diff options
author | Arthur Schiwon <blizzz@owncloud.com> | 2012-10-08 15:53:08 +0400 |
---|---|---|
committer | Arthur Schiwon <blizzz@owncloud.com> | 2012-10-08 15:53:08 +0400 |
commit | d8e0be18c87df30999d88cc00e49077f04eb5cf9 (patch) | |
tree | 55bef562c33e6968a343680174f2307e8ce635d1 /lib | |
parent | f96bf9eb814f292063456d362d179440aa3a08ac (diff) |
destroy invalid sessions
Diffstat (limited to 'lib')
-rw-r--r-- | lib/base.php | 24 |
1 files changed, 14 insertions, 10 deletions
diff --git a/lib/base.php b/lib/base.php index f949e2a3d16..9db32197d83 100644 --- a/lib/base.php +++ b/lib/base.php @@ -276,7 +276,7 @@ class OC{ ini_set('session.cookie_httponly','1;'); session_start(); } - + public static function loadapp(){ if(file_exists(OC::$APPSROOT . '/apps/' . OC::$REQUESTEDAPP . '/index.php')){ require_once(OC::$APPSROOT . '/apps/' . OC::$REQUESTEDAPP . '/index.php'); @@ -284,7 +284,7 @@ class OC{ trigger_error('The requested App was not found.', E_USER_ERROR);//load default app instead? } } - + public static function loadfile(){ if(file_exists(OC::$APPSROOT . '/apps/' . OC::$REQUESTEDAPP . '/' . OC::$REQUESTEDFILE)){ if(substr(OC::$REQUESTEDFILE, -3) == 'css'){ @@ -303,7 +303,7 @@ class OC{ exit; }elseif(substr(OC::$REQUESTEDFILE, -3) == 'php'){ require_once(OC::$APPSROOT . '/apps/' . OC::$REQUESTEDAPP . '/' . OC::$REQUESTEDFILE); - } + } }else{ header('HTTP/1.0 404 Not Found'); exit; @@ -314,7 +314,7 @@ class OC{ // register autoloader spl_autoload_register(array('OC','autoload')); setlocale(LC_ALL, 'en_US.UTF-8'); - + // set some stuff //ob_start(); error_reporting(E_ALL | E_STRICT); @@ -333,7 +333,7 @@ class OC{ //try to configure php to enable big file uploads. //this doesn´t work always depending on the webserver and php configuration. //Let´s try to overwrite some defaults anyways - + //try to set the maximum execution time to 60min @set_time_limit(3600); @ini_set('max_execution_time',3600); @@ -363,7 +363,7 @@ class OC{ $_SERVER['PHP_AUTH_USER'] = strip_tags($name); $_SERVER['PHP_AUTH_PW'] = strip_tags($password); } - + self::initPaths(); // register the stream wrappers @@ -381,7 +381,7 @@ class OC{ if(isset($refererhost['host'])) $refererhost=$refererhost['host']; else $refererhost=''; $server=OC_Helper::serverHost(); $serverhost=explode(':',$server); - $serverhost=$serverhost['0']; + $serverhost=$serverhost['0']; if(($_SERVER['REQUEST_METHOD']=='POST') and ($refererhost<>$serverhost)) { $url = OC_Helper::serverProtocol().'://'.$server.OC::$WEBROOT.'/index.php'; header("Location: $url"); @@ -414,6 +414,10 @@ class OC{ OC_User::useBackend( OC_Config::getValue( "userbackend", "database" )); OC_Group::useBackend(new OC_Group_Database()); + if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SESSION['user_id']) && $_SERVER['PHP_AUTH_USER'] != $_SESSION['user_id']) { + OC_User::logout(); + } + // Set up file system unless forbidden global $RUNTIME_NOSETUPFS; if(!$RUNTIME_NOSETUPFS ){ @@ -431,14 +435,14 @@ class OC{ OC_App::loadApps(); } } - + // Check for blacklisted files OC_Hook::connect('OC_Filesystem','write','OC_Filesystem','isBlacklisted'); OC_Hook::connect('OC_Filesystem', 'rename', 'OC_Filesystem', 'isBlacklisted'); //make sure temporary files are cleaned up register_shutdown_function(array('OC_Helper','cleanTmp')); - + //parse the given parameters self::$REQUESTEDAPP = (isset($_GET['app']) && trim($_GET['app']) != '' && !is_null($_GET['app'])?str_replace(array('\0', '/', '\\', '..'), '', strip_tags($_GET['app'])):OC_Config::getValue('defaultapp', 'files')); if(substr_count(self::$REQUESTEDAPP, '?') != 0){ @@ -490,7 +494,7 @@ if(!function_exists('get_temp_dir')) { return dirname($temp); } if( $temp=sys_get_temp_dir()) return $temp; - + return null; } } |