From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001 From: Marius Cramer <m.cramer@pixcept.de> Date: Thu, 06 Aug 2015 03:18:44 -0400 Subject: [PATCH] - don't set password via remoting if field is empty --- interface/lib/app.inc.php | 24 +++++++++++++----------- 1 files changed, 13 insertions(+), 11 deletions(-) diff --git a/interface/lib/app.inc.php b/interface/lib/app.inc.php index 615e390..e23b6ca 100755 --- a/interface/lib/app.inc.php +++ b/interface/lib/app.inc.php @@ -70,6 +70,8 @@ $this->uses('session'); $sess_timeout = $this->conf('interface', 'session_timeout'); + $cookie_domain = (isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']); + $cookie_secure = ($_SERVER["HTTPS"] == 'on')?true:false; if($sess_timeout) { /* check if user wants to stay logged in */ if(isset($_POST['s_mod']) && isset($_POST['s_pg']) && $_POST['s_mod'] == 'login' && $_POST['s_pg'] == 'index' && isset($_POST['stay']) && $_POST['stay'] == '1') { @@ -79,19 +81,19 @@ $tmp = $this->ini_parser->parse_ini_string(stripslashes($tmp['config'])); if(!isset($tmp['misc']['session_allow_endless']) || $tmp['misc']['session_allow_endless'] != 'y') { $this->session->set_timeout($sess_timeout); - session_set_cookie_params(3600 * 24 * 365); // cookie timeout is never updated, so it must not be short + session_set_cookie_params(3600 * 24 * 365,'/',$cookie_domain,$cookie_secure,true); // cookie timeout is never updated, so it must not be short } else { // we are doing login here, so we need to set the session data $this->session->set_permanent(true); - $this->session->set_timeout(365 * 24 * 3600); // one year - session_set_cookie_params(3600 * 24 * 365); // cookie timeout is never updated, so it must not be short + $this->session->set_timeout(365 * 24 * 3600,'/',$cookie_domain,$cookie_secure,true); // one year + session_set_cookie_params(3600 * 24 * 365,'/',$cookie_domain,$cookie_secure,true); // cookie timeout is never updated, so it must not be short } } else { $this->session->set_timeout($sess_timeout); - session_set_cookie_params(3600 * 24 * 365); // cookie timeout is never updated, so it must not be short + session_set_cookie_params(3600 * 24 * 365,'/',$cookie_domain,$cookie_secure,true); // cookie timeout is never updated, so it must not be short } } else { - session_set_cookie_params(0); // until browser is closed + session_set_cookie_params(0,'/',$cookie_domain,$cookie_secure,true); // until browser is closed } session_set_save_handler( array($this->session, 'open'), @@ -153,15 +155,15 @@ public function conf($plugin, $key, $value = null) { if(is_null($value)) { - $tmpconf = $this->db->queryOneRecord("SELECT `value` FROM `sys_config` WHERE `group` = '" . $this->db->quote($plugin) . "' AND `name` = '" . $this->db->quote($key) . "'"); + $tmpconf = $this->db->queryOneRecord("SELECT `value` FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key); if($tmpconf) return $tmpconf['value']; else return null; } else { if($value === false) { - $this->db->query("DELETE FROM `sys_config` WHERE `group` = '" . $this->db->quote($plugin) . "' AND `name` = '" . $this->db->quote($key) . "'"); + $this->db->query("DELETE FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key); return null; } else { - $this->db->query("REPLACE INTO `sys_config` (`group`, `name`, `value`) VALUES ('" . $this->db->quote($plugin) . "', '" . $this->db->quote($key) . "', '" . $this->db->quote($value) . "')"); + $this->db->query("REPLACE INTO `sys_config` (`group`, `name`, `value`) VALUES (?, ?, ?)", $plugin, $key, $value); return $value; } } @@ -177,8 +179,8 @@ $server_id = 0; $priority = $this->functions->intval($priority); $tstamp = time(); - $msg = $this->db->quote('[INTERFACE]: '.$msg); - $this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES ($server_id,0,$priority,$tstamp,'$msg')"); + $msg = '[INTERFACE]: '.$msg; + $this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES (?, 0, ?, ?, ?)", $server_id, $priority,$tstamp,$msg); /* if (is_writable($this->_conf['log_file'])) { if (!$fp = fopen ($this->_conf['log_file'], 'a')) { @@ -238,7 +240,7 @@ } $this->_language_inc = 1; } - if(!empty($this->_wb[$text])) { + if(isset($this->_wb[$text]) && $this->wb[$text] !== '') { $text = $this->_wb[$text]; } else { if($this->_conf['debug_language']) { -- Gitblit v1.9.1