Skip to content

Commit

Permalink
Security: session fixation for PHP 5.4 (Cacti#4282)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ddb4github
ddb4github committed May 26, 2021
1 parent ed8cc7c commit cff7bd1
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ Cacti CHANGELOG
1.2.18
-security#4261: Lack of escaping on file input fields can lead to XSS exposure under midwinter theme
-security#4276: Lack of escaping on parameter graph_nolegend can lead to XSS exposure in graph_realtime.php
-security#4282: Regenerate session id to avoid session fixation issue
-issue#4254: When poller first runs, time since last run produces an error
-issue#4259: A typo in variables.php leads to SQL error
-issue#4263: Percentile not showing on partial data after fix for #3340
Expand Down
2 changes: 2 additions & 0 deletions include/csrf.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ function csrf_startup() {
}

function csrf_error_callback() {
//Resolve session fixation for PHP 5.4
session_regenerate_id();
raise_message('csrf_timeout');
ob_end_clean();
header('Location: ' . sanitize_uri($_SERVER['REQUEST_URI']));
Expand Down

0 comments on commit cff7bd1

Please sign in to comment.