external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix bug with botched AURSID values

Browse source 
In the check_sid function in aur.inc the condition for expiring the
cookie and redirecting to hacker.php could never be met and instead
the user would be given blank login instead of being considered logged
out, now fixed. This also means we no longer need either hacker.php or
timeout.php at all.

Also, this bug seems to be present in the AUR version running on
aur.archlinux.org.

Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
This commit is contained in:
Callan Barrett 2008-01-04 06:26:47 +09:00 committed by Dan McGee
parent 0e4b25211b
commit bf5c28cf22
2 changed files with 7 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
web/lib/aur.inc
View file

@ -78,7 +78,7 @@ function check_sid() {
$q = "SELECT LastUpdateTS, UNIX_TIMESTAMP() FROM Sessions "; $q = "SELECT LastUpdateTS, UNIX_TIMESTAMP() FROM Sessions ";
$q.= "WHERE SessionID = '" . mysql_real_escape_string($_COOKIE["AURSID"]) . "'"; $q.= "WHERE SessionID = '" . mysql_real_escape_string($_COOKIE["AURSID"]) . "'";
$result = db_query($q, $dbh); $result = db_query($q, $dbh);
if (!$result) { if (mysql_num_rows($result) == 0) {
# Invalid SessionID - hacker alert! # Invalid SessionID - hacker alert!
# #
$failed = 1; $failed = 1;
@ -91,12 +91,10 @@ function check_sid() {
} }
if ($failed == 1) { if ($failed == 1) {
# clear out the hacker's cookie, and send them to a naughty page # clear out the hacker's cookie, and send them to a naughty page
# why do you have to be so harsh on these people!?
# #
setcookie("AURSID", "", time() - (60*60*24*30), "/"); setcookie("AURSID", "", time() - (60*60*24*30), "/");
# I think it's probably safe to do the same as below with this unset($_COOKIE['AURSID']);
# but not really vital at this point
header("Location: /hacker.php");
} elseif ($failed == 2) { } elseif ($failed == 2) {
# visitor's session id either doesn't exist, or the timeout # visitor's session id either doesn't exist, or the timeout
# was reached and they must login again, send them back to # was reached and they must login again, send them back to

8
web/template/header.php
View file

@ -68,7 +68,10 @@ foreach ($SUPPORTED_LANGS as $lang => $lang_name) {
<br /> <br />
<div style="text-align: right; padding-right: 10px"> <div style="text-align: right; padding-right: 10px">
<?php <?php
if (!isset($_COOKIE["AURSID"])) { if (isset($_COOKIE["AURSID"])) {
print __("Logged-in as: %h%s%h",
array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>"));
} else {
if ($login_error) { if ($login_error) {
print "<span class='error'>" . $login_error . "</span><br />\n"; print "<span class='error'>" . $login_error . "</span><br />\n";
} }
@ -81,9 +84,6 @@ if (!isset($_COOKIE["AURSID"])) {
<input type='submit' class='button' value='<?php print __("Login"); ?>'> <input type='submit' class='button' value='<?php print __("Login"); ?>'>
</form> </form>
<?php <?php
} else {
print __("Logged-in as: %h%s%h",
array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>"));
} }
?> ?>
</div> </div>