lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fi:x Restore a security system broken by adding alt feature.

Browse Source
This commit is contained in:
Laurent Destailleur 2010-12-27 19:13:06 +00:00
parent dfe9bbe286
commit 14e70e6e53
6 changed files with 31 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
htdocs/compta/bank/pre.inc.php
View File

@ -67,15 +67,15 @@ function llxHeader($head = '', $title='', $help_url='', $target='', $disablejs=0
$numr = $db->num_rows($resql);
$i = 0;
if ($numr > 0) $menu->add(DOL_URL_ROOT."/compta/bank/index.php",$langs->trans("BankAccounts"),0,$user->rights->banque->lire);
if ($numr > 0) $menu->add(dol_buildpath('/compta/bank/index.php',1),$langs->trans("BankAccounts"),0,$user->rights->banque->lire);
while ($i < $numr)
{
$objp = $db->fetch_object($resql);
$menu->add_submenu(DOL_URL_ROOT."/compta/bank/fiche.php?id=".$objp->rowid,$objp->label,1,$user->rights->banque->lire);
$menu->add_submenu(dol_buildpath('/compta/bank/fiche.php?id='.$objp->rowid,1),$objp->label,1,$user->rights->banque->lire);
if ($objp->rappro && $objp->courant != 2) // If not cash account and can be reconciliate
{
$menu->add_submenu(DOL_URL_ROOT.'/compta/bank/rappro.php?account='.$objp->rowid,$langs->trans("Conciliate"),2,$user->rights->banque->consolidate);
$menu->add_submenu(dol_buildpath('/compta/bank/rappro.php?account='.$objp->rowid,1),$langs->trans("Conciliate"),2,$user->rights->banque->consolidate);
}
/*
$menu->add_submenu(DOL_URL_ROOT."/compta/bank/annuel.php?account=".$objp->rowid ,$langs->trans("IOMonthlyReporting"));

14
htdocs/lib/functions.lib.php
View File

@ -63,6 +63,20 @@ function GETPOST($paramname,$check='',$method=0)
return $out;
}
/**
* Return a prefix to use for this Dolibarr instance for session or cookie names
* @return string A calculated prefix
*/
function dol_getprefix()
{
// Add real path in session name
$realpath='';
if (preg_match('/^([^.]+)\/htdocs\//i', realpath($_SERVER["SCRIPT_FILENAME"]), $regs)) $realpath = isset($regs[1])?$regs[1]:'';
if (defined('DOL_DOCUMENT_ROOT_ALT') && DOL_DOCUMENT_ROOT_ALT) $realpath=''; // warning, using alt feature is a security hole because path is not in session name, so being authenticated into an instance allow access on another
return $realpath;
}
/**
* Make an include_once using default root and alternate root if it fails.
* @param relpath Relative path to file (Ie: mydir/myfile, ../myfile, ...)

8
htdocs/lib/security.lib.php
View File

@ -79,13 +79,9 @@ function dol_loginfunction($langs,$conf,$mysoc)
$conf->css = "/theme/".$conf->theme."/style.css.php?lang=".$langs->defaultlang;
$conf_css = DOL_URL_ROOT.$conf->css;
// Add real path in session name (we must do that to avoid conflict between two dolibarr instances)
$realpath='';
if ( preg_match('/^([^.]+)\/htdocs\//i', realpath($_SERVER["SCRIPT_FILENAME"]), $regs)) $realpath = isset($regs[1])?$regs[1]:'';
if (defined('DOL_DOCUMENT_ROOT_ALT') && DOL_DOCUMENT_ROOT_ALT) $realpath=''; // warning, using alt feature is a security hole because path is not in session name
// Set cookie for timeout management
$sessiontimeout='DOLSESSTIMEOUT_'.md5($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"].$realpath);
$prefix=dol_getprefix();
$sessiontimeout='DOLSESSTIMEOUT_'.$prefix;
if (! empty($conf->global->MAIN_SESSION_TIMEOUT)) setcookie($sessiontimeout, $conf->global->MAIN_SESSION_TIMEOUT, 0, "/", '', 0);
if (GETPOST("urlfrom")) $_SESSION["urlfrom"]=GETPOST("urlfrom");

11
htdocs/main.inc.php
View File

@ -120,8 +120,9 @@ analyse_sql_and_script($_POST,0);
set_include_path($_SERVER['DOCUMENT_ROOT'].'/htdocs');
// Init session. Name of session is specific to Dolibarr instance.
$sessionname='DOLSESSID_'.md5($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"]);
$sessiontimeout='DOLSESSTIMEOUT_'.md5($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"]);
$prefix=dol_getprefix();
$sessionname='DOLSESSID_'.$prefix;
$sessiontimeout='DOLSESSTIMEOUT_'.$prefix;
if (! empty($_COOKIE[$sessiontimeout])) ini_set('session.gc_maxlifetime',$_COOKIE[$sessiontimeout]);
session_name($sessionname);
session_start();
@ -548,7 +549,9 @@ if (! defined('NOLOGIN'))
include_once(DOL_DOCUMENT_ROOT."/core/class/cookie.class.php");
$entity = $_SESSION["dol_login"].'|'.$_POST["entity"];
$entityCookieName = 'DOLENTITYID_'.md5($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"]);
$prefix=dol_getprefix();
$entityCookieName = 'DOLENTITYID_'.$prefix;
// TTL : is defined in the config page multicompany
$ttl = (! empty($conf->global->MAIN_MULTICOMPANY_COOKIE_TTL) ? $conf->global->MAIN_MULTICOMPANY_COOKIE_TTL : time()+60*60*8 );
// Cryptkey : will be created randomly in the config page multicompany
@ -1065,7 +1068,7 @@ function top_menu($head, $title='', $target='', $disablejs=0, $disablehead=0, $a
if ($user->admin && ! $user->entity)
{
$res=@dol_include_once('/multicompany/class/actions_multicompany.class.php');
if ($res)
{
//$mc = new ActionsMulticompany($db);

3
htdocs/master.inc.php
View File

@ -293,7 +293,8 @@ if (! defined('NOREQUIREDB'))
}
else
{
$entityCookieName = 'DOLENTITYID_'.md5($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"]);
$prefix=dol_getprefix();
$entityCookieName = 'DOLENTITYID_'.$prefix;
if (! empty($_COOKIE[$entityCookieName]) && ! empty($conf->file->cookie_cryptkey)) // Just for view specific login page
{
include_once(DOL_DOCUMENT_ROOT."/core/class/cookie.class.php");

5
htdocs/user/logout.php
View File

@ -63,8 +63,9 @@ unset($_SESSION['dol_login']);
unset($_SESSION['dol_entity']);
// Destroy session
$sessionname='DOLSESSID_'.md5($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"]);
$sessiontimeout='DOLSESSTIMEOUT_'.md5($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"]);
$prefix=dol_getprefix();
$sessionname='DOLSESSID_'.$prefix;
$sessiontimeout='DOLSESSTIMEOUT_'.$prefix;
if (! empty($_COOKIE[$sessiontimeout])) ini_set('session.gc_maxlifetime',$_COOKIE[$sessiontimeout]);
session_name($sessionname);
session_destroy();