Fi:x Restore a security system broken by adding alt feature.

2010-12-27 19:25:59 +00:00 · 2010-12-27 19:25:59 +00:00 · 9a4c903211
commit 9a4c903211
parent 2215df18a3
2 changed files with 6 additions and 2 deletions
--- a/htdocs/lib/functions.lib.php
+++ b/htdocs/lib/functions.lib.php
@ -78,7 +78,7 @@ function dol_getprefix()
    {
        $realpath='';
        // Warning, using alt feature is a security hole because path is not in session name, so being authenticated into an instance allow access on another
-        // FIXME The fix is to use only "root url" as realpath like the one defined into $dolibarr_main_document_root
+        // FIXME The fix is to use only "root url" like the one defined into $dolibarr_main_url_root
    }
    return $realpath;
 }
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@ -120,7 +120,11 @@ analyse_sql_and_script($_POST,0);
 set_include_path($_SERVER['DOCUMENT_ROOT'].'/htdocs');

 // Init session. Name of session is specific to Dolibarr instance.
-$prefix=dol_getprefix();
+//$prefix=dol_getprefix();      // We can't use this function because include of functions not done yet
+$realpath='';
+if (preg_match('/^([^.]+)\/htdocs\//i', realpath($_SERVER["SCRIPT_FILENAME"]), $regs)) $realpath = isset($regs[1])?$regs[1]:'';
+if (defined('DOL_DOCUMENT_ROOT_ALT') && DOL_DOCUMENT_ROOT_ALT) $realpath=''; // warning, using alt feature is a security hole because path is not in session name, so being authenticated into an instance allow access on another
+$prefix=$realpath;
 $sessionname='DOLSESSID_'.$prefix;
 $sessiontimeout='DOLSESSTIMEOUT_'.$prefix;
 if (! empty($_COOKIE[$sessiontimeout])) ini_set('session.gc_maxlifetime',$_COOKIE[$sessiontimeout]);