|
|
| Participants: |
Petr Skoda
|
| Security Level: |
None
|
| Affected Branches: |
MOODLE_20_STABLE
|
| Fixed Branches: |
MOODLE_20_STABLE
|
|
if(empty($_COOKIE) && isset($_GET['sessionid']) && isset($_GET['sessioncookie']) && isset($_GET['sessiontest'])) {
$_COOKIE['MoodleSession' . $_GET['sessioncookie']] = $_GET['sessionid'];
$_COOKIE['MoodleSessionTest' . $_GET['sessioncookie']] = $_GET['sessiontest'];
$cookiewasset = true;
}
require_once '../../../config.php';
breaks our session fixation prevention in setup.php, we can not send cookies this way
|
|
Description
|
if(empty($_COOKIE) && isset($_GET['sessionid']) && isset($_GET['sessioncookie']) && isset($_GET['sessiontest'])) {
$_COOKIE['MoodleSession' . $_GET['sessioncookie']] = $_GET['sessionid'];
$_COOKIE['MoodleSessionTest' . $_GET['sessioncookie']] = $_GET['sessiontest'];
$cookiewasset = true;
}
require_once '../../../config.php';
breaks our session fixation prevention in setup.php, we can not send cookies this way |
Show » |
| No changes have yet been made on this issue.
|
|
Sub-task
Open
Minor
