diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2007-06-03 21:14:51 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2007-06-03 21:14:51 +0200 |
| commit | 4b1a4e046d9d5cf2cf918f4f73d48046648efdb8 (patch) | |
| tree | b6e1987cfc16fd4d0cbde18a52fe376b68094444 | |
| parent | 2d3d74fe83941849c0ffeeaaff3b93561fbfdc25 (diff) | |
| download | rpg-4b1a4e046d9d5cf2cf918f4f73d48046648efdb8.tar.gz rpg-4b1a4e046d9d5cf2cf918f4f73d48046648efdb8.tar.bz2 | |
never use full URL in cookie paths FS#1146
Introduces a DOKU_REL constant always pointing to the DokuWiki directory regardless
of the used canonical setting.
darcs-hash:20070603191451-7ad00-a5227a3632b3337f5da90551d3166d9b5db56638.gz
| -rw-r--r-- | inc/auth.php | 4 | ||||
| -rw-r--r-- | inc/init.php | 18 |
2 files changed, 15 insertions, 7 deletions
diff --git a/inc/auth.php b/inc/auth.php index 6e9a2908f..2511516c2 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -131,7 +131,7 @@ function auth_login($user,$pass,$sticky=false,$silent=false){ $pass = PMA_blowfish_encrypt($pass,auth_cookiesalt()); $cookie = base64_encode("$user|$sticky|$pass"); if($sticky) $time = time()+60*60*24*365; //one year - setcookie(DOKU_COOKIE,$cookie,$time,'/'); + setcookie(DOKU_COOKIE,$cookie,$time,DOKU_REL); // set session $_SESSION[DOKU_COOKIE]['auth']['user'] = $user; @@ -240,7 +240,7 @@ function auth_logoff(){ if(isset($_SERVER['REMOTE_USER'])) unset($_SERVER['REMOTE_USER']); $USERINFO=null; //FIXME - setcookie(DOKU_COOKIE,'',time()-600000,'/'); + setcookie(DOKU_COOKIE,'',time()-600000,DOKU_REL); if($auth && $auth->canDo('logoff')){ $auth->logOff(); diff --git a/inc/init.php b/inc/init.php index d59b2088e..f8697a845 100644 --- a/inc/init.php +++ b/inc/init.php @@ -53,8 +53,16 @@ } // define baseURL - if(!defined('DOKU_BASE')) define('DOKU_BASE',getBaseURL()); - if(!defined('DOKU_URL')) define('DOKU_URL',getBaseURL(true)); + if(!defined('DOKU_REL')) define('DOKU_REL',getBaseURL(false)); + if(!defined('DOKU_URL')) define('DOKU_URL',getBaseURL(true)); + if(!defined('DOKU_BASE')){ + if($conf['canonical']){ + define('DOKU_BASE',DOKU_URL); + }else{ + define('DOKU_BASE',DOKU_REL); + } + } + // define cookie and session id if (!defined('DOKU_COOKIE')) define('DOKU_COOKIE', 'DW'.md5(DOKU_URL)); @@ -90,7 +98,7 @@ // init session if (!headers_sent() && !defined('NOSESSION')){ session_name("DokuWiki"); - session_set_cookie_params(0, DOKU_BASE); + session_set_cookie_params(0, DOKU_REL); session_start(); } @@ -263,10 +271,10 @@ function remove_magic_quotes(&$array) { * * @author Andreas Gohr <andi@splitbrain.org> */ -function getBaseURL($abs=false){ +function getBaseURL($abs=null){ global $conf; //if canonical url enabled always return absolute - if($conf['canonical']) $abs = true; + if(is_null($abs)) $abs = $conf['canonical']; if($conf['basedir']){ $dir = $conf['basedir'].'/'; |