phpgroupware-tracker
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-tracker] [Bug #3618] list_session function of class sessi

From: nobody
Subject: [Phpgroupware-tracker] [Bug #3618] list_session function of class sessions_ph4 intrudes on other installations
Date: Sun, 18 May 2003 05:24:22 -0400 

=================== BUG #3618: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=3618&group_id=509

Changes by: Ralf Becker <address@hidden>
Date: Sun 05/18/2003 at 11:24 (Europe/Berlin)

            What     | Removed                   | Added
---------------------------------------------------------------------------
          Resolution | Works for me              | Wont Fix
              Status | Open                      | Closed


------------------ Additional Follow-up Comments ----------------------------
It is fixed now in .16 and soon in HEAD. The problem with .14 is, that my fix 
also contains a db-table-change, which we are commited not to do in stable 
releases.
So if u realy need it, do the following (unsupported):
- grab class.sesssions*.inc.php from .16 api-dir
- change the colum-type phpgw_access_log.lo to int
Sideeffect: It will give u the bruteforce stuff too, without its configuration 
;-)



=================== BUG #3618: FULL BUG SNAPSHOT ===================


Submitted by: totschnig               Project: phpGroupWare                 
Submitted on: Thu 05/15/2003 at 04:16
Category:  API - Admin                Bug Group:  0.9.14.003 release        
Severity:  9 - Critical               Priority:  None                       
Resolution:  Wont Fix                 Assigned to:  ralfbecker              
Status:  Closed                       Component Version:  None              
Platform Version:  None               Reproducibility:  None                

Summary:  list_session function of class sessions_ph4 intrudes on other 
installations

Original Submission:  if there are several installations of phpgroupware on one 
system, and they use the same temp dir, and you view the active sessions, you 
can see the sessions of all installations there are on your system. You can 
even kill them!!!

Follow-up Comments
*******************

-------------------------------------------------------
Date: Sun 05/18/2003 at 11:24       By: ralfbecker
It is fixed now in .16 and soon in HEAD. The problem with .14 is, that my fix 
also contains a db-table-change, which we are commited not to do in stable 
releases.
So if u realy need it, do the following (unsupported):
- grab class.sesssions*.inc.php from .16 api-dir
- change the colum-type phpgw_access_log.lo to int
Sideeffect: It will give u the bruteforce stuff too, without its configuration 
;-)

-------------------------------------------------------
Date: Sat 05/17/2003 at 04:43       By: totschnig
If I am not mistaken, the code takes care of filtering out sessions of other 
virtual domains of the same phpgroupware installation. What it does not handle 
different phpgroupware installations, which all use only one, the default 
domain.

-------------------------------------------------------
Date: Fri 05/16/2003 at 23:03       By: ralfbecker
It works in my testinstall: I only see the sessions of the domain I'm logged 
in. 

If you look at the Line 1050 of class.session_php4.inc.php: if the domain in 
the session-record does not match my own domain it does a continue to not list 
that record. To track down the prob. with your intall u might want to enable 
the debug-message on line 1055 extend with an additional output for 
$this->account_domain (the domain your in atm).

Let me know what is shows.


CC list is empty


No files currently attached


For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=3618&group_id=509
reply via email to
[Prev in Thread] Current Thread [Next in Thread]