bachir/popsu-d7
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security update core+modules

Browse Source
This commit is contained in:
Bachir Soussi Chiadmi
2015-04-26 18:38:56 +02:00
parent 2f45ea820a
commit 7c96373038
1022 changed files with 30319 additions and 11259 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
includes/session.inc
View File

@@ -79,7 +79,7 @@ function _drupal_session_read($sid) {
// Handle the case of first time visitors and clients that don't store
// cookies (eg. web crawlers).
$insecure_session_name = substr(session_name(), 1);
if (!isset($_COOKIE[session_name()]) && !isset($_COOKIE[$insecure_session_name])) {
if (empty($sid) || (!isset($_COOKIE[session_name()]) && !isset($_COOKIE[$insecure_session_name]))) {
$user = drupal_anonymous_user();
return '';
}
@@ -263,10 +263,10 @@ function drupal_session_initialize() {
// Less random sessions (which are much faster to generate) are used for
// anonymous users than are generated in drupal_session_regenerate() when
// a user becomes authenticated.
session_id(drupal_hash_base64(uniqid(mt_rand(), TRUE)));
session_id(drupal_random_key());
if ($is_https && variable_get('https', FALSE)) {
$insecure_session_name = substr(session_name(), 1);
$session_id = drupal_hash_base64(uniqid(mt_rand(), TRUE));
$session_id = drupal_random_key();
$_COOKIE[$insecure_session_name] = $session_id;
}
}
@@ -274,7 +274,7 @@ function drupal_session_initialize() {
}
/**
* Forcefully starts a session, preserving already set session data.
* Starts a session forcefully, preserving already set session data.
*
* @ingroup php_wrappers
*/
@@ -360,7 +360,7 @@ function drupal_session_regenerate() {
$old_insecure_session_id = $_COOKIE[$insecure_session_name];
}
$params = session_get_cookie_params();
$session_id = drupal_hash_base64(uniqid(mt_rand(), TRUE) . drupal_random_bytes(55));
$session_id = drupal_random_key();
// If a session cookie lifetime is set, the session will expire
// $params['lifetime'] seconds from the current request. If it is not set,
// it will expire when the browser is closed.
@@ -372,7 +372,7 @@ function drupal_session_regenerate() {
if (drupal_session_started()) {
$old_session_id = session_id();
}
session_id(drupal_hash_base64(uniqid(mt_rand(), TRUE) . drupal_random_bytes(55)));
session_id(drupal_random_key());
if (isset($old_session_id)) {
$params = session_get_cookie_params();