From fbd3a1dc142f0bf5544bbb136264c36f7af78f10 Mon Sep 17 00:00:00 2001 From: sc979 <34628915+sc979@users.noreply.github.com> Date: Wed, 2 Oct 2019 20:16:33 +0200 Subject: [PATCH] fix(secu): the ini_set session duration param has been moved in php.ini (#7896) --- www/api/internal.php | 8 +++----- www/include/core/header/header.php | 7 ++----- 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/www/api/internal.php b/www/api/internal.php index 425772d2cbe..c324705466e 100644 --- a/www/api/internal.php +++ b/www/api/internal.php @@ -45,11 +45,10 @@ ini_set('display_errors', 0); $pearDB = new CentreonDB(); -ini_set("session.gc_maxlifetime", "31536000"); CentreonSession::start(1); -if (false === isset($_SESSION["centreon"])) { +if (!isset($_SESSION["centreon"])) { CentreonWebService::sendResult("Unauthorized", 401); } @@ -59,11 +58,10 @@ * Define Centreon var alias */ if (isset($_SESSION["centreon"])) { - $centreon = $_SESSION["centreon"]; - $oreon = $centreon; + $oreon = $centreon = $_SESSION["centreon"]; } -if (false === isset($centreon) || false === is_object($centreon)) { +if (!isset($centreon) || !is_object($centreon)) { CentreonWebService::sendResult("Unauthorized", 401); } diff --git a/www/include/core/header/header.php b/www/include/core/header/header.php index 6912406c6a7..c00b161d4bf 100644 --- a/www/include/core/header/header.php +++ b/www/include/core/header/header.php @@ -73,8 +73,6 @@ function microtime_float() $centreonSession = new CentreonSession(); -ini_set("session.gc_maxlifetime", "31536000"); - CentreonSession::start(); /* @@ -136,15 +134,14 @@ function microtime_float() * Define Oreon var alias */ if (isset($_SESSION["centreon"])) { - $centreon = $_SESSION["centreon"]; - $oreon = $centreon; + $oreon = $centreon = $_SESSION["centreon"]; } if (!isset($centreon) || !is_object($centreon)) { exit(); } /* - * Init differents elements we need in a lot of pages + * Init different elements we need in a lot of pages */ unset($centreon->Nagioscfg); $centreon->initNagiosCFG($pearDB);