mirror of
https://github.com/e107inc/e107.git
synced 2025-08-01 20:30:39 +02:00
Issues #1254 #1208 #1211 #1245 Option to define the session.save_path (relative to e107's root directory) in e107_config.php: define('SESSION_SAVE_PATH','relative-path-to-folder');
example: define('SESSION_SAVE_PATH','../_sessions/'); Use the PHPInfo page in the admin area to check it has worked. Will only work if the path to the folder exists. session.hash_function is now set to sha512 by default when the security level is BALANCED or higher.
This commit is contained in:
@@ -69,6 +69,13 @@ $security_risks = array(
|
|||||||
|
|
||||||
// $phpinfo = preg_replace("#^.*<body>#is", "", $phpinfo);
|
// $phpinfo = preg_replace("#^.*<body>#is", "", $phpinfo);
|
||||||
ob_end_clean();
|
ob_end_clean();
|
||||||
|
|
||||||
|
|
||||||
|
if(deftrue('e_DEBUG'))
|
||||||
|
{
|
||||||
|
$mes->addDebug("Session ID: ".session_id());
|
||||||
|
}
|
||||||
|
|
||||||
$ns->tablerender("PHPInfo", $mes->render(). $phpinfo);
|
$ns->tablerender("PHPInfo", $mes->render(). $phpinfo);
|
||||||
require_once("footer.php");
|
require_once("footer.php");
|
||||||
?>
|
?>
|
@@ -208,6 +208,20 @@ class e_session
|
|||||||
$options['path'] = e107::getPref('session_cookie_path', ''); // FIXME - new pref
|
$options['path'] = e107::getPref('session_cookie_path', ''); // FIXME - new pref
|
||||||
$options['secure'] = e107::getPref('ssl_enabled', false); // FIXME - new pref
|
$options['secure'] = e107::getPref('ssl_enabled', false); // FIXME - new pref
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(defined('SESSION_SAVE_PATH')) // safer than a pref.
|
||||||
|
{
|
||||||
|
$config['SavePath'] = e_BASE. SESSION_SAVE_PATH;
|
||||||
|
}
|
||||||
|
|
||||||
|
$hashes = hash_algos();
|
||||||
|
|
||||||
|
if((e_SECURITY_LEVEL >= self::SECURITY_LEVEL_BALANCED) && in_array('sha512',$hashes))
|
||||||
|
{
|
||||||
|
ini_set('session.hash_function', 'sha512');
|
||||||
|
ini_set('session.hash_bits_per_character', 5);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
$this->setConfig($config)
|
$this->setConfig($config)
|
||||||
->setOptions($options);
|
->setOptions($options);
|
||||||
|
Reference in New Issue
Block a user