From b43b680802ed466702cbcd639a62bb09951edfdc Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 22 May 2012 18:05:58 -0700 Subject: clear submanage, etc from session on logout --- include/auth.php | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'include/auth.php') diff --git a/include/auth.php b/include/auth.php index 1341f3bb8..b87662fea 100644 --- a/include/auth.php +++ b/include/auth.php @@ -11,6 +11,13 @@ function nuke_session() { unset($_SESSION['cid']); unset($_SESSION['theme']); unset($_SESSION['page_flags']); + unset($_SESSION['submanage']); + unset($_SESSION['my_url']); + unset($_SESSION['my_address']); + unset($_SESSION['addr']); + unset($_SESSION['return_url']); + unset($_SESSION['theme']); + unset($_SESSION['page_flags']); } -- cgit v1.2.3 From 08941d42856984a3076e972804ac016400341f91 Mon Sep 17 00:00:00 2001 From: friendica Date: Sat, 26 May 2012 23:46:42 -0700 Subject: handle multiple underscores in D* links --- include/auth.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include/auth.php') diff --git a/include/auth.php b/include/auth.php index b87662fea..cba6a67a7 100644 --- a/include/auth.php +++ b/include/auth.php @@ -53,6 +53,8 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p $check = get_config('system','paranoia'); // extra paranoia - if the IP changed, log them out if($check && ($_SESSION['addr'] != $_SERVER['REMOTE_ADDR'])) { + logger('Session address changed. Paranoid setting in effect, blocking session. ' + . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']); nuke_session(); goaway(z_root()); } -- cgit v1.2.3