mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-07-31 20:00:37 +02:00
Code Issues Releases Wiki Activity

Reducing e_SECURITY_LEVEL to 3 with disable ValidateRemoteAddr.

Browse Source
This commit is contained in:
Cameron
2022-04-04 14:47:53 -07:00
parent 22b9bd1721
commit 412b0b2efe
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
e107_handlers/session_handler.php
View File

@@ -69,6 +69,8 @@ class e_session
*/
const SECURITY_LEVEL_NONE = 0;
const SECURITY_LEVEL_LOW = 3;
/**
* Default system protection, balanced for best user experience,
* label 'Safe mode - Balanced'
@@ -202,7 +204,7 @@ class e_session
$config = array(
'ValidateRemoteAddr' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_BALANCED),
'ValidateHttpVia' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_HIGH),
'ValidateHttpXForwardedFor' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_BALANCED),
'ValidateHttpXForwardedFor' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_LOW),
'ValidateHttpUserAgent' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_HIGH),
);
@@ -1044,7 +1046,7 @@ class e_core_session extends e_session
// TODO e-token required for all system forms?
// only if not disabled and not in 'cli' mod
if(e_SECURITY_LEVEL < e_session::SECURITY_LEVEL_BALANCED || e107::getE107('cli')) return true;
if(e_SECURITY_LEVEL < e_session::SECURITY_LEVEL_LOW || e107::getE107('cli')) return true;
if($this->getSessionId())
{