration parameters - save in session*/
include($PathPrefix . 'includes/GetConfig.php');
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2011-07-05 11:51:42
|
Revision: 5561
http://weberp.svn.sourceforge.net/weberp/?rev=5561&view=rev
Author: tim_schofield
Date: 2011-07-05 11:51:36 +0000 (Tue, 05 Jul 2011)
Log Message:
-----------
Ensure that all starting <tr> tags have ending </tr> tags
Modified Paths:
--------------
trunk/includes/session.inc
Modified: trunk/includes/session.inc
===================================================================
--- trunk/includes/session.inc 2011-07-05 11:51:22 UTC (rev 5560)
+++ trunk/includes/session.inc 2011-07-05 11:51:36 UTC (rev 5561)
@@ -280,10 +280,7 @@
<tr><td class="menu_group_item">';
echo '<b><font style="size:+1; text-align:center;">' . _('The security settings on your account do not permit you to access this function') . '</font></b>';
- echo '</td>
- </tr>
- </table>
- </td>';
+ echo '</td></tr></table></td></tr>';
include($PathPrefix . 'includes/footer.inc');
exit;
@@ -319,4 +316,4 @@
}
}
-?>
+?>
\ No newline at end of file
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2011-08-24 19:25:15
|
Revision: 7879
http://weberp.svn.sourceforge.net/weberp/?rev=7879&view=rev
Author: tim_schofield
Date: 2011-08-24 19:25:09 +0000 (Wed, 24 Aug 2011)
Log Message:
-----------
Change && to and, to comply with coding guidelines
Modified Paths:
--------------
trunk/includes/session.inc
Modified: trunk/includes/session.inc
===================================================================
--- trunk/includes/session.inc 2011-08-24 19:24:03 UTC (rev 7878)
+++ trunk/includes/session.inc 2011-08-24 19:25:09 UTC (rev 7879)
@@ -178,7 +178,7 @@
}
-If (isset($_POST['Theme']) && ($_SESSION['UsersRealName'] == $_POST['RealName'])) {
+if (isset($_POST['Theme']) and ($_SESSION['UsersRealName'] == $_POST['RealName'])) {
$_SESSION['Theme'] = $_POST['Theme'];
$theme = $_POST['Theme'];
} elseif (!isset($_SESSION['Theme'])) {
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2011-11-28 16:46:42
|
Revision: 8368
http://weberp.svn.sourceforge.net/weberp/?rev=8368&view=rev
Author: tim_schofield
Date: 2011-11-28 16:46:32 +0000 (Mon, 28 Nov 2011)
Log Message:
-----------
Ensure any previous session has been closed before starting new one
Modified Paths:
--------------
trunk/includes/session.inc
Modified: trunk/includes/session.inc
===================================================================
--- trunk/includes/session.inc 2011-11-28 16:46:18 UTC (rev 8367)
+++ trunk/includes/session.inc 2011-11-28 16:46:32 UTC (rev 8368)
@@ -21,6 +21,7 @@
ini_set('session.gc_Maxlifetime',$SessionLifeTime);
ini_set('max_execution_time',$MaximumExecutionTime);
+session_write_close(); //in case a previous session is not closed
session_start();
include($PathPrefix . 'includes/ConnectDB.inc');
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2012-02-06 12:57:22
|
Revision: 8492
http://weberp.svn.sourceforge.net/weberp/?rev=8492&view=rev
Author: tim_schofield
Date: 2012-02-06 12:57:12 +0000 (Mon, 06 Feb 2012)
Log Message:
-----------
Add extra security
Modified Paths:
--------------
trunk/includes/session.inc
Modified: trunk/includes/session.inc
===================================================================
--- trunk/includes/session.inc 2012-02-06 12:57:00 UTC (rev 8491)
+++ trunk/includes/session.inc 2012-02-06 12:57:12 UTC (rev 8492)
@@ -7,7 +7,7 @@
if (!file_exists($PathPrefix . 'config.php')){
$rootpath = dirname($_SERVER['PHP_SELF']);
- if ($rootpath == '/' OR $rootpath == "\\") {
+ if ($rootpath == '/' or $rootpath == '\\') {
$rootpath = '';
}
header('Location:' . $rootpath . '/install/index.php');
@@ -23,6 +23,10 @@
session_write_close(); //in case a previous session is not closed
session_start();
+if (!isset($_SESSION['initiated'])) {
+ session_regenerate_id();
+ $_SESSION['initiated']=TRUE;
+}
include($PathPrefix . 'includes/ConnectDB.inc');
include($PathPrefix . 'includes/DateFunctions.inc');
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2012-02-19 22:26:46
|
Revision: 8535
http://weberp.svn.sourceforge.net/weberp/?rev=8535&view=rev
Author: tim_schofield
Date: 2012-02-19 22:26:40 +0000 (Sun, 19 Feb 2012)
Log Message:
-----------
Quoting corrections
Modified Paths:
--------------
trunk/includes/session.inc
Modified: trunk/includes/session.inc
===================================================================
--- trunk/includes/session.inc 2012-02-19 22:26:29 UTC (rev 8534)
+++ trunk/includes/session.inc 2012-02-19 22:26:40 UTC (rev 8535)
@@ -44,7 +44,7 @@
if (isset($_SESSION['DatabaseName'])){
foreach ($_POST as $key => $value) {
- if (gettype($value) != "array") {
+ if (gettype($value) != 'array') {
if(get_magic_quotes_gpc()) {
$_POST['name'] = stripslashes($_POST['name']);
}
@@ -63,7 +63,7 @@
to limit possibility for SQL injection attacks and cross scripting attacks
*/
foreach ($_GET as $key => $value) {
- if (gettype($value) != "array") {
+ if (gettype($value) != 'array') {
$_GET[$key] = DB_escape_string($value);
}
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2012-05-08 11:12:22
|
Revision: 8835
http://weberp.svn.sourceforge.net/weberp/?rev=8835&view=rev
Author: tim_schofield
Date: 2012-05-08 11:12:16 +0000 (Tue, 08 May 2012)
Log Message:
-----------
Fix for incorrect relative path
Modified Paths:
--------------
trunk/includes/session.inc
Modified: trunk/includes/session.inc
===================================================================
--- trunk/includes/session.inc 2012-05-08 11:10:44 UTC (rev 8834)
+++ trunk/includes/session.inc 2012-05-08 11:12:16 UTC (rev 8835)
@@ -14,7 +14,7 @@
}
include($PathPrefix . 'config.php');
-$DBVersion=HighestFileName();
+$DBVersion=HighestFileName($PathPrefix);
if (isset($SessionSavePath)){
session_save_path($SessionSavePath);
@@ -310,8 +310,8 @@
}
}
-function HighestFileName() {
- if($handle=opendir('sql/mysql/updates')){
+function HighestFileName($PathPrefix) {
+ if($handle=opendir($PathPrefix . 'sql/mysql/updates')){
$i=0;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2012-07-11 08:16:36
|
Revision: 9399
http://weberp.svn.sourceforge.net/weberp/?rev=9399&view=rev
Author: tim_schofield
Date: 2012-07-11 08:16:25 +0000 (Wed, 11 Jul 2012)
Log Message:
-----------
Initialise the history array
Modified Paths:
--------------
trunk/includes/session.inc
Modified: trunk/includes/session.inc
===================================================================
--- trunk/includes/session.inc 2012-07-11 08:16:15 UTC (rev 9398)
+++ trunk/includes/session.inc 2012-07-11 08:16:25 UTC (rev 9399)
@@ -208,6 +208,7 @@
* variables are local, so we will never
* cause name clashes)
*/
+ $_SESSION['History']=array();
function findLogoFile($CompanyDir, $PathPrefix) {
$dir = $PathPrefix.'companies/' . $CompanyDir . '/';
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2012-07-11 08:17:26
|
Revision: 9404
http://weberp.svn.sourceforge.net/weberp/?rev=9404&view=rev
Author: tim_schofield
Date: 2012-07-11 08:17:16 +0000 (Wed, 11 Jul 2012)
Log Message:
-----------
Ricard. Fix typo error
Modified Paths:
--------------
trunk/includes/session.inc
Modified: trunk/includes/session.inc
===================================================================
--- trunk/includes/session.inc 2012-07-11 08:17:05 UTC (rev 9403)
+++ trunk/includes/session.inc 2012-07-11 08:17:16 UTC (rev 9404)
@@ -337,7 +337,7 @@
if (sizeof($_POST) > 0) {
/*Security check to ensure that the form submitted is originally sourced from webERP with the FormID = $_SESSION['FormID'] - which is set before the first login*/
if (!isset($_POST['FormID']) or ($_POST['FormID'] != $_SESSION['FormID'])) {
- $title = _('Error in form verificationm');
+ $title = _('Error in form verification');
include('includes/header.inc');
prnMsg(_('This form was not submitted with a correct ID') , 'error');
include('includes/footer.inc');
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2012-08-10 17:32:43
|
Revision: 9493
http://weberp.svn.sourceforge.net/weberp/?rev=9493&view=rev
Author: tim_schofield
Date: 2012-08-10 17:32:37 +0000 (Fri, 10 Aug 2012)
Log Message:
-----------
Fix security problem with session checking
Modified Paths:
--------------
trunk/includes/session.inc
Modified: trunk/includes/session.inc
===================================================================
--- trunk/includes/session.inc 2012-08-10 17:32:26 UTC (rev 9492)
+++ trunk/includes/session.inc 2012-08-10 17:32:37 UTC (rev 9493)
@@ -26,7 +26,9 @@
ini_set('max_execution_time',$MaximumExecutionTime);
session_write_close(); //in case a previous session is not closed
-session_start();
+if (session_id()==='') {
+ session_start();
+}
if (!isset($_SESSION['initiated'])) {
session_regenerate_id();
$_SESSION['initiated']=TRUE;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2012-09-07 11:48:35
|
Revision: 9593
http://weberp.svn.sourceforge.net/weberp/?rev=9593&view=rev
Author: tim_schofield
Date: 2012-09-07 11:48:29 +0000 (Fri, 07 Sep 2012)
Log Message:
-----------
Escape the REQUEST array as well as the POST and GET arrays
Modified Paths:
--------------
trunk/includes/session.inc
Modified: trunk/includes/session.inc
===================================================================
--- trunk/includes/session.inc 2012-09-06 09:18:12 UTC (rev 9592)
+++ trunk/includes/session.inc 2012-09-07 11:48:29 UTC (rev 9593)
@@ -53,7 +53,9 @@
if (gettype($value) != 'array') {
if(get_magic_quotes_gpc()) {
$_POST['name'] = stripslashes($_POST['name']);
+ $_REQUEST['name'] = stripslashes($_REQUEST['name']);
}
+ $_REQUEST[$key] = DB_escape_string($value);
$_POST[$key] = DB_escape_string($value);
} else {
foreach ($value as $key1 => $value1) {
@@ -70,6 +72,7 @@
*/
foreach ($_GET as $key => $value) {
if (gettype($value) != 'array') {
+ $_REQUEST[$key] = DB_escape_string($value);
$_GET[$key] = DB_escape_string($value);
}
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <tim...@us...> - 2012-09-07 15:20:23
|
Revision: 9594
http://weberp.svn.sourceforge.net/weberp/?rev=9594&view=rev
Author: tim_schofield
Date: 2012-09-07 15:20:13 +0000 (Fri, 07 Sep 2012)
Log Message:
-----------
Escape the COOKIE array
Modified Paths:
--------------
trunk/includes/session.inc
Modified: trunk/includes/session.inc
===================================================================
--- trunk/includes/session.inc 2012-09-07 11:48:29 UTC (rev 9593)
+++ trunk/includes/session.inc 2012-09-07 15:20:13 UTC (rev 9594)
@@ -52,8 +52,8 @@
foreach ($_POST as $key => $value) {
if (gettype($value) != 'array') {
if(get_magic_quotes_gpc()) {
- $_POST['name'] = stripslashes($_POST['name']);
- $_REQUEST['name'] = stripslashes($_REQUEST['name']);
+ $_POST[$key] = stripslashes($_POST[$value]);
+ $_REQUEST[$key] = stripslashes($_REQUEST[$value]);
}
$_REQUEST[$key] = DB_escape_string($value);
$_POST[$key] = DB_escape_string($value);
@@ -67,6 +67,17 @@
}
}
+ /* iterate through all elements of the $_COOKIE array and DB_escape_string them
+ to limit possibility for SQL injection attacks and cross scripting attacks
+ */
+ foreach ($_COOKIE as $key => $value) {
+ if(get_magic_quotes_gpc()) {
+ $_COOKIE[$key]=stripslashes($value);
+ $_REQUEST[$key]=stripslashes($value);
+ }
+ $_COOKIE[$key] = DB_escape_string($value);
+ }
+
/* iterate through all elements of the $_GET array and DB_escape_string them
to limit possibility for SQL injection attacks and cross scripting attacks
*/
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X