[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-tracker] [Bug #3618] list_session function of class sessi
From: |
nobody |
Subject: |
[Phpgroupware-tracker] [Bug #3618] list_session function of class sessions_ph4 intrudes on other installations |
Date: |
Sun, 18 May 2003 05:24:22 -0400 |
=================== BUG #3618: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=3618&group_id=509
Changes by: Ralf Becker <address@hidden>
Date: Sun 05/18/2003 at 11:24 (Europe/Berlin)
What | Removed | Added
---------------------------------------------------------------------------
Resolution | Works for me | Wont Fix
Status | Open | Closed
------------------ Additional Follow-up Comments ----------------------------
It is fixed now in .16 and soon in HEAD. The problem with .14 is, that my fix
also contains a db-table-change, which we are commited not to do in stable
releases.
So if u realy need it, do the following (unsupported):
- grab class.sesssions*.inc.php from .16 api-dir
- change the colum-type phpgw_access_log.lo to int
Sideeffect: It will give u the bruteforce stuff too, without its configuration
;-)
=================== BUG #3618: FULL BUG SNAPSHOT ===================
Submitted by: totschnig Project: phpGroupWare
Submitted on: Thu 05/15/2003 at 04:16
Category: API - Admin Bug Group: 0.9.14.003 release
Severity: 9 - Critical Priority: None
Resolution: Wont Fix Assigned to: ralfbecker
Status: Closed Component Version: None
Platform Version: None Reproducibility: None
Summary: list_session function of class sessions_ph4 intrudes on other
installations
Original Submission: if there are several installations of phpgroupware on one
system, and they use the same temp dir, and you view the active sessions, you
can see the sessions of all installations there are on your system. You can
even kill them!!!
Follow-up Comments
*******************
-------------------------------------------------------
Date: Sun 05/18/2003 at 11:24 By: ralfbecker
It is fixed now in .16 and soon in HEAD. The problem with .14 is, that my fix
also contains a db-table-change, which we are commited not to do in stable
releases.
So if u realy need it, do the following (unsupported):
- grab class.sesssions*.inc.php from .16 api-dir
- change the colum-type phpgw_access_log.lo to int
Sideeffect: It will give u the bruteforce stuff too, without its configuration
;-)
-------------------------------------------------------
Date: Sat 05/17/2003 at 04:43 By: totschnig
If I am not mistaken, the code takes care of filtering out sessions of other
virtual domains of the same phpgroupware installation. What it does not handle
different phpgroupware installations, which all use only one, the default
domain.
-------------------------------------------------------
Date: Fri 05/16/2003 at 23:03 By: ralfbecker
It works in my testinstall: I only see the sessions of the domain I'm logged
in.
If you look at the Line 1050 of class.session_php4.inc.php: if the domain in
the session-record does not match my own domain it does a continue to not list
that record. To track down the prob. with your intall u might want to enable
the debug-message on line 1055 extend with an additional output for
$this->account_domain (the domain your in atm).
Let me know what is shows.
CC list is empty
No files currently attached
For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=3618&group_id=509