From 423372c9642c10ab448e6209d7b3008993e5aa9d Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 24 Jun 2014 19:59:37 -0700 Subject: prevent mis-configured servers from leaking cookies --- boot.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'boot.php') diff --git a/boot.php b/boot.php index db2401847..c8b529d42 100755 --- a/boot.php +++ b/boot.php @@ -562,9 +562,17 @@ function startup() { // Some hosting providers block/disable this @set_time_limit(0); - // This has to be quite large to deal with embedded private photos - ini_set('pcre.backtrack_limit', 500000); + if(function_exists ('ini_set')) { + // This has to be quite large to deal with embedded private photos + @ini_set('pcre.backtrack_limit', 500000); + + // Use cookies to store the session ID on the client side + @ini_set('session.use_only_cookies', 1); + + // Disable transparent Session ID support + @ini_set('session.use_trans_sid', 0); + } if (get_magic_quotes_gpc()) { $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST); -- cgit v1.2.3