Beanz/flatpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed security issue reported by huntr.dev: Session cookie missed the "secure" flag. Thanks for reporting!

Browse Source
This commit is contained in:
azett 2021-10-23 20:25:09 +02:00
parent f4209dc7a8
commit e2a6bf1a8a
5 changed files with 137 additions and 138 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
defaults.php
View File

@ -120,10 +120,9 @@ if (isset($_SERVER ['HTTPS'])) {
} }
$serverport = "false"; $serverport = "false";
// Unterstützung für Apache und IIS // Unterstützung für Apache und IIS
ini_set('session.cookie_secure', 1);
if (isset($_SERVER ['HTTPS']) && ($_SERVER ['HTTPS'] == '1' || strtolower($_SERVER ['HTTPS']) == 'on')) { if (isset($_SERVER ['HTTPS']) && ($_SERVER ['HTTPS'] == '1' || strtolower($_SERVER ['HTTPS']) == 'on')) {
$serverport = "https://"; $serverport = "https://";
// Uses a secure connection (HTTPS) if possible
ini_set('session.cookie_secure', 1);
} else { } else {
$serverport = "http://"; $serverport = "http://";
} }

177
fp-includes/core/core.cookie.php
View File

@ -1,138 +1,141 @@
<?php <?php
function cookie_setup() { function cookie_setup() {
global $fp_config;
global $fp_config; // md5(BLOG_BASEURL);
// md5(BLOG_BASEURL); if (!defined('COOKIEHASH'))
define('COOKIEHASH', $fp_config ['general'] ['blogid']);
if ( !defined('COOKIEHASH') )
define('COOKIEHASH', $fp_config['general']['blogid']);
if ( !defined('USER_COOKIE') )
define('USER_COOKIE', 'fpuser_'. COOKIEHASH);
if ( !defined('PASS_COOKIE') )
define('PASS_COOKIE', 'fppass_'. COOKIEHASH);
if ( !defined('SESS_COOKIE') )
define('SESS_COOKIE', 'fpsess_'. COOKIEHASH);
if ( !defined('COOKIEPATH') )
define('COOKIEPATH', preg_replace('|https?://[^/]+|i', '', BLOG_BASEURL ) );
if ( !defined('SITECOOKIEPATH') )
define('SITECOOKIEPATH', preg_replace('|https?://[^/]+|i', '', BLOG_BASEURL ) );
if ( !defined('COOKIE_DOMAIN') )
define('COOKIE_DOMAIN', false);
if (!defined('USER_COOKIE'))
define('USER_COOKIE', 'fpuser_' . COOKIEHASH);
if (!defined('PASS_COOKIE'))
define('PASS_COOKIE', 'fppass_' . COOKIEHASH);
if (!defined('SESS_COOKIE'))
define('SESS_COOKIE', 'fpsess_' . COOKIEHASH);
if (!defined('COOKIEPATH'))
define('COOKIEPATH', preg_replace('|https?://[^/]+|i', '', BLOG_BASEURL));
if (!defined('SITECOOKIEPATH'))
define('SITECOOKIEPATH', preg_replace('|https?://[^/]+|i', '', BLOG_BASEURL));
if (!defined('COOKIE_DOMAIN'))
define('COOKIE_DOMAIN', false);
if (!defined('COOKIE_SECURE'))
define('COOKIE_SECURE', true);
} }
if ( !function_exists('wp_get_cookie_login') ): if (!function_exists('wp_get_cookie_login')) :
function wp_get_cookie_login() {
if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) )
return false;
return array('login' => $_COOKIE[USER_COOKIE], 'password' => $_COOKIE[PASS_COOKIE]); function wp_get_cookie_login() {
} if (empty($_COOKIE [USER_COOKIE]) || empty($_COOKIE [PASS_COOKIE]))
return false;
return array(
'login' => $_COOKIE [USER_COOKIE],
'password' => $_COOKIE [PASS_COOKIE]
);
}
endif; endif;
function cookie_set($username, $password, $already_md5 = false, $home = '', $siteurl = '', $remember = false) {
if ( !$already_md5 )
$password = md5( md5($password) ); // Double hash the password in the cookie.
if ( empty($home) ) function cookie_set($username, $password, $already_md5 = false, $home = '', $siteurl = '', $remember = false) {
if (!$already_md5)
$password = md5(md5($password)); // Double hash the password in the cookie.
if (empty($home))
$cookiepath = COOKIEPATH; $cookiepath = COOKIEPATH;
else else
$cookiepath = preg_replace('|https?://[^/]+|i', '', $home . '/' ); $cookiepath = preg_replace('|https?://[^/]+|i', '', $home . '/');
if ( empty($siteurl) ) { if (empty($siteurl)) {
$sitecookiepath = SITECOOKIEPATH; $sitecookiepath = SITECOOKIEPATH;
$cookiehash = COOKIEHASH; $cookiehash = COOKIEHASH;
} else { } else {
$sitecookiepath = preg_replace('|https?://[^/]+|i', '', $siteurl . '/' ); $sitecookiepath = preg_replace('|https?://[^/]+|i', '', $siteurl . '/');
$cookiehash = md5($siteurl); $cookiehash = md5($siteurl);
} }
if ( $remember ) if ($remember)
$expire = time() + 31536000; $expire = time() + 31536000;
else else
$expire = 0; $expire = 0;
setcookie(USER_COOKIE, $username, $expire, $cookiepath, COOKIE_DOMAIN); setcookie(USER_COOKIE, $username, $expire, $cookiepath, COOKIE_DOMAIN, COOKIE_SECURE);
setcookie(PASS_COOKIE, $password, $expire, $cookiepath, COOKIE_DOMAIN); setcookie(PASS_COOKIE, $password, $expire, $cookiepath, COOKIE_DOMAIN, COOKIE_SECURE);
if ( $cookiepath != $sitecookiepath ) { if ($cookiepath != $sitecookiepath) {
setcookie(USER_COOKIE, $username, $expire, $sitecookiepath, COOKIE_DOMAIN); setcookie(USER_COOKIE, $username, $expire, $sitecookiepath, COOKIE_DOMAIN, COOKIE_SECURE);
setcookie(PASS_COOKIE, $password, $expire, $sitecookiepath, COOKIE_DOMAIN); setcookie(PASS_COOKIE, $password, $expire, $sitecookiepath, COOKIE_DOMAIN, COOKIE_SECURE);
} }
} }
function cookie_clear() { function cookie_clear() {
setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
setcookie(USER_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); setcookie(USER_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
setcookie(PASS_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN); setcookie(PASS_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
} }
if (!function_exists('wp_login')) :
if ( !function_exists('wp_login') ) : function wp_login($username, $password, $already_md5 = false) {
function wp_login($username, $password, $already_md5 = false) { global $wpdb, $error;
global $wpdb, $error;
$username = sanitize_user($username); $username = sanitize_user($username);
if ( '' == $username ) if ('' == $username)
return false; return false;
if ( '' == $password ) { if ('' == $password) {
$error = __('<strong>ERROR</strong>: The password field is empty.'); $error = __('<strong>ERROR</strong>: The password field is empty.');
return false;
}
$login = get_userdatabylogin($username);
//$login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
if (!$login) {
$error = __('<strong>ERROR</strong>: Invalid username.');
return false;
} else {
// If the password is already_md5, it has been double hashed.
// Otherwise, it is plain text.
if ( ($already_md5 && md5($login->user_pass) == $password) || ($login->user_login == $username && $login->user_pass == md5($password)) ) {
return true;
} else {
$error = __('<strong>ERROR</strong>: Incorrect password.');
$pwd = '';
return false; return false;
} }
$login = get_userdatabylogin($username);
// $login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
if (!$login) {
$error = __('<strong>ERROR</strong>: Invalid username.');
return false;
} else {
// If the password is already_md5, it has been double hashed.
// Otherwise, it is plain text.
if (($already_md5 && md5($login->user_pass) == $password) || ($login->user_login == $username && $login->user_pass == md5($password))) {
return true;
} else {
$error = __('<strong>ERROR</strong>: Incorrect password.');
$pwd = '';
return false;
}
}
} }
}
endif; endif;
if ( !function_exists('is_user_logged_in') ) : if (!function_exists('is_user_logged_in')) :
function is_user_logged_in() {
$user = wp_get_current_user();
if ( $user->id == 0 ) function is_user_logged_in() {
return false; $user = wp_get_current_user();
return true; if ($user->id == 0)
} return false;
endif;
if ( !function_exists('auth_redirect') ) : return true;
function auth_redirect() {
// Checks if a user is logged in, if not redirects them to the login page
if ( (!empty($_COOKIE[USER_COOKIE]) &&
!wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true)) ||
(empty($_COOKIE[USER_COOKIE])) ) {
nocache_headers();
wp_redirect(get_option('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
exit();
} }
}
endif; endif;
if (!function_exists('auth_redirect')) :
function auth_redirect() {
// Checks if a user is logged in, if not redirects them to the login page
if ((!empty($_COOKIE [USER_COOKIE]) && !wp_login($_COOKIE [USER_COOKIE], $_COOKIE [PASS_COOKIE], true)) || (empty($_COOKIE [USER_COOKIE]))) {
nocache_headers();
wp_redirect(get_option('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER ['REQUEST_URI']));
exit();
}
}
endif;
?> ?>

61
fp-includes/core/core.session.php
View File

@ -1,44 +1,41 @@
<?php <?php
function sess_setup() {
if (SESSION_PATH != '')
session_save_path(SESSION_PATH);
session_name(SESS_COOKIE);
setcookie(SESS_COOKIE, '', 0, '', COOKIE_DOMAIN, COOKIE_SECURE);
function sess_setup() { session_start();
if (SESSION_PATH != '') }
session_save_path(SESSION_PATH);
session_name(SESS_COOKIE); function sess_add($key, $val) {
$_SESSION [$key] = $val;
session_start(); }
function sess_remove($key) {
if (isset($_SESSION [$key])) {
$oldval = $_SESSION [$key];
unset($_SESSION [$key]);
return $oldval;
} }
}
function sess_get($key) {
if (isset($_SESSION [$key]))
return $_SESSION [$key];
else
return false;
}
function sess_add($key, $val) { function sess_close() {
$_SESSION[$key] = $val; unset($_SESSION);
} if (isset($_COOKIE [session_name()])) {
setcookie(session_name(), '', time() - 42000, '/', COOKIE_SECURE);
session_set_cookie_params(-42000);
function sess_remove($key) {
if (isset($_SESSION[$key])) {
$oldval=$_SESSION[$key];
unset($_SESSION[$key]);
return $oldval;
}
}
function sess_get($key) {
if (isset($_SESSION[$key]))
return $_SESSION[$key];
else return false;
}
function sess_close() {
unset($_SESSION);
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-42000, '/');
session_set_cookie_params(-42000);
}
session_destroy();
} }
session_destroy();
}
?> ?>

8
fp-includes/core/core.users.php
View File

@ -64,8 +64,8 @@ function user_login($userid, $pwd, $params = null) {
if ($loggedin) { if ($loggedin) {
// session_regenerate_id(); // session_regenerate_id();
$expire = time() + 31536000; $expire = time() + 31536000;
setcookie(USER_COOKIE, $userid, $expire, COOKIEPATH, COOKIE_DOMAIN); setcookie(USER_COOKIE, $userid, $expire, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
setcookie(PASS_COOKIE, $user ['password'], $expire, COOKIEPATH, COOKIE_DOMAIN); setcookie(PASS_COOKIE, $user ['password'], $expire, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
} }
return $loggedin; return $loggedin;
@ -76,8 +76,8 @@ function user_logout() {
if (user_loggedin()) { if (user_loggedin()) {
setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN); setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
} }
$loggedin = false; $loggedin = false;

16
fp-includes/core/core.wp-pluggable-funcs.php
View File

@ -290,12 +290,12 @@ if (!function_exists('wp_setcookie')) :
$cookiehash = md5($siteurl); $cookiehash = md5($siteurl);
} }
setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $cookiepath); setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $cookiepath, COOKIE_SECURE);
setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $cookiepath); setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $cookiepath, COOKIE_SECURE);
if ($cookiepath != $sitecookiepath) { if ($cookiepath != $sitecookiepath) {
setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $sitecookiepath); setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $sitecookiepath, COOKIE_SECURE);
setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $sitecookiepath); setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $sitecookiepath, COOKIE_SECURE);
} }
} }
endif; endif;
@ -303,10 +303,10 @@ endif;
if (!function_exists('wp_clearcookie')) : if (!function_exists('wp_clearcookie')) :
function wp_clearcookie() { function wp_clearcookie() {
setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH); setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH, COOKIE_SECURE);
setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH); setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH, COOKIE_SECURE);
setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH); setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_SECURE);
setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH); setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_SECURE);
} }
endif; endif;