fix bug #127: update session class

2013-09-17 14:48:16 +02:00
parent a8778dc23e
commit f6597c7cb9
3 changed files with 223 additions and 71 deletions
--- a/inc/poche/Poche.class.php
+++ b/inc/poche/Poche.class.php
@ -93,6 +93,7 @@ class Poche
    private function init() 
    {
        Tools::initPhp();
+        Session::$sessionName = 'poche'; 
        Session::init();

        if (isset($_SESSION['poche_user']) && $_SESSION['poche_user'] != array()) {
--- a/inc/poche/config.inc.php
+++ b/inc/poche/config.inc.php
@ -48,4 +48,12 @@ if (!ini_get('date.timezone') || !@date_default_timezone_set(ini_get('date.timez
    date_default_timezone_set('UTC');
 }

-$poche = new Poche();
+$poche = new Poche();
+
+#XSRF protection with token
+if (!empty($_POST)) {
+    if (!Session::isToken($_POST['token'])) {
+        die(_('Wrong token'));
+    }
+    unset($_SESSION['tokens']);
+}