- security paranoia: protect session/remember me cookies from XSS attacks (works only if php>=5.2 and with IE/FF maybe others)

git-svn-id: http://piwigo.org/svn/branches/2.0@2756 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
rvelices
2008-10-16 00:35:30 +00:00
parent 7807d6586a
commit f7f8c1688e
4 changed files with 40 additions and 28 deletions
+1 -8
View File
@@ -29,14 +29,7 @@ if (isset($_COOKIE[session_name()]))
session_start();
if (isset($_GET['act']) and $_GET['act'] == 'logout')
{ // logout
$_SESSION = array();
session_unset();
session_destroy();
setcookie(session_name(),'',0,
ini_get('session.cookie_path'),
ini_get('session.cookie_domain')
);
setcookie($conf['remember_me_name'], '', 0, cookie_path());
logout_user();
redirect(make_index_url());
}
elseif (!empty($_SESSION['pwg_uid']))