Really fix #9713: Allow session ID to be passed via form and forced a…

…t next page load. git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@5703 f5dc347c-c33d-0410-90a0-b07cc1902cb9
mantisbt · Oct 20, 2008 · be08bb8 · be08bb8
1 parent 27e78f5
commit be08bb8
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 6 deletions.
diff --git a/account_page.php b/account_page.php
@@ -98,6 +98,9 @@
 <div align="center">
 <form method="post" action="account_update.php">
 <?php  echo form_security_field( 'account_update' )?>
+<?php if ( isset( $g_session_pass_id ) ) { ?>
+<input type="hidden" name="session_id" value="<?php echo session_id() ?>"/>
+<?php } ?>
 <table class="width75" cellspacing="1">
 
 	<!-- Headings -->

diff --git a/core/session_api.php b/core/session_api.php
@@ -51,7 +51,7 @@ abstract function destroy();
  * to PHP's session.* settings in 'php.ini'.
  */
 class MantisPHPSession extends MantisSession {
-	function __construct() {
+	function __construct( $p_session_id=null ) {
 		$t_session_save_path = config_get_global( 'session_save_path' );
 		if( $t_session_save_path ) {
 			session_save_path( $t_session_save_path );
@@ -63,6 +63,11 @@ function __construct() {
 		} else {
 			session_set_cookie_params( 0, config_get( 'cookie_path' ), config_get( 'cookie_domain' ), false );
 		}
+
+		if ( !is_null( $p_session_id ) ) {
+			session_id( $p_session_id );
+		}
+
 		session_start();
 		$this->id = session_id();
 	}
@@ -101,12 +106,12 @@ function destroy() {
 /**
  * Initialize the appropriate session handler.
  */
-function session_init() {
+function session_init( $p_session_id=null ) {
 	global $g_session, $g_session_handler;
 
 	switch( strtolower( $g_session_handler ) ) {
 		case 'php':
-			$g_session = new MantisPHPSession();
+			$g_session = new MantisPHPSession( $p_session_id );
 			break;
 
 		case 'adodb':
@@ -189,4 +194,11 @@ function session_clean() {
 }
 
 # Initialize the session
-session_init();
+$t_session_id = gpc_get_string( 'session_id', '' );
+
+if ( empty( $t_session_id ) ) {
+	session_init();
+} else {
+	session_init( $t_session_id );
+}
+
diff --git a/verify.php b/verify.php
@@ -43,8 +43,10 @@
 	}
 
 	# (Re)initialize session
-	session_init();
-
+	session_regenerate_id()
+	session_init( session_id() );
+	$g_session_pass_id = ON;
+
 	$t_calculated_confirm_hash = auth_generate_confirm_hash( $f_user_id );
 
 	if ( $f_confirm_hash != $t_calculated_confirm_hash ) {
@@ -63,3 +65,4 @@
 	user_increment_failed_login_count( $f_user_id );
 
 	include ( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'account_page.php' );
+