aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-06-24 19:59:37 -0700
committerfriendica <info@friendica.com>2014-06-24 19:59:37 -0700
commit423372c9642c10ab448e6209d7b3008993e5aa9d (patch)
tree1888ea4040ffb065305c84ee8718d513ea74c549
parentecd472b7bb2fb0a809c156cb47f4373ba0b8d286 (diff)
downloadvolse-hubzilla-423372c9642c10ab448e6209d7b3008993e5aa9d.tar.gz
volse-hubzilla-423372c9642c10ab448e6209d7b3008993e5aa9d.tar.bz2
volse-hubzilla-423372c9642c10ab448e6209d7b3008993e5aa9d.zip
prevent mis-configured servers from leaking cookies
-rwxr-xr-xboot.php12
1 files changed, 10 insertions, 2 deletions
diff --git a/boot.php b/boot.php
index db2401847..c8b529d42 100755
--- a/boot.php
+++ b/boot.php
@@ -562,9 +562,17 @@ function startup() {
// Some hosting providers block/disable this
@set_time_limit(0);
- // This has to be quite large to deal with embedded private photos
- ini_set('pcre.backtrack_limit', 500000);
+ if(function_exists ('ini_set')) {
+ // This has to be quite large to deal with embedded private photos
+ @ini_set('pcre.backtrack_limit', 500000);
+
+ // Use cookies to store the session ID on the client side
+ @ini_set('session.use_only_cookies', 1);
+
+ // Disable transparent Session ID support
+ @ini_set('session.use_trans_sid', 0);
+ }
if (get_magic_quotes_gpc()) {
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);