Not logged in. · Lost password · Register
Forum: Support Bug reports and troubleshooting RSS
Last devel version - $cookiePath wrong assigment
Broken cookie support
Avatar
Night Nord 2008-02-15, 23:43 #1
Member since Feb 2008 · 15 posts · Location: Russia, Saint-Petersburg
Group memberships: Members
Show profile · Link to this post
Subject: Last devel version - $cookiePath wrong assigment
In session.lib.php. This code inside UnbCreateSession function:
  1.         // Use the URL path of the calling script as cookie path.
  2.         $cookiePath = dirname($_SERVER['PHP_SELF']) . '/';
  3.         if (rc('cookie_path')) $cookiePath = rc('cookie_path');

Resulting value into $cookiePath = '//'

It means, that in some, maybe newer, php installations dirname (or $_SERVER['PHP_SELF']) logic changed. As example: http://89.163.78.124/test.php

So, maybe it will be better to do this to prevent such problem:
  1.         // Use the URL path of the calling script as cookie path.
  2.         $self_dir       = dirname($_SERVER['PHP_SELF']);
  3.         $cookiePath     = $self_dir . ( ( substr($self_dir, -1) == '/' )? '' : '/');

But this code also used inside UnbCheckSession, UnbNoTermSession, UnbTermSession. So, because now process is more complicated than just taking from sysvar, common function needed:

  1. function get_cookie_path(){
  2.         if (rc('cookie_path')) return rc('cookie_path');
  3.  
  4.         // Use the URL path of the calling script as cookie path.
  5.         $self_dir = dirname($_SERVER['PHP_SELF']);
  6.         return $self_dir . ( ( substr($self_dir, -1) == '/' )? '' : '/');
  7. }

I also attached diff file maked from my changes.

Sorry for mistakes and trimmered description - my English not good.
The author has attached one file to this post:
session.lib.php.patch 2.2 kBytes
You have no permission to open this file.
Avatar
Yves (Administrator) 2008-02-15, 23:54 #2
User title: UNB developer & webmaster
Member since Jan 2004 · 3814 posts · Location: Erlangen, Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Yeah, great, isn't it? I took this small piece of code from my ongoing UNB2 development. Then I discovered the very same bug in a real-life scenario with UNB2 and fixed it. But I forgot to port back that fix, too. Thank you for the reminder.
♪ ...nanananah, all in all we’re just brilliant thieves, nanananah... ♪♬
Avatar
Yves (Administrator) 2008-02-16, 00:03 #3
User title: UNB developer & webmaster
Member since Jan 2004 · 3814 posts · Location: Erlangen, Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Here's a corrected version of the affected file. See the change log on this website for details.
♪ ...nanananah, all in all we’re just brilliant thieves, nanananah... ♪♬
The author has attached one file to this post:
session.lib.php 13.8 kBytes
You have no permission to open this file.
Avatar
Night Nord 2008-02-16, 00:22 #4
Member since Feb 2008 · 15 posts · Location: Russia, Saint-Petersburg
Group memberships: Members
Show profile · Link to this post
Thanks.
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:

Go to forum
This board is powered by the Unclassified NewsBoard software, 20110527-dev, © 2003-2011 by Yves Goergen
Page created in 195.3 ms (101.6 ms) · 55 database queries in 144.1 ms
Current time: 2012-02-08, 09:16:10 (UTC +01:00)