Fixed security issue reported by huntr.dev: Session cookie missed the "secure" flag. Thanks for reporting!
This commit is contained in:
azett
parent
f4209dc7a8
commit
e2a6bf1a8a
@ -120,10 +120,9 @@ if (isset($_SERVER ['HTTPS'])) {
|
||||
}
|
||||
$serverport = "false";
|
||||
// Unterstützung für Apache und IIS
|
||||
ini_set('session.cookie_secure', 1);
|
||||
if (isset($_SERVER ['HTTPS']) && ($_SERVER ['HTTPS'] == '1' || strtolower($_SERVER ['HTTPS']) == 'on')) {
|
||||
$serverport = "https://";
|
||||
// Uses a secure connection (HTTPS) if possible
|
||||
ini_set('session.cookie_secure', 1);
|
||||
} else {
|
||||
$serverport = "http://";
|
||||
}
|
||||
|
||||
@ -1,138 +1,141 @@
|
||||
<?php
|
||||
|
||||
function cookie_setup() {
|
||||
global $fp_config;
|
||||
|
||||
global $fp_config;
|
||||
// md5(BLOG_BASEURL);
|
||||
|
||||
// md5(BLOG_BASEURL);
|
||||
if (!defined('COOKIEHASH'))
|
||||
define('COOKIEHASH', $fp_config ['general'] ['blogid']);
|
||||
|
||||
if ( !defined('COOKIEHASH') )
|
||||
define('COOKIEHASH', $fp_config['general']['blogid']);
|
||||
|
||||
if ( !defined('USER_COOKIE') )
|
||||
define('USER_COOKIE', 'fpuser_'. COOKIEHASH);
|
||||
if ( !defined('PASS_COOKIE') )
|
||||
define('PASS_COOKIE', 'fppass_'. COOKIEHASH);
|
||||
if ( !defined('SESS_COOKIE') )
|
||||
define('SESS_COOKIE', 'fpsess_'. COOKIEHASH);
|
||||
|
||||
if ( !defined('COOKIEPATH') )
|
||||
define('COOKIEPATH', preg_replace('|https?://[^/]+|i', '', BLOG_BASEURL ) );
|
||||
if ( !defined('SITECOOKIEPATH') )
|
||||
define('SITECOOKIEPATH', preg_replace('|https?://[^/]+|i', '', BLOG_BASEURL ) );
|
||||
if ( !defined('COOKIE_DOMAIN') )
|
||||
define('COOKIE_DOMAIN', false);
|
||||
|
||||
if (!defined('USER_COOKIE'))
|
||||
define('USER_COOKIE', 'fpuser_' . COOKIEHASH);
|
||||
if (!defined('PASS_COOKIE'))
|
||||
define('PASS_COOKIE', 'fppass_' . COOKIEHASH);
|
||||
if (!defined('SESS_COOKIE'))
|
||||
define('SESS_COOKIE', 'fpsess_' . COOKIEHASH);
|
||||
|
||||
if (!defined('COOKIEPATH'))
|
||||
define('COOKIEPATH', preg_replace('|https?://[^/]+|i', '', BLOG_BASEURL));
|
||||
if (!defined('SITECOOKIEPATH'))
|
||||
define('SITECOOKIEPATH', preg_replace('|https?://[^/]+|i', '', BLOG_BASEURL));
|
||||
if (!defined('COOKIE_DOMAIN'))
|
||||
define('COOKIE_DOMAIN', false);
|
||||
if (!defined('COOKIE_SECURE'))
|
||||
define('COOKIE_SECURE', true);
|
||||
}
|
||||
|
||||
if ( !function_exists('wp_get_cookie_login') ):
|
||||
function wp_get_cookie_login() {
|
||||
if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) )
|
||||
return false;
|
||||
if (!function_exists('wp_get_cookie_login')) :
|
||||
|
||||
return array('login' => $_COOKIE[USER_COOKIE], 'password' => $_COOKIE[PASS_COOKIE]);
|
||||
}
|
||||
function wp_get_cookie_login() {
|
||||
if (empty($_COOKIE [USER_COOKIE]) || empty($_COOKIE [PASS_COOKIE]))
|
||||
return false;
|
||||
|
||||
return array(
|
||||
'login' => $_COOKIE [USER_COOKIE],
|
||||
'password' => $_COOKIE [PASS_COOKIE]
|
||||
);
|
||||
}
|
||||
|
||||
endif;
|
||||
|
||||
function cookie_set($username, $password, $already_md5 = false, $home = '', $siteurl = '', $remember = false) {
|
||||
if ( !$already_md5 )
|
||||
$password = md5( md5($password) ); // Double hash the password in the cookie.
|
||||
|
||||
if ( empty($home) )
|
||||
function cookie_set($username, $password, $already_md5 = false, $home = '', $siteurl = '', $remember = false) {
|
||||
if (!$already_md5)
|
||||
$password = md5(md5($password)); // Double hash the password in the cookie.
|
||||
|
||||
if (empty($home))
|
||||
$cookiepath = COOKIEPATH;
|
||||
else
|
||||
$cookiepath = preg_replace('|https?://[^/]+|i', '', $home . '/' );
|
||||
$cookiepath = preg_replace('|https?://[^/]+|i', '', $home . '/');
|
||||
|
||||
if ( empty($siteurl) ) {
|
||||
if (empty($siteurl)) {
|
||||
$sitecookiepath = SITECOOKIEPATH;
|
||||
$cookiehash = COOKIEHASH;
|
||||
} else {
|
||||
$sitecookiepath = preg_replace('|https?://[^/]+|i', '', $siteurl . '/' );
|
||||
$sitecookiepath = preg_replace('|https?://[^/]+|i', '', $siteurl . '/');
|
||||
$cookiehash = md5($siteurl);
|
||||
}
|
||||
|
||||
if ( $remember )
|
||||
if ($remember)
|
||||
$expire = time() + 31536000;
|
||||
else
|
||||
$expire = 0;
|
||||
|
||||
setcookie(USER_COOKIE, $username, $expire, $cookiepath, COOKIE_DOMAIN);
|
||||
setcookie(PASS_COOKIE, $password, $expire, $cookiepath, COOKIE_DOMAIN);
|
||||
setcookie(USER_COOKIE, $username, $expire, $cookiepath, COOKIE_DOMAIN, COOKIE_SECURE);
|
||||
setcookie(PASS_COOKIE, $password, $expire, $cookiepath, COOKIE_DOMAIN, COOKIE_SECURE);
|
||||
|
||||
if ( $cookiepath != $sitecookiepath ) {
|
||||
setcookie(USER_COOKIE, $username, $expire, $sitecookiepath, COOKIE_DOMAIN);
|
||||
setcookie(PASS_COOKIE, $password, $expire, $sitecookiepath, COOKIE_DOMAIN);
|
||||
if ($cookiepath != $sitecookiepath) {
|
||||
setcookie(USER_COOKIE, $username, $expire, $sitecookiepath, COOKIE_DOMAIN, COOKIE_SECURE);
|
||||
setcookie(PASS_COOKIE, $password, $expire, $sitecookiepath, COOKIE_DOMAIN, COOKIE_SECURE);
|
||||
}
|
||||
}
|
||||
|
||||
function cookie_clear() {
|
||||
setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
|
||||
setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
|
||||
setcookie(USER_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
|
||||
setcookie(PASS_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
|
||||
setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
|
||||
setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
|
||||
setcookie(USER_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
|
||||
setcookie(PASS_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
|
||||
}
|
||||
|
||||
if (!function_exists('wp_login')) :
|
||||
|
||||
if ( !function_exists('wp_login') ) :
|
||||
function wp_login($username, $password, $already_md5 = false) {
|
||||
global $wpdb, $error;
|
||||
function wp_login($username, $password, $already_md5 = false) {
|
||||
global $wpdb, $error;
|
||||
|
||||
$username = sanitize_user($username);
|
||||
$username = sanitize_user($username);
|
||||
|
||||
if ( '' == $username )
|
||||
return false;
|
||||
if ('' == $username)
|
||||
return false;
|
||||
|
||||
if ( '' == $password ) {
|
||||
$error = __('<strong>ERROR</strong>: The password field is empty.');
|
||||
return false;
|
||||
}
|
||||
|
||||
$login = get_userdatabylogin($username);
|
||||
//$login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
|
||||
|
||||
if (!$login) {
|
||||
$error = __('<strong>ERROR</strong>: Invalid username.');
|
||||
return false;
|
||||
} else {
|
||||
// If the password is already_md5, it has been double hashed.
|
||||
// Otherwise, it is plain text.
|
||||
if ( ($already_md5 && md5($login->user_pass) == $password) || ($login->user_login == $username && $login->user_pass == md5($password)) ) {
|
||||
return true;
|
||||
} else {
|
||||
$error = __('<strong>ERROR</strong>: Incorrect password.');
|
||||
$pwd = '';
|
||||
if ('' == $password) {
|
||||
$error = __('<strong>ERROR</strong>: The password field is empty.');
|
||||
return false;
|
||||
}
|
||||
|
||||
$login = get_userdatabylogin($username);
|
||||
// $login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
|
||||
|
||||
if (!$login) {
|
||||
$error = __('<strong>ERROR</strong>: Invalid username.');
|
||||
return false;
|
||||
} else {
|
||||
// If the password is already_md5, it has been double hashed.
|
||||
// Otherwise, it is plain text.
|
||||
if (($already_md5 && md5($login->user_pass) == $password) || ($login->user_login == $username && $login->user_pass == md5($password))) {
|
||||
return true;
|
||||
} else {
|
||||
$error = __('<strong>ERROR</strong>: Incorrect password.');
|
||||
$pwd = '';
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
endif;
|
||||
|
||||
if ( !function_exists('is_user_logged_in') ) :
|
||||
function is_user_logged_in() {
|
||||
$user = wp_get_current_user();
|
||||
if (!function_exists('is_user_logged_in')) :
|
||||
|
||||
if ( $user->id == 0 )
|
||||
return false;
|
||||
function is_user_logged_in() {
|
||||
$user = wp_get_current_user();
|
||||
|
||||
return true;
|
||||
}
|
||||
endif;
|
||||
if ($user->id == 0)
|
||||
return false;
|
||||
|
||||
if ( !function_exists('auth_redirect') ) :
|
||||
function auth_redirect() {
|
||||
// Checks if a user is logged in, if not redirects them to the login page
|
||||
if ( (!empty($_COOKIE[USER_COOKIE]) &&
|
||||
!wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true)) ||
|
||||
(empty($_COOKIE[USER_COOKIE])) ) {
|
||||
nocache_headers();
|
||||
|
||||
wp_redirect(get_option('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
|
||||
exit();
|
||||
return true;
|
||||
}
|
||||
}
|
||||
endif;
|
||||
|
||||
if (!function_exists('auth_redirect')) :
|
||||
|
||||
function auth_redirect() {
|
||||
// Checks if a user is logged in, if not redirects them to the login page
|
||||
if ((!empty($_COOKIE [USER_COOKIE]) && !wp_login($_COOKIE [USER_COOKIE], $_COOKIE [PASS_COOKIE], true)) || (empty($_COOKIE [USER_COOKIE]))) {
|
||||
nocache_headers();
|
||||
|
||||
wp_redirect(get_option('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER ['REQUEST_URI']));
|
||||
exit();
|
||||
}
|
||||
}
|
||||
endif;
|
||||
|
||||
?>
|
||||
@ -1,44 +1,41 @@
|
||||
<?php
|
||||
|
||||
|
||||
function sess_setup() {
|
||||
if (SESSION_PATH != '')
|
||||
session_save_path(SESSION_PATH);
|
||||
|
||||
function sess_setup() {
|
||||
if (SESSION_PATH != '')
|
||||
session_save_path(SESSION_PATH);
|
||||
|
||||
session_name(SESS_COOKIE);
|
||||
|
||||
session_start();
|
||||
|
||||
session_name(SESS_COOKIE);
|
||||
setcookie(SESS_COOKIE, '', 0, '', COOKIE_DOMAIN, COOKIE_SECURE);
|
||||
|
||||
session_start();
|
||||
}
|
||||
|
||||
function sess_add($key, $val) {
|
||||
$_SESSION [$key] = $val;
|
||||
}
|
||||
|
||||
function sess_remove($key) {
|
||||
if (isset($_SESSION [$key])) {
|
||||
$oldval = $_SESSION [$key];
|
||||
unset($_SESSION [$key]);
|
||||
return $oldval;
|
||||
}
|
||||
|
||||
|
||||
function sess_add($key, $val) {
|
||||
$_SESSION[$key] = $val;
|
||||
}
|
||||
|
||||
|
||||
function sess_remove($key) {
|
||||
if (isset($_SESSION[$key])) {
|
||||
$oldval=$_SESSION[$key];
|
||||
unset($_SESSION[$key]);
|
||||
return $oldval;
|
||||
}
|
||||
}
|
||||
|
||||
function sess_get($key) {
|
||||
if (isset($_SESSION[$key]))
|
||||
return $_SESSION[$key];
|
||||
else return false;
|
||||
}
|
||||
|
||||
function sess_close() {
|
||||
unset($_SESSION);
|
||||
if (isset($_COOKIE[session_name()])) {
|
||||
setcookie(session_name(), '', time()-42000, '/');
|
||||
session_set_cookie_params(-42000);
|
||||
}
|
||||
session_destroy();
|
||||
}
|
||||
|
||||
function sess_get($key) {
|
||||
if (isset($_SESSION [$key]))
|
||||
return $_SESSION [$key];
|
||||
else
|
||||
return false;
|
||||
}
|
||||
|
||||
function sess_close() {
|
||||
unset($_SESSION);
|
||||
if (isset($_COOKIE [session_name()])) {
|
||||
setcookie(session_name(), '', time() - 42000, '/', COOKIE_SECURE);
|
||||
session_set_cookie_params(-42000);
|
||||
}
|
||||
session_destroy();
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
@ -64,8 +64,8 @@ function user_login($userid, $pwd, $params = null) {
|
||||
if ($loggedin) {
|
||||
// session_regenerate_id();
|
||||
$expire = time() + 31536000;
|
||||
setcookie(USER_COOKIE, $userid, $expire, COOKIEPATH, COOKIE_DOMAIN);
|
||||
setcookie(PASS_COOKIE, $user ['password'], $expire, COOKIEPATH, COOKIE_DOMAIN);
|
||||
setcookie(USER_COOKIE, $userid, $expire, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
|
||||
setcookie(PASS_COOKIE, $user ['password'], $expire, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
|
||||
}
|
||||
|
||||
return $loggedin;
|
||||
@ -76,8 +76,8 @@ function user_logout() {
|
||||
|
||||
if (user_loggedin()) {
|
||||
|
||||
setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
|
||||
setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
|
||||
setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
|
||||
setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
|
||||
}
|
||||
|
||||
$loggedin = false;
|
||||
|
||||
@ -290,12 +290,12 @@ if (!function_exists('wp_setcookie')) :
|
||||
$cookiehash = md5($siteurl);
|
||||
}
|
||||
|
||||
setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $cookiepath);
|
||||
setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $cookiepath);
|
||||
setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $cookiepath, COOKIE_SECURE);
|
||||
setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $cookiepath, COOKIE_SECURE);
|
||||
|
||||
if ($cookiepath != $sitecookiepath) {
|
||||
setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $sitecookiepath);
|
||||
setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $sitecookiepath);
|
||||
setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $sitecookiepath, COOKIE_SECURE);
|
||||
setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $sitecookiepath, COOKIE_SECURE);
|
||||
}
|
||||
}
|
||||
endif;
|
||||
@ -303,10 +303,10 @@ endif;
|
||||
if (!function_exists('wp_clearcookie')) :
|
||||
|
||||
function wp_clearcookie() {
|
||||
setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
|
||||
setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
|
||||
setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH);
|
||||
setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH);
|
||||
setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH, COOKIE_SECURE);
|
||||
setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH, COOKIE_SECURE);
|
||||
setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_SECURE);
|
||||
setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_SECURE);
|
||||
}
|
||||
endif;
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user