Permalink
Browse files

Security fix for:

  Internet Explorer bug that allows sends cookies to different sites if
  they have the same ending.  eg moodle.com cookie is sent to smec.moodle.com!!

  Also fixes case where multiple moodle installations may be in different
  directories on the same server.  When you go from one to the other the
  first session will be destroyed now (you can't be logged in the two
  at the same time).  It's just a lot safer this way, for now.

Basically this works by storing the wwwroot variable in the session
and checking it for every page.
  • Loading branch information...
1 parent 6e4c09d commit c21c671d747120751110444a6cc9c1c907d95d14 martin committed Aug 28, 2002
Showing with 5 additions and 2 deletions.
  1. +3 −1 lib/moodlelib.php
  2. +2 −1 login/index.php
View
@@ -951,10 +951,12 @@ function require_login($courseid=0) {
// First check that the user is logged in to the site.
- if (! (isset($USER->loggedin) and $USER->confirmed) ) { // They're not
+ if (! (isset($USER->loggedin) and $USER->confirmed and ($USER->site == $CFG->wwwroot)) ) { // They're not
$SESSION->wantsurl = $FULLME;
$SESSION->fromurl = $HTTP_REFERER;
save_session("SESSION");
+ $USER = NULL;
+ save_session("USER");
if ($PHPSESSID) { // Cookies not enabled.
redirect("$CFG->wwwroot/login/?PHPSESSID=$PHPSESSID");
} else {
View
@@ -33,9 +33,10 @@
print_footer();
die;
}
-
+
$USER = $user;
$USER->loggedin = true;
+ $USER->site = $CFG->wwwroot; // for added security
save_session("USER");
if (!update_user_in_db()) {

0 comments on commit c21c671

Please sign in to comment.