Skip to content
Snippets Groups Projects
Commit 6ad12621 authored by Jan-Hendrik Willms's avatar Jan-Hendrik Willms
Browse files

fixes #3607 

Closes #3607

Merge request studip/studip!2498
parent ae87f6f0
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/phplib/Seminar_Session.class.php
+ 10
6
View file @ 6ad12621
...@@ -230,12 +230,16 @@ class Seminar_Session ...@@ -230,12 +230,16 @@ class Seminar_Session
); );
session_cache_limiter("nocache"); session_cache_limiter("nocache");
//check for illegal cookiename //check for illegal cookiename
if (isset($_COOKIE[$this->name])) { if (
if (mb_strlen($_COOKIE[$this->name]) != 32 || preg_match('/[^0-9a-f]+/', $_COOKIE[$this->name])) { !isset($_COOKIE[$this->name])
session_id(md5(uniqid($this->name, 1))); || mb_strlen($_COOKIE[$this->name]) !== 32
} || preg_match('/[^0-9a-f]+/', $_COOKIE[$this->name])
} else { ) {
session_id(md5(uniqid($this->name, 1))); do {
$new_id = md5(bin2hex(random_bytes(128)));
} while (!$this->that->ac_newid($new_id));
session_id($new_id);
} }
$ok = session_start(); $ok = session_start();
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment