Skip to content
Permalink
Browse files Browse the repository at this point in the history
Regenerating session IDs on login state change.
Thanks to Juttikhun Khamchaiyaphum for the suggestion.
  • Loading branch information
timbuckingham committed Oct 11, 2018
1 parent dd4456e commit c69402c
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions core/inc/bigtree/admin.php
Expand Up @@ -118,6 +118,7 @@ function __construct() {
$this->CSRFToken = $csrf_token;
$this->CSRFTokenField = $csrf_token_field;

session_regenerate_id();
$_SESSION["bigtree_admin"]["id"] = $f["id"];
$_SESSION["bigtree_admin"]["email"] = $f["email"];
$_SESSION["bigtree_admin"]["name"] = $f["name"];
Expand Down Expand Up @@ -6053,6 +6054,7 @@ static function login($email,$password,$stay_logged_in = false,$domain = null,$t
setcookie('bigtree_admin[login]', $cookie_value, strtotime("+1 month"), $cookie_domain, "", false, true);
}

session_regenerate_id();
$_SESSION["bigtree_admin"]["id"] = $user["id"];
$_SESSION["bigtree_admin"]["email"] = $user["email"];
$_SESSION["bigtree_admin"]["level"] = $user["level"];
Expand Down Expand Up @@ -6184,6 +6186,7 @@ static function loginSession($session_key) {
setcookie('bigtree_admin[login]', $cookie_value, strtotime("+1 month"), $cookie_domain, "", false, true);
}

session_regenerate_id();
$_SESSION["bigtree_admin"]["id"] = $user["id"];
$_SESSION["bigtree_admin"]["email"] = $user["email"];
$_SESSION["bigtree_admin"]["level"] = $user["level"];
Expand Down

1 comment on commit c69402c

@zionspike
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The CVE for this vulnerability has been reserved as CVE-2018-18380.

Please sign in to comment.