fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-09 21:42:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

SECISSUE fix #952 로그인 사용자의 session id를 재발급하도록 개선

Browse source 
- 로그인 후, admin 액션 접근 시 session id 재발급
This commit is contained in:
bnu 2014-09-04 14:52:37 +09:00
parent 56567bba9e
commit 59960c3b08
4 changed files with 62 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

16
classes/module/ModuleHandler.class.php
View file

@ -377,6 +377,22 @@ class ModuleHandler extends Handler
$kind = 'admin';
}
if($kind == 'admin')
{
$oMemberController = ModuleHandler::getModuleInstance('member', 'controller');
$validate_session = $oMemberController->validateSession();
$oMemberController->regenerateSession();
if(!$validate_session)
{
$this->error = 'security_invalid_session';
$oMessageObject = ModuleHandler::getModuleInstance('message', 'view');
$oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error);
$oMessageObject->dispMessage();
return $oMessageObject;
}
}
// check REQUEST_METHOD in controller
if($type == 'controller')
{