diff options
-rw-r--r-- | etc/inc/authgui.inc | 8 | ||||
-rw-r--r-- | etc/inc/config.lib.inc | 4 | ||||
-rw-r--r-- | etc/inc/pfsense-utils.inc | 15 | ||||
-rw-r--r-- | usr/local/www/headjs.php | 3 | ||||
-rwxr-xr-x | usr/local/www/system_firmware.php | 4 | ||||
-rw-r--r-- | usr/local/www/system_usermanager_passwordmg.php | 4 | ||||
-rw-r--r-- | usr/local/www/upload_progress.php | 4 |
7 files changed, 25 insertions, 17 deletions
diff --git a/etc/inc/authgui.inc b/etc/inc/authgui.inc index e950345..9c6ffcd 100644 --- a/etc/inc/authgui.inc +++ b/etc/inc/authgui.inc @@ -87,6 +87,12 @@ if (!$_SESSION['Post_Login']) { exit; } +/* + * Close session data to allow other scripts from same host to come in. + * A session can be reactivated from calling session_start again + */ +session_commit(); + /* * determine if the user is allowed access to the requested page */ @@ -268,4 +274,4 @@ if($config['virtualip']) <?php } // end function -?>
\ No newline at end of file +?> diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index a48d241..e0d5acb 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -494,7 +494,11 @@ function write_config($desc="Unknown", $backup = true) { log_error("WARNING! Configuration written on bootup. This can cause stray openvpn and load balancing items in config.xml"); */ + if (!session_id()) + session_start(); $username = empty($_SESSION["Username"]) ? "(system)" : $_SESSION['Username']; + session_commit(); + if (!empty($_SERVER['REMOTE_ADDR'])) $username .= '@' . $_SERVER['REMOTE_ADDR']; diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 08ab5fd..0a0cf68 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -40,21 +40,6 @@ pfSense_MODULE: utils */ -/****f* pfsense-utils/have_natonetooneruleint_access - * NAME - * have_natonetooneruleint_access - * INPUTS - * none - * RESULT - * returns true if user has access to edit a specific firewall nat one to one interface - ******/ -function have_natonetooneruleint_access($if) { - $security_url = "firewall_nat_1to1_edit.php?if=". strtolower($if); - if(isAllowedPage($security_url, $_SESSION['Username'])) - return true; - return false; -} - /****f* pfsense-utils/have_natpfruleint_access * NAME * have_natpfruleint_access diff --git a/usr/local/www/headjs.php b/usr/local/www/headjs.php index eacaa23..e420078 100644 --- a/usr/local/www/headjs.php +++ b/usr/local/www/headjs.php @@ -48,7 +48,10 @@ function getHeadJS() { var input_errors = ''; Event.observe(window, 'load', init, false); "; + if (!session_id()) + session_start(); $_SESSION['NO_AJAX'] == "True" ? $noajax = "var noAjaxOnSubmit = true;" : $noajax = "var noAjaxOnSubmit = false;"; + session_commit(); $headjs .= " {$noajax} diff --git a/usr/local/www/system_firmware.php b/usr/local/www/system_firmware.php index 072bfb9..ddb42d2 100755 --- a/usr/local/www/system_firmware.php +++ b/usr/local/www/system_firmware.php @@ -209,7 +209,9 @@ include("head.inc"); <form action="system_firmware.php" method="post" enctype="multipart/form-data"> <?php /* Construct an upload_id for this session */ - $upload_id = "up". $_SESSION['Username']; + if (!session_id()) + session_start(); + $upload_id = session_id(); ?> <input type="hidden" name="UPLOAD_IDENTIFIER" value="<?php echo $upload_id;?>" /> <?php include("fbegin.inc"); ?> diff --git a/usr/local/www/system_usermanager_passwordmg.php b/usr/local/www/system_usermanager_passwordmg.php index b8b3f76..fd41bc7 100644 --- a/usr/local/www/system_usermanager_passwordmg.php +++ b/usr/local/www/system_usermanager_passwordmg.php @@ -64,11 +64,15 @@ if (isset($_POST['save'])) { } } +if (!session_id()) + session_start(); + /* determine if user is not local to system */ $islocal = false; foreach($config['system']['user'] as $user) if($user['name'] == $_SESSION['Username']) $islocal = true; +session_commit(); ?> diff --git a/usr/local/www/upload_progress.php b/usr/local/www/upload_progress.php index 344ae67..812f7b7 100644 --- a/usr/local/www/upload_progress.php +++ b/usr/local/www/upload_progress.php @@ -38,12 +38,16 @@ include("guiconfig.inc"); +if (!session_id()) + session_start(); + // sanitize the ID value $id = $_SESSION['uploadid']; if (!$id) { echo gettext("Sorry, we could not find an uploadid code."); exit; } +session_commit(); // retrieve the upload data from APC $info = uploadprogress_get_info($id); |