extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-10-07 10:32:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

"adding path (EGW_SERVER_ROOT) to hash for basic auth pseudo sesion id

Browse Source 
(otherwise different installs in different pathes using identical credentials would share the session, which is no good idea)"
This commit is contained in:
Ralf Becker 2009-04-30 07:36:07 +00:00
parent 14de24303e
commit 1597cdc533
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
phpgwapi/inc/class.egw_session.inc.php
View File

@ -730,7 +730,7 @@ class egw_session
in_array(basename($_SERVER['SCRIPT_NAME']),array('webdav.php','groupdav.php'))) in_array(basename($_SERVER['SCRIPT_NAME']),array('webdav.php','groupdav.php')))
{ {
// we generate a pseudo-sessionid from the basic auth credentials // we generate a pseudo-sessionid from the basic auth credentials
$sessionid = md5($_SERVER['PHP_AUTH_USER'].':'.$_SERVER['PHP_AUTH_PW'].':'.$_SERVER['HTTP_HOST']); $sessionid = md5($_SERVER['PHP_AUTH_USER'].':'.$_SERVER['PHP_AUTH_PW'].':'.$_SERVER['HTTP_HOST'].':'.EGW_SERVER_ROOT);
} }
elseif(!$only_basic_auth && isset($_REQUEST[self::EGW_SESSION_NAME])) elseif(!$only_basic_auth && isset($_REQUEST[self::EGW_SESSION_NAME]))
{ {