aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
authormarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-08-31 20:00:41 +0000
committermarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-08-31 20:00:41 +0000
commit676e87ccfae0d8a951b10145b41e13d2c5ccfe02 (patch)
tree576c98faa955fa4293b68d08a3034002943ec4e9 /engine/lib
parentcfcb03d40034bd9a122eac309e149d7af7b44893 (diff)
downloadelgg-676e87ccfae0d8a951b10145b41e13d2c5ccfe02.tar.gz
elgg-676e87ccfae0d8a951b10145b41e13d2c5ccfe02.tar.bz2
Some session fingerprinting code. Requires user agent to be consistent across requests.
git-svn-id: https://code.elgg.org/elgg/trunk@2047 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/actions.php5
-rw-r--r--engine/lib/sessions.php23
2 files changed, 26 insertions, 2 deletions
diff --git a/engine/lib/actions.php b/engine/lib/actions.php
index 28a16c403..76913f2b4 100644
--- a/engine/lib/actions.php
+++ b/engine/lib/actions.php
@@ -174,8 +174,11 @@
// Current session id
$session_id = session_id();
+ // Get user agent
+ $ua = $_SERVER['HTTP_USER_AGENT'];
+
if (($site_secret) && ($session_id))
- return md5($site_secret.$timestamp.$session_id);
+ return md5($site_secret.$timestamp.$session_id.$ua);
return false;
}
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index c6ae6f8d4..0a35fec1a 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -162,6 +162,13 @@
session_destroy();
return true;
+ }
+
+ function get_session_fingerprint()
+ {
+ global $CONFIG;
+
+ return md5($_SERVER['HTTP_USER_AGENT'] );
}
/**
@@ -182,7 +189,21 @@
if (!is_db_installed()) return false;
session_name('Elgg');
- session_start();
+ session_start();
+
+ // Do some sanity checking by generating a fingerprint (makes some XSS attacks harder)
+ if (isset($_SESSION['__elgg_fingerprint']))
+ {
+ if ($_SESSION['__elgg_fingerprint'] != get_session_fingerprint())
+ {
+ session_destroy();
+ return false;
+ }
+ }
+ else
+ {
+ $_SESSION['__elgg_fingerprint'] = get_session_fingerprint();
+ }
if (empty($_SESSION['guid'])) {
if (isset($_COOKIE['elggperm'])) {