From 43ee2c4acbaef3456da7c7b7a8d28866ecd4f693 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 20 May 2009 18:18:25 +0000 Subject: [PATCH] =?UTF-8?q?Fix:=20ouverture=20d'une=20session=20temporaire?= =?UTF-8?q?=20de=20securite=20pour=20stocker=20une=20de=20cryptage=20al=E9?= =?UTF-8?q?atoire=20pour=20=20encryption=20du=20cookie?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- htdocs/master.inc.php | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/htdocs/master.inc.php b/htdocs/master.inc.php index e2d0f076a69..4aaf0054576 100644 --- a/htdocs/master.inc.php +++ b/htdocs/master.inc.php @@ -137,8 +137,8 @@ $conf->file->main_force_https = empty($dolibarr_main_force_https)?'':$dolibarr_m if (empty($force_charset_do_notuse)) $force_charset_do_notuse='UTF-8'; $conf->file->character_set_client=strtoupper($force_charset_do_notuse); // Define the encrypt key for cookie -if (empty($dolibarr_main_cookie_cryptkey)) $dolibarr_main_cookie_cryptkey='123'; -$conf->file->main_cookie_cryptkey=$dolibarr_main_cookie_cryptkey; +//if (empty($dolibarr_main_cookie_cryptkey)) $dolibarr_main_cookie_cryptkey='123'; +//$conf->file->main_cookie_cryptkey=$dolibarr_main_cookie_cryptkey; // Define array of document root directories $conf->file->dol_document_root=array(DOL_DOCUMENT_ROOT); @@ -219,10 +219,9 @@ if (! defined('NOREQUIREDB')) // TODO See to remove this later as it is a security hole include_once(DOL_DOCUMENT_ROOT."/core/cookie.class.php"); - $entityCookie = new DolCookie($conf->file->main_cookie_cryptkey); + // Utilisation de $_SESSION['cryptkey'] comme cle de cryptage + $entityCookie = new DolCookie($_SESSION['cryptkey']); $conf->entity = $entityCookie->_getCookie($entityCookieName); - - //$conf->entity = $_COOKIE[$entityCookieName]; } elseif (session_id() && isset($_SESSION["dol_entity"])) // Inside an opened session {