Fix: ouverture d'une session temporaire de securite pour stocker une de cryptage alatoire pour
encryption du cookie
This commit is contained in:
Regis Houssin
parent
f0fd274206
commit
43ee2c4acb
@ -137,8 +137,8 @@ $conf->file->main_force_https = empty($dolibarr_main_force_https)?'':$dolibarr_m
|
||||
if (empty($force_charset_do_notuse)) $force_charset_do_notuse='UTF-8';
|
||||
$conf->file->character_set_client=strtoupper($force_charset_do_notuse);
|
||||
// Define the encrypt key for cookie
|
||||
if (empty($dolibarr_main_cookie_cryptkey)) $dolibarr_main_cookie_cryptkey='123';
|
||||
$conf->file->main_cookie_cryptkey=$dolibarr_main_cookie_cryptkey;
|
||||
//if (empty($dolibarr_main_cookie_cryptkey)) $dolibarr_main_cookie_cryptkey='123';
|
||||
//$conf->file->main_cookie_cryptkey=$dolibarr_main_cookie_cryptkey;
|
||||
|
||||
// Define array of document root directories
|
||||
$conf->file->dol_document_root=array(DOL_DOCUMENT_ROOT);
|
||||
@ -219,10 +219,9 @@ if (! defined('NOREQUIREDB'))
|
||||
// TODO See to remove this later as it is a security hole
|
||||
include_once(DOL_DOCUMENT_ROOT."/core/cookie.class.php");
|
||||
|
||||
$entityCookie = new DolCookie($conf->file->main_cookie_cryptkey);
|
||||
// Utilisation de $_SESSION['cryptkey'] comme cle de cryptage
|
||||
$entityCookie = new DolCookie($_SESSION['cryptkey']);
|
||||
$conf->entity = $entityCookie->_getCookie($entityCookieName);
|
||||
|
||||
//$conf->entity = $_COOKIE[$entityCookieName];
|
||||
}
|
||||
elseif (session_id() && isset($_SESSION["dol_entity"])) // Inside an opened session
|
||||
{
|
||||
|
||||
Loading…
Reference in New Issue
Block a user