diff options
author | friendica <info@friendica.com> | 2014-06-24 19:59:37 -0700 |
---|---|---|
committer | friendica <info@friendica.com> | 2014-06-24 19:59:37 -0700 |
commit | 423372c9642c10ab448e6209d7b3008993e5aa9d (patch) | |
tree | 1888ea4040ffb065305c84ee8718d513ea74c549 | |
parent | ecd472b7bb2fb0a809c156cb47f4373ba0b8d286 (diff) | |
download | volse-hubzilla-423372c9642c10ab448e6209d7b3008993e5aa9d.tar.gz volse-hubzilla-423372c9642c10ab448e6209d7b3008993e5aa9d.tar.bz2 volse-hubzilla-423372c9642c10ab448e6209d7b3008993e5aa9d.zip |
prevent mis-configured servers from leaking cookies
-rwxr-xr-x | boot.php | 12 |
1 files changed, 10 insertions, 2 deletions
@@ -562,9 +562,17 @@ function startup() { // Some hosting providers block/disable this @set_time_limit(0); - // This has to be quite large to deal with embedded private photos - ini_set('pcre.backtrack_limit', 500000); + if(function_exists ('ini_set')) { + // This has to be quite large to deal with embedded private photos + @ini_set('pcre.backtrack_limit', 500000); + + // Use cookies to store the session ID on the client side + @ini_set('session.use_only_cookies', 1); + + // Disable transparent Session ID support + @ini_set('session.use_trans_sid', 0); + } if (get_magic_quotes_gpc()) { $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST); |