diff options
| author | VirtualTam <virtualtam@flibidi.net> | 2015-08-24 21:25:33 +0200 |
|---|---|---|
| committer | VirtualTam <virtualtam@flibidi.net> | 2015-08-24 21:25:33 +0200 |
| commit | ce8e248ab04a035c2824bee6af91aed49d623a6a (patch) | |
| tree | 8f783db3787970bb2aa4ab3529f5506f9fc898e6 /application | |
| parent | b5d96e9b1f2a7be463ca33a66ab51819870cd4bd (diff) | |
| parent | 06b6660a7e8891c6e1c47815cf50ee5b2ef5f270 (diff) | |
| download | Shaarli-ce8e248ab04a035c2824bee6af91aed49d623a6a.tar.gz Shaarli-ce8e248ab04a035c2824bee6af91aed49d623a6a.tar.zst Shaarli-ce8e248ab04a035c2824bee6af91aed49d623a6a.zip | |
Merge pull request #306 from ArthurHoaro/fpd
Avoid Full Path Disclosure error on session error.
Diffstat (limited to 'application')
| -rw-r--r-- | application/Utils.php | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/application/Utils.php b/application/Utils.php index cd4724fa..fa18f158 100644 --- a/application/Utils.php +++ b/application/Utils.php | |||
| @@ -137,4 +137,28 @@ function checkPHPVersion($minVersion, $curVersion) | |||
| 137 | ); | 137 | ); |
| 138 | } | 138 | } |
| 139 | } | 139 | } |
| 140 | ?> | 140 | |
| 141 | /** | ||
| 142 | * Validate session ID to prevent Full Path Disclosure. | ||
| 143 | * See #298. | ||
| 144 | * | ||
| 145 | * @param string $sessionId Session ID | ||
| 146 | * | ||
| 147 | * @return true if valid, false otherwise. | ||
| 148 | */ | ||
| 149 | function is_session_id_valid($sessionId) | ||
| 150 | { | ||
| 151 | if (empty($sessionId)) { | ||
| 152 | return false; | ||
| 153 | } | ||
| 154 | |||
| 155 | if (!$sessionId) { | ||
| 156 | return false; | ||
| 157 | } | ||
| 158 | |||
| 159 | if (!preg_match('/^[a-z0-9]{2,32}$/', $sessionId)) { | ||
| 160 | return false; | ||
| 161 | } | ||
| 162 | |||
| 163 | return true; | ||
| 164 | } | ||