X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=application%2FUtils.php;h=cb03f11c7fd556098674055739a0cf8d8c2300fa;hb=4d30975a06354c5a01d2dfdfc5441e160ef4073e;hp=cd4724fa388fe7de20eaa12bc97189cea993f119;hpb=d1e2f8e52c931f84c11d4f54f32959710d528182;p=github%2Fshaarli%2FShaarli.git

diff --git a/application/Utils.php b/application/Utils.php
old mode 100644
new mode 100755
index cd4724fa..cb03f11c
--- a/application/Utils.php
+++ b/application/Utils.php
@@ -137,4 +137,28 @@ function checkPHPVersion($minVersion, $curVersion)
         );
     }
 }
-?>
+
+/**
+ * Validate session ID to prevent Full Path Disclosure.
+ * See #298.
+ *
+ * @param string $sessionId Session ID
+ *
+ * @return true if valid, false otherwise.
+ */
+function is_session_id_valid($sessionId)
+{
+    if (empty($sessionId)) {
+        return false;
+    }
+
+    if (!$sessionId) {
+        return false;
+    }
+
+    if (!preg_match('/^[a-z0-9]{2,32}$/i', $sessionId)) {
+        return false;
+    }
+
+    return true;
+}