diff options
Diffstat (limited to 'application/Utils.php')
| -rw-r--r-- | application/Utils.php | 30 |
1 files changed, 0 insertions, 30 deletions
diff --git a/application/Utils.php b/application/Utils.php index 2f38a8de..97b12fcf 100644 --- a/application/Utils.php +++ b/application/Utils.php | |||
| @@ -182,36 +182,6 @@ function generateLocation($referer, $host, $loopTerms = array()) | |||
| 182 | } | 182 | } |
| 183 | 183 | ||
| 184 | /** | 184 | /** |
| 185 | * Validate session ID to prevent Full Path Disclosure. | ||
| 186 | * | ||
| 187 | * See #298. | ||
| 188 | * The session ID's format depends on the hash algorithm set in PHP settings | ||
| 189 | * | ||
| 190 | * @param string $sessionId Session ID | ||
| 191 | * | ||
| 192 | * @return true if valid, false otherwise. | ||
| 193 | * | ||
| 194 | * @see http://php.net/manual/en/function.hash-algos.php | ||
| 195 | * @see http://php.net/manual/en/session.configuration.php | ||
| 196 | */ | ||
| 197 | function is_session_id_valid($sessionId) | ||
| 198 | { | ||
| 199 | if (empty($sessionId)) { | ||
| 200 | return false; | ||
| 201 | } | ||
| 202 | |||
| 203 | if (!$sessionId) { | ||
| 204 | return false; | ||
| 205 | } | ||
| 206 | |||
| 207 | if (!preg_match('/^[a-zA-Z0-9,-]{2,128}$/', $sessionId)) { | ||
| 208 | return false; | ||
| 209 | } | ||
| 210 | |||
| 211 | return true; | ||
| 212 | } | ||
| 213 | |||
| 214 | /** | ||
| 215 | * Sniff browser language to set the locale automatically. | 185 | * Sniff browser language to set the locale automatically. |
| 216 | * Note that is may not work on your server if the corresponding locale is not installed. | 186 | * Note that is may not work on your server if the corresponding locale is not installed. |
| 217 | * | 187 | * |