From 3613ddf523f6e555e8095f1d0f995fa44a99da6f Mon Sep 17 00:00:00 2001 From: David M Date: Sun, 20 Apr 2008 05:13:34 +0000 Subject: #21255 git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8509 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index da54a6c512..08f6512424 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -217,9 +217,9 @@ class session // Load limit check (if applicable) if ($config['limit_load'] || $config['limit_search_load']) { - if ($load = @file_get_contents('/proc/loadavg')) + if ((function_exists('sys_getloadavg') && $load = sys_getloadavg()) || ($load = explode(' ', @file_get_contents('/proc/loadavg')))) { - $this->load = array_slice(explode(' ', $load), 0, 1); + $this->load = array_slice($load, 0, 1); $this->load = floatval($this->load[0]); } else -- cgit v1.2.1 From d3c685c652646eafa050106eff945b3039439d91 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sun, 4 May 2008 14:44:48 +0000 Subject: it is indeed no longer required git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8544 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 08f6512424..8239921ba8 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -68,7 +68,7 @@ class session foreach ($args as $key => $argument) { - if (strpos($argument, 'sid=') === 0 || strpos($argument, '_f_=') === 0) + if (strpos($argument, 'sid=') === 0) { continue; } -- cgit v1.2.1 From 9413af5e1a59a9bfc01fb5d3896a2fb5d34055f4 Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Thu, 15 May 2008 13:29:14 +0000 Subject: So, tighten things up a little further. QA Team, please check this. git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8554 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 50 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 48 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 8239921ba8..33fce6731b 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -158,6 +158,7 @@ class session $this->cookie_data = array('u' => 0, 'k' => ''); $this->update_session_page = $update_session_page; $this->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : ''; + $this->referer = (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : ''; $this->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : ''; $this->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); $this->page = $this->extract_current_page($phpbb_root_path); @@ -263,8 +264,17 @@ class session $s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : ''; $u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : ''; + + // referer checks + $check_referer_path = $config['referer_validation'] == REFERER_VALIDATE_PATH; + $referer_valid = true; + if ($config['referer_validation'] && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) !== 'get') + { + $referer_valid = $this->validate_referer($check_referer_path); + } + - if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for) + if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for && $referer_valid) { $session_expired = false; @@ -343,7 +353,14 @@ class session // Added logging temporarly to help debug bugs... if (defined('DEBUG_EXTRA') && $this->data['user_id'] != ANONYMOUS) { - add_log('critical', 'LOG_IP_BROWSER_FORWARDED_CHECK', $u_ip, $s_ip, $u_browser, $s_browser, htmlspecialchars($u_forwarded_for), htmlspecialchars($s_forwarded_for)); + if ($referer_valid) + { + add_log('critical', 'LOG_IP_BROWSER_FORWARDED_CHECK', $u_ip, $s_ip, $u_browser, $s_browser, htmlspecialchars($u_forwarded_for), htmlspecialchars($s_forwarded_for)); + } + else + { + add_log('critical', 'LOG_REFERER_INVALID', $this->referer); + } } } } @@ -1279,6 +1296,35 @@ class session $this->set_login_key($user_id); } } + + + /** + * Check if the request originated from the same page. + * @param bool $check_script_path If true, the path will be checked as well + */ + function validate_referer($check_script_path = false) + { + // no referer - nothing to validate, user's fault for turning it off (we only check on POST; so meta can't be the reason) + if (empty($this->referer) || empty($this->host) ) + { + return true; + } + $host = htmlspecialchars($this->host); + $ref = substr($this->referer, strpos($this->referer, '://') + 3); + if (!(stripos($ref , $host) === 0)) + { + return false; + } + else if ($check_script_path && !empty(rtrim($this->page['root_script_path'], '/'))) + { + $ref = substr($ref, strlen($host)); + if (!(stripos(rtrim($ref, '/'), rtrim($this->page['root_script_path'], '/')) === 0)) + { + return false; + } + } + return true; + } } -- cgit v1.2.1 From c5ba29e1faf708dc890fcc2acddf36ca25c321ab Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Thu, 15 May 2008 14:17:17 +0000 Subject: 27375 - keep it up git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8556 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 33fce6731b..66554f1ab5 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1315,7 +1315,7 @@ class session { return false; } - else if ($check_script_path && !empty(rtrim($this->page['root_script_path'], '/'))) + else if ($check_script_path && rtrim($this->page['root_script_path'], '/') !== '' ) { $ref = substr($ref, strlen($host)); if (!(stripos(rtrim($ref, '/'), rtrim($this->page['root_script_path'], '/')) === 0)) -- cgit v1.2.1 From 5ea735d3adad4c70aef347dbccb5c533c2ef15d7 Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Fri, 16 May 2008 12:34:39 +0000 Subject: explanation git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8557 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 1 + 1 file changed, 1 insertion(+) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 66554f1ab5..e216b3e36a 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -268,6 +268,7 @@ class session // referer checks $check_referer_path = $config['referer_validation'] == REFERER_VALIDATE_PATH; $referer_valid = true; + // we assume HEAD and TRACE to be foul play and thus only whitelist GET if ($config['referer_validation'] && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) !== 'get') { $referer_valid = $this->validate_referer($check_referer_path); -- cgit v1.2.1 From 2f5297751a4643fae1917e63c620a793d9711ff3 Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Sat, 17 May 2008 12:57:20 +0000 Subject: Hmmm. Tawny port and stilton git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8558 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index e216b3e36a..43d3b1ea2b 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1319,6 +1319,11 @@ class session else if ($check_script_path && rtrim($this->page['root_script_path'], '/') !== '' ) { $ref = substr($ref, strlen($host)); + $server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'); + if ($server_port !== 80 && $server_port !== 443 && stripos($ref , ":$server_port") === 0) + { + $ref = substr($ref, strlen(":$server_port")); + } if (!(stripos(rtrim($ref, '/'), rtrim($this->page['root_script_path'], '/')) === 0)) { return false; -- cgit v1.2.1 From 2c9ab1ac686c11b3bcc3bbad4e4a8c2446ee4bf5 Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Sat, 17 May 2008 14:34:32 +0000 Subject: ... git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8559 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 43d3b1ea2b..661d87357f 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1316,14 +1316,14 @@ class session { return false; } - else if ($check_script_path && rtrim($this->page['root_script_path'], '/') !== '' ) + else if ($check_script_path && rtrim($this->page['root_script_path'], '/') !== '') { $ref = substr($ref, strlen($host)); - $server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'); - if ($server_port !== 80 && $server_port !== 443 && stripos($ref , ":$server_port") === 0) - { - $ref = substr($ref, strlen(":$server_port")); - } + $server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'); + if ($server_port !== 80 && $server_port !== 443 && stripos($ref , ":$server_port") === 0) + { + $ref = substr($ref, strlen(":$server_port")); + } if (!(stripos(rtrim($ref, '/'), rtrim($this->page['root_script_path'], '/')) === 0)) { return false; -- cgit v1.2.1 From ae060e8aefb7d0bbb276518cb4a78e1e130d1580 Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Sat, 17 May 2008 14:35:23 +0000 Subject: ... git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8560 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 661d87357f..2eafdc7e80 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1320,7 +1320,7 @@ class session { $ref = substr($ref, strlen($host)); $server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'); - if ($server_port !== 80 && $server_port !== 443 && stripos($ref , ":$server_port") === 0) + if ($server_port !== 80 && $server_port !== 443 && stripos($ref, ":$server_port") === 0) { $ref = substr($ref, strlen(":$server_port")); } -- cgit v1.2.1 From c41388ce8ab2268cd97c1c7d2d2791faddf23ea3 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sun, 18 May 2008 20:06:15 +0000 Subject: some adjustements (changes to sessions code need to be backwards-compatible) - henry, do not forget to include this into your merge to 3.2.x too. git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8565 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 2eafdc7e80..435618f7ff 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -264,16 +264,17 @@ class session $s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : ''; $u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : ''; - + // referer checks - $check_referer_path = $config['referer_validation'] == REFERER_VALIDATE_PATH; + // The @ before $config['referer_validation'] suppresses notices present while running the updater + $check_referer_path = (@$config['referer_validation'] == REFERER_VALIDATE_PATH); $referer_valid = true; + // we assume HEAD and TRACE to be foul play and thus only whitelist GET - if ($config['referer_validation'] && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) !== 'get') + if (@$config['referer_validation'] && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) !== 'get') { $referer_valid = $this->validate_referer($check_referer_path); } - if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for && $referer_valid) { @@ -1119,7 +1120,7 @@ class session trigger_error($message); } - return ($banned) ? true : false; + return ($banned && $ban_row['ban_give_reason']) ? $ban_row['ban_give_reason'] : $banned; } /** @@ -1297,10 +1298,10 @@ class session $this->set_login_key($user_id); } } - - + + /** - * Check if the request originated from the same page. + * Check if the request originated from the same page. * @param bool $check_script_path If true, the path will be checked as well */ function validate_referer($check_script_path = false) -- cgit v1.2.1 From 8039c37b5126742c4170a8b17a645021f940f26a Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Mon, 2 Jun 2008 17:10:21 +0000 Subject: ACP logout git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8580 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 435618f7ff..828739115f 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1332,6 +1332,16 @@ class session } return true; } + + + function unset_admin() + { + global $db; + $sql = 'UPDATE ' . SESSIONS_TABLE . ' + SET session_admin = 0 + WHERE session_id = \'' . $db->sql_escape($this->session_id) . '\''; + $db->sql_query($sql); + } } -- cgit v1.2.1 From 406895a1ad75167829740deac3f08779104838fb Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Mon, 9 Jun 2008 17:05:52 +0000 Subject: #27395 git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8636 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/session.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'phpBB/includes/session.php') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 828739115f..8a3a16727e 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -161,6 +161,13 @@ class session $this->referer = (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : ''; $this->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : ''; $this->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); + + // Since HTTP_HOST may carry a port definition, we need to remove it here... + if (strpos($this->host, ':') !== false) + { + $this->host = substr($this->host, 0, strpos($this->host, ':')); + } + $this->page = $this->extract_current_page($phpbb_root_path); // if the forwarded for header shall be checked we have to validate its contents @@ -1311,8 +1318,10 @@ class session { return true; } + $host = htmlspecialchars($this->host); $ref = substr($this->referer, strpos($this->referer, '://') + 3); + if (!(stripos($ref , $host) === 0)) { return false; @@ -1321,15 +1330,18 @@ class session { $ref = substr($ref, strlen($host)); $server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'); + if ($server_port !== 80 && $server_port !== 443 && stripos($ref, ":$server_port") === 0) { $ref = substr($ref, strlen(":$server_port")); } + if (!(stripos(rtrim($ref, '/'), rtrim($this->page['root_script_path'], '/')) === 0)) { return false; } } + return true; } -- cgit v1.2.1