Fixed possible session manipulation in swekey authentication, see PMASA-2011-5

2011-06-30 12:30:58 +02:00
parent 9fc6e35cfd
commit 7ebd958b2b
2 changed files with 5 additions and 3 deletions
--- a/libraries/auth/swekey/swekey.auth.lib.php
+++ b/libraries/auth/swekey/swekey.auth.lib.php
@@ -263,11 +263,10 @@ function Swekey_login($input_name, $input_go)
 	}
 }

-if (strstr($_SERVER['QUERY_STRING'],'session_to_unset') != false)
+if (!empty($_GET['session_to_unset']))
 {
-    parse_str($_SERVER['QUERY_STRING']);
 	session_write_close();
-	session_id($session_to_unset);
+	session_id($_GET['session_to_unset']);
 	session_start();
 	$_SESSION = array();
 	session_write_close();