Commit 199cc2d5 authored by Oliver Hader's avatar Oliver Hader
Browse files

Fixed bug #12458: Session fixation possibility in new sesion machanism of the...

Fixed bug #12458: Session fixation possibility in new sesion machanism of the install tool (thanks to Benjamin Mack, Helmut Hummel and Ernesto Baschny)

git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-1@8364 709f56b5-9817-0410-a4d7-c38de5d9e867
parent 1ea9de7f
......@@ -8,6 +8,7 @@
* Fixed bug #13958: XSS in BE Log (thanks to Georg Ringer)
* Fixed bug #14317: XSS in Extension Manager (thanks to Georg Ringer)
* Fixed bug #14215: XSS in beuser (thanks to Georg Ringer)
* Fixed bug #12458: Session fixation possibility in new sesion machanism of the install tool (thanks to Benjamin Mack, Helmut Hummel and Ernesto Baschny)
2010-05-17 Oliver Hader <oliver@typo3.org>
......
......@@ -136,7 +136,8 @@ class tx_install_session {
*/
function startSession() {
$_SESSION['created'] = time();
return session_id();
// Be sure to use our own session id, so create a new one
return $this->renewSession();
}
/**
......@@ -202,6 +203,8 @@ class tx_install_session {
$_SESSION['lastSessionId'] = time();
$_SESSION['tstamp'] = time();
$_SESSION['expires'] = (time() + ($this->expireTimeInMinutes*60));
// Renew the session id to avoid session fixation
$this->renewSession();
}
/**
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment