From ef42a9d667bc59456c156d0c5085be9efc1954b7 Mon Sep 17 00:00:00 2001 From: x2003bruneau Date: Wed, 22 Aug 2007 19:26:55 +0000 Subject: [PATCH] Fix a vicious bug hidden by another bug when a banned user try to authenticate by cookie. classes/platal.php | 4 ++-- classes/plmailer.php | 3 +-- include/xorg.inc.php | 3 ++- include/xorg.misc.inc.php | 2 +- include/xorg/session.inc.php | 10 ++++++++++ 5 files changed, 16 insertions(+), 6 deletions(-) git-svn-id: svn+ssh://murphy/home/svn/platal/trunk@1929 839d8a87-29fc-0310-9880-83ba4fa771e5 --- classes/platal.php | 4 ++-- classes/plmailer.php | 3 +-- include/xorg.inc.php | 3 ++- include/xorg.misc.inc.php | 2 +- include/xorg/session.inc.php | 10 ++++++++++ 5 files changed, 16 insertions(+), 6 deletions(-) diff --git a/classes/platal.php b/classes/platal.php index 620f217..f97f5e9 100644 --- a/classes/platal.php +++ b/classes/platal.php @@ -199,8 +199,8 @@ class Platal http_redirect('https://' . $globals->core->secure_domain . $_SERVER['REQUEST_URI']); } - $args = $this->argv; - $args[0] = &$page; + $args = $this->argv; + $args[0] =& $page; if ($hook['auth'] > S::v('auth', AUTH_PUBLIC)) { if ($hook['type'] & DO_AUTH) { diff --git a/classes/plmailer.php b/classes/plmailer.php index 15b9705..0377d80 100644 --- a/classes/plmailer.php +++ b/classes/plmailer.php @@ -260,10 +260,9 @@ class PlMailer extends Mail_Mime { { $this->wiki = $wiki; } - + private function processPage($with_html = true) { - $level = error_reporting(0); if (!is_null($this->page)) { $level = error_reporting(0); $this->page->run('head'); // process page headers diff --git a/include/xorg.inc.php b/include/xorg.inc.php index f37d2a7..e0ca4bb 100644 --- a/include/xorg.inc.php +++ b/include/xorg.inc.php @@ -23,7 +23,6 @@ require_once('platal.inc.php'); require_once('globals.inc.php'); require_once('xorg/session.inc.php'); $globals = new PlatalGlobals('XorgSession'); -XorgSession::init(); // {{{ class XorgPage @@ -59,5 +58,7 @@ function new_skinned_page($tpl_name) } } +XorgSession::init(); + // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: ?> diff --git a/include/xorg.misc.inc.php b/include/xorg.misc.inc.php index 235d5bc..1a22f22 100644 --- a/include/xorg.misc.inc.php +++ b/include/xorg.misc.inc.php @@ -298,7 +298,7 @@ function send_warning_mail($title) $mailer->setSubject("[Plat/al Security Alert] $title"); $mailer->setTxtBody("Identifiants de session :\n" . var_export($_SESSION, true) . "\n\n" ."Identifiants de connexion :\n" . var_export($_SERVER, true)); - $mailer->send(); + $mailer->send(); } // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: diff --git a/include/xorg/session.inc.php b/include/xorg/session.inc.php index 3a251f9..265d2c0 100644 --- a/include/xorg/session.inc.php +++ b/include/xorg/session.inc.php @@ -280,10 +280,20 @@ function start_connexion ($uid, $identified) if (check_ip('ban')) { send_warning_mail($mail_subject); $_SESSION = array(); + $_SESSION['perms'] = new FlagSet(); global $page; + $newpage = false; + if (!$page) { + require_once 'xorg.inc.php'; + new_skinned_page('platal/index.tpl'); + $newpage = true; + } $page->trig("Une erreur est survenue lors de la procédure d'authentification. " ."Merci de contacter au plus vite " ."support@polytechnique.org"); + if ($newpage) { + $page->run(); + } return false; } } -- 2.1.4