dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add session cookie httponly and set it to true.

This commit is contained in:
markjcrane 2015-12-21 20:52:54 -07:00
parent e2feca300a
commit 5da1286329
10 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/edit/filelist.php
View File

@ -233,6 +233,8 @@ echo "\n";
echo " <TABLE BORDER=0 cellpadding='0' cellspacing='0'><TR><TD><a href='javascript:void(0);' onclick=\"if (typeof(clipwin)!='undefined') { clipwin.close(); } clipwin = window.open('fileoptions.php?folder=".urlencode($_SERVER["DOCUMENT_ROOT"])."','null','left=20,top=20,width=310,height=300,toolbar=0,resizable=0');\" style='text-decoration:none;' title=''><IMG SRC=\"images/folder.gif\" border='0'> ".$text['label-files']." </a><DIV style=''>\n"; //display:none
//echo " <TABLE BORDER=0 cellpadding='0' cellspacing='0'><TR><TD><A onClick=\"Toggle(this)\"><IMG SRC=\"images/plus.gif\"> <IMG SRC=\"images/folder.gif\"> Files </A><DIV style=''>\n"; //display:none
//start the session
ini_set("session.cookie_httponly", True);
session_start();
if ($_SESSION["app"]["edit"]["dir"] == "scripts") {
echo recur_dir($_SESSION['switch']['scripts']['dir']);

1
app/edit/fileoptionslist.php
View File

@ -228,6 +228,7 @@ echo " <TABLE BORDER=0 cellpadding='0' cellspacing='0'><TR><TD><IMG SRC=\"i
//echo "</DIV></TD></TR></TABLE>\n";
//echo "</DIV></TD></TR></TABLE>\n";
ini_set("session.cookie_httponly", True);
session_start();
if ($_SESSION["app"]["edit"]["dir"] == "scripts") {
echo recur_dir($_SESSION['switch']['scripts']['dir']);

2
core/users/signup.php
View File

@ -82,7 +82,7 @@ if (count($_POST) > 0 && check_str($_POST["persistform"]) != "1") {
$msg = '';
//--- begin captcha verification ---------------------
//session_start(); //make sure sessions are started
//ini_set("session.cookie_httponly", True); //session_start(); //make sure sessions are started
if (strtolower($_SESSION["captcha"]) != strtolower($_REQUEST["captcha"]) || strlen($_SESSION["captcha"]) == 0) {
//$msg .= "Captcha Verification Failed<br>\n";
}

1
index.php
View File

@ -26,6 +26,7 @@
include "root.php";
// start the session
ini_set("session.cookie_httponly", True);
session_start();
//if config.php file does not exist then redirect to the install page

1
login.php
View File

@ -26,6 +26,7 @@
include "root.php";
//start session
ini_set("session.cookie_httponly", True);
session_start();
//retain message

2
resources/captcha/config.php
View File

@ -63,7 +63,7 @@ $pathtofonts = "/captcha/fonts/"; //path from the root of the website
//add this to the top of the page where the form is submitted to
//--- begin captcha verification ---------------------
//session_start(); //make sure sessions are started
//ini_set("session.cookie_httponly", True); session_start(); //make sure sessions are started
if (strtolower($_SESSION["captcha"]) != strtolower($_REQUEST["captcha"]) || strlen($_SESSION["captcha"]) == 0) {
echo " <span class=\"h2\">Sorry!</span>\n";

4
resources/captcha/img.php
View File

@ -26,8 +26,10 @@
include "root.php";
require_once "config.php";
error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING ); //hide notices and warnings
session_start();
//start the session
ini_set("session.cookie_httponly", True);
session_start();
// Captcha verification image -----------------------
// Description this page is used to verify the captcha

1
resources/check_auth.php
View File

@ -31,6 +31,7 @@ require_once "resources/require.php";
}
//start the session
ini_set("session.cookie_httponly", True);
session_start();
//if the username session is not set the check username and password

4
resources/functions.php
View File

@ -156,13 +156,13 @@
//$this->write_debug($cmd);
exec ($cmd);
}
}elseif(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN'){
} elseif(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
function recursive_copy($src, $dst, $options = '') {
$src = normalize_path_to_os($src);
$dst = normalize_path_to_os($dst);
exec("xcopy /E /Y \"$src\" \"$dst\"");
}
}else{
} else {
function recursive_copy($src, $dst, $options = '') {
$dir = opendir($src);
if (!$dir) {

1
resources/php.php
View File

@ -29,6 +29,7 @@
//session handling
//start the session
ini_set("session.cookie_httponly", True);
session_start();
//regenerate sessions to avoid session id attacks such as session fixation
if ($_SESSION['security']['session_rotate']['boolean'] == "true") {