projects / squirrelmail.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 41afe86) | patch
Always generate $base_uri for every page request as opposed to doing it only on some...
authorpdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Mon, 11 May 2009 22:50:16 +0000 (22:50 +0000)
committerpdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Mon, 11 May 2009 22:50:16 +0000 (22:50 +0000)
commit1f80d9f527d2cc2933ee7040aecba908692a20ac
treef45df7d703eaf617708fd33a5e55b4ecb66338bctree | snapshot (zip tar.gz)
parent41afe86f29a37ccf77079acfd0be9c4ef026de55commit | diff
Always generate $base_uri for every page request as opposed to doing it only on some pages.  Always regenerate session ID at login to prevent session fixation by an attacker who has set a malicious cookie on the client browser.  Try to clean up extraneous cookies, such as ones some browsers might actually obey from the src/ directory.  Thanks to Tomas Hoger.  (CVE-2009-1580)

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13677 7612ce4b-ef26-0410-bec9-ea0150e637f0
doc/ChangeLog diff | blob | blame | history
functions/display_messages.php diff | blob | blame | history
functions/global.php diff | blob | blame | history
src/redirect.php diff | blob | blame | history
src/signout.php diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.