1 files changed, 25 insertions, 1 deletions
diff --git a/application/Utils.php b/application/Utils.php
index cd4724fa..fa18f158 100644
--- a/application/Utils.php
+++ b/application/Utils.php
@@ -137,4 +137,28 @@ function checkPHPVersion($minVersion, $curVersion)
        );
    }
 }
-?>
+/**
+ * Validate session ID to prevent Full Path Disclosure.
+ * See #298.
+ *
+ * @param string $sessionId Session ID
+ *
+ * @return true if valid, false otherwise.
+ */
+function is_session_id_valid($sessionId)
+{
+    if (empty($sessionId)) {
+        return false;
+    }
+    if (!$sessionId) {
+        return false;
+    }
+    if (!preg_match('/^[a-z0-9]{2,32}$/', $sessionId)) {
+        return false;
+    }
+    return true;
+}

diff --git a/application/Utils.php b/application/Utils.php index cd4724fa..fa18f158 100644 --- a/application/Utils.php +++ b/application/Utils.php
@@ -137,4 +137,28 @@ function checkPHPVersion($minVersion, $curVersion)
137	);	137	);
138	}	138	}
139	}	139	}
140	?>	140
		141	/**
		142	* Validate session ID to prevent Full Path Disclosure.
		143	* See #298.
		144	*
		145	* @param string $sessionId Session ID
		146	*
		147	* @return true if valid, false otherwise.
		148	*/
		149	function is_session_id_valid($sessionId)
		150	{
		151	if (empty($sessionId)) {
		152	return false;
		153	}
		154
		155	if (!$sessionId) {
		156	return false;
		157	}
		158
		159	if (!preg_match('/^[a-z0-9]{2,32}$/', $sessionId)) {
		160	return false;
		161	}
		162
		163	return true;
		164	}