define('AT_DEVEL', 0);
define('AT_ERROR_REPORTING', E_ALL ^ E_NOTICE); // default is E_ALL ^ E_NOTICE, use E_ALL or E_ALL + E_STRICT for developing
-define('AT_DEVEL_TRANSLATE', 1);
+define('AT_DEVEL_TRANSLATE', 0);
// Emulate register_globals off. src: http://php.net/manual/en/faq.misc.php#faq.misc.registerglobals
function unregister_GLOBALS() {
$stripslashes = 'my_null_slashes';
}
+function regenerate_session($reload = false)
+{
+ if(!isset($_SESSION['IPaddress']) || $reload)
+ $_SESSION['IPaddress'] = $_SERVER['REMOTE_ADDR'];
+
+ if(!isset($_SESSION['userAgent']) || $reload)
+ $_SESSION['userAgent'] = $_SERVER['HTTP_USER_AGENT'];
+
+ // Set current session to expire in 10 seconds
+ $_SESSION['OBSOLETE'] = true;
+ $_SESSION['EXPIRES'] = time() + 10;
+
+ // Create new session without destroying the old one
+ session_regenerate_id(false);
+
+ // Grab current session ID and close both sessions to allow other scripts to use them
+ $newSession = session_id();
+ session_write_close();
+
+ // Set session ID to the new one, and start it back up again
+ session_id($newSession);
+ session_start();
+
+ // Don't want this one to expire
+ unset($_SESSION['OBSOLETE']);
+ unset($_SESSION['EXPIRES']);
+}
+
+function check_session()
+{
+ if($_SESSION['OBSOLETE'] && ($_SESSION['EXPIRES'] < time())) {
+ return false;
+ }
+
+ if($_SESSION['IPaddress'] != $_SERVER['REMOTE_ADDR']) {
+ return false;
+ }
+
+ if($_SESSION['userAgent'] != $_SERVER['HTTP_USER_AGENT']) {
+ return false;
+ }
+
+ if(!$_SESSION['OBSOLETE']) {
+ regenerate_session();
+ }
+ return true;
+}
+
/*
* structure of this document (in order):
*
ob_start();
session_set_cookie_params(0, $_base_path);
session_start();
+
+ // Regenerate session id at every page refresh to prevent CSRF
+ $valid_session = true;
+ if (count($_SESSION) == 0) {
+ regenerate_session();
+ } else {
+ $valid_session = check_session();
+ }
+
$str = ob_get_contents();
ob_end_clean();
unregister_GLOBALS();
-
+
+ // Re-direct to login page at a potential session hijack
+ if (!$valid_session) {
+ $_SESSION = array();
+ header('Location: '.AT_BASE_HREF.'login.php');
+ exit;
+ }
+
if ($str) {
require_once(AT_INCLUDE_PATH . 'classes/ErrorHandler/ErrorHandler.class.php');
$err = new ErrorHandler();
'and the directory exists.</strong></code><br /><hr /><br />', E_USER_ERROR);
exit;
}
-
+
/***** end session initilization block ****/
/* */
/********************************************************************/
// p_course is set when pretty url is on and guests access a public course. @see bounce.php
+// First, santinize p_course
+if (isset($_REQUEST['p_course'])) {
+ $_REQUEST['p_course'] = intval($_REQUEST['p_course']);
+}
+
if (isset($_SESSION['course_id']) && $_SESSION['course_id'] > 0 || $_REQUEST['p_course'] > 0) {
$sql = 'SELECT * FROM '.TABLE_PREFIX.'glossary
WHERE course_id='.($_SESSION['course_id']>0 ? $_SESSION['course_id'] : $_REQUEST['p_course']).'
}
//take out double quotes until there is a way to escape XSS from the ajax script.
$last_search = preg_replace('/\"/', '', $last_search);
+ $search_field = htmlentities_utf8($this->search_field);
?>
-<?php print_paginator($this->page, $this->num_pages, 'search_friends='.$this->search_field, 1); ?>
+<?php print_paginator($this->page, $this->num_pages, 'search_friends='.$search_field, 1); ?>
<div class="input-form" style="float:right; width:34%;padding:1em;min-height:4.5em;">
<div class="contentrow">
</div>
<div style="clear:both;"></div>
-<?php print_paginator($this->page, $this->num_pages, 'search_friends='.$this->search_field, 1); ?>
+<?php print_paginator($this->page, $this->num_pages, 'search_friends='.$search_field, 1); ?>