From 209f3b52b8c275a9fd88c37b78f42d9263771619 Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Sun, 26 Mar 2006 17:51:25 +0000 Subject: [PATCH] added basic security checks --- lam/HISTORY | 3 ++- lam/templates/account/edit.php | 5 +++-- lam/templates/config/confmain.php | 4 ++-- lam/templates/config/confmodules.php | 4 ++-- lam/templates/config/conftypes.php | 4 ++-- lam/templates/delete.php | 5 +++-- lam/templates/initsuff.php | 11 ++++++----- lam/templates/lists/list.php | 7 ++++--- lam/templates/lists/userlink.php | 9 +++++---- lam/templates/logout.php | 5 +++-- lam/templates/main_header.php | 7 ++++--- lam/templates/massBuildAccounts.php | 5 +++-- lam/templates/massDoUpload.php | 5 +++-- lam/templates/masscreate.php | 5 +++-- lam/templates/ou_edit.php | 11 ++++++----- lam/templates/pdfedit/pdfdelete.php | 5 +++-- lam/templates/pdfedit/pdfmain.php | 5 +++-- lam/templates/pdfedit/pdfpage.php | 5 +++-- lam/templates/profedit/profiledelete.php | 5 +++-- lam/templates/profedit/profilemain.php | 5 +++-- lam/templates/profedit/profilepage.php | 5 +++-- lam/templates/schema/schema.php | 5 +++-- lam/templates/tools.php | 5 +++-- lam/templates/tree/add_attr.php | 5 +++-- lam/templates/tree/add_attr_form.php | 5 +++-- lam/templates/tree/add_oclass.php | 5 +++-- lam/templates/tree/add_oclass_form.php | 5 +++-- lam/templates/tree/add_value.php | 5 +++-- lam/templates/tree/add_value_form.php | 5 +++-- lam/templates/tree/collapse.php | 5 +++-- lam/templates/tree/create.php | 5 +++-- lam/templates/tree/create_form.php | 5 +++-- lam/templates/tree/creation_template.php | 5 +++-- lam/templates/tree/delete.php | 5 +++-- lam/templates/tree/delete_attr.php | 5 +++-- lam/templates/tree/delete_form.php | 5 +++-- lam/templates/tree/download_binary_attr.php | 5 +++-- lam/templates/tree/edit.php | 5 +++-- lam/templates/tree/expand.php | 5 +++-- lam/templates/tree/export.php | 5 +++-- lam/templates/tree/export_form.php | 5 +++-- lam/templates/tree/rdelete.php | 5 +++-- lam/templates/tree/refresh.php | 5 +++-- lam/templates/tree/tree.php | 5 +++-- lam/templates/tree/tree_view.php | 5 +++-- lam/templates/tree/update.php | 5 +++-- lam/templates/tree/update_confirm.php | 5 +++-- 47 files changed, 147 insertions(+), 103 deletions(-) diff --git a/lam/HISTORY b/lam/HISTORY index 624b34bc..412831ca 100644 --- a/lam/HISTORY +++ b/lam/HISTORY @@ -1,7 +1,8 @@ -??? 1.0.1 +12.04.2006 1.0.1 - LAM can now be installed with "configure" and "make install" - Unix: merged password hash settings for Unix users and groups - Samba 3: added Windows group to profile options + - security: LAM checks the session id and client IP - fixed bugs: -> Samba 3: hash values were wrong in some rare cases (1440021) -> Samba 3: readded time zone selection for logon hours (1407761) diff --git a/lam/templates/account/edit.php b/lam/templates/account/edit.php index 39a455e5..64e5ae19 100644 --- a/lam/templates/account/edit.php +++ b/lam/templates/account/edit.php @@ -30,6 +30,8 @@ $Id$ * @author Tilo Lutz */ +/** security functions */ +include_once("../../lib/security.inc"); /** configuration options */ include_once('../../lib/config.inc'); /** functions to load and save profiles */ @@ -42,8 +44,7 @@ include_once('../../lib/pdf.inc'); include_once('../../lib/modules.inc'); // Start session -session_save_path('../../sess'); -@session_start(); +startSecureSession(); // Redirect to startpage if user is not loged in if (!isset($_SESSION['loggedIn'])) { diff --git a/lam/templates/config/confmain.php b/lam/templates/config/confmain.php index b4f6a255..f9c77133 100644 --- a/lam/templates/config/confmain.php +++ b/lam/templates/config/confmain.php @@ -31,10 +31,10 @@ $Id$ /** Access to config functions */ -include_once ("../../lib/config.inc"); +include_once("../../lib/config.inc"); /** access to module settings */ -include_once ("../../lib/modules.inc"); +include_once("../../lib/modules.inc"); // start session session_save_path("../../sess"); diff --git a/lam/templates/config/confmodules.php b/lam/templates/config/confmodules.php index cf7371fb..84cef4b2 100644 --- a/lam/templates/config/confmodules.php +++ b/lam/templates/config/confmodules.php @@ -31,9 +31,9 @@ $Id$ /** Access to config functions */ -include_once ('../../lib/config.inc'); +include_once('../../lib/config.inc'); /** Access to module lists */ -include_once ('../../lib/modules.inc'); +include_once('../../lib/modules.inc'); // start session session_save_path("../../sess"); diff --git a/lam/templates/config/conftypes.php b/lam/templates/config/conftypes.php index 85590c9d..d85b4906 100644 --- a/lam/templates/config/conftypes.php +++ b/lam/templates/config/conftypes.php @@ -31,9 +31,9 @@ $Id$ /** Access to config functions */ -include_once ('../../lib/config.inc'); +include_once('../../lib/config.inc'); /** Access to account types */ -include_once ('../../lib/types.inc'); +include_once('../../lib/types.inc'); // start session session_save_path("../../sess"); diff --git a/lam/templates/delete.php b/lam/templates/delete.php index 109980a8..ab7d5e1d 100644 --- a/lam/templates/delete.php +++ b/lam/templates/delete.php @@ -29,6 +29,8 @@ */ +/** security functions */ +include_once("../lib/security.inc"); /** account functions */ include_once('../lib/account.inc'); /** current configuration options */ @@ -43,8 +45,7 @@ include_once('../lib/lamdaemon.inc'); include_once('../lib/modules.inc'); // Start session -session_save_path('../sess'); -@session_start(); +startSecureSession(); // Redirect to startpage if user is not loged in if (!isset($_SESSION['loggedIn'])) { diff --git a/lam/templates/initsuff.php b/lam/templates/initsuff.php index bc0353ea..3ecc449c 100644 --- a/lam/templates/initsuff.php +++ b/lam/templates/initsuff.php @@ -28,16 +28,17 @@ $Id$ * @package main */ +/** security functions */ +include_once("../lib/security.inc"); /** access to configuration settings */ -include_once ("../lib/config.inc"); +include_once("../lib/config.inc"); /** LDAP access */ -include_once ("../lib/ldap.inc"); +include_once("../lib/ldap.inc"); /** status messages */ -include_once ("../lib/status.inc"); +include_once("../lib/status.inc"); // start session -session_save_path("../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/lists/list.php b/lam/templates/lists/list.php index 5d92ec22..2aa972a1 100644 --- a/lam/templates/lists/list.php +++ b/lam/templates/lists/list.php @@ -29,14 +29,15 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once("../../lib/security.inc"); /** Used to get type information. */ include_once("../../lib/types.inc"); /** Access to configuration options */ -include_once ("../../lib/config.inc"); +include_once("../../lib/config.inc"); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/lists/userlink.php b/lam/templates/lists/userlink.php index f6537853..7dbf1e43 100644 --- a/lam/templates/lists/userlink.php +++ b/lam/templates/lists/userlink.php @@ -30,14 +30,15 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once("../../lib/security.inc"); /** Needed to find DNs of users */ -include_once ("../../lib/ldap.inc"); +include_once("../../lib/ldap.inc"); /** Used to display error messages */ -include_once ("../../lib/status.inc"); +include_once("../../lib/status.inc"); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/logout.php b/lam/templates/logout.php index fb2b3571..e99ba527 100644 --- a/lam/templates/logout.php +++ b/lam/templates/logout.php @@ -35,14 +35,15 @@ if (function_exists('mcrypt_create_iv')) { setcookie("IV", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/"); } +/** security functions */ +include_once("../lib/security.inc"); /** Used to display status messages */ include_once("../lib/status.inc"); /** LDAP settings are deleted at logout */ include_once("../lib/ldap.inc"); // start session -session_save_path("../sess"); -@session_start(); +startSecureSession(); // close LDAP connection @$_SESSION["ldap"]->destroy(); diff --git a/lam/templates/main_header.php b/lam/templates/main_header.php index 65b21b1f..d501718a 100644 --- a/lam/templates/main_header.php +++ b/lam/templates/main_header.php @@ -28,12 +28,13 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once("../lib/security.inc"); /** access to configuration options */ -include_once ("../lib/config.inc"); +include_once("../lib/config.inc"); // start session -session_save_path("../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/massBuildAccounts.php b/lam/templates/massBuildAccounts.php index 04fc2218..5a15611b 100644 --- a/lam/templates/massBuildAccounts.php +++ b/lam/templates/massBuildAccounts.php @@ -28,6 +28,8 @@ $Id$ * @package tools */ +/** security functions */ +include_once("../lib/security.inc"); /** access to configuration */ include_once('../lib/config.inc'); /** status messages */ @@ -37,8 +39,7 @@ include_once('../lib/modules.inc'); // Start session -session_save_path('../sess'); -@session_start(); +startSecureSession(); // Redirect to startpage if user is not loged in if (!isset($_SESSION['loggedIn'])) { diff --git a/lam/templates/massDoUpload.php b/lam/templates/massDoUpload.php index ffa26cfc..789f295e 100644 --- a/lam/templates/massDoUpload.php +++ b/lam/templates/massDoUpload.php @@ -28,6 +28,8 @@ $Id$ * @package tools */ +/** security functions */ +include_once("../lib/security.inc"); /** access to configuration */ include_once('../lib/config.inc'); /** LDAP handle */ @@ -41,8 +43,7 @@ include_once('../lib/cache.inc'); // Start session -session_save_path('../sess'); -@session_start(); +startSecureSession(); // Redirect to startpage if user is not loged in if (!isset($_SESSION['loggedIn'])) { diff --git a/lam/templates/masscreate.php b/lam/templates/masscreate.php index ebb86aab..c8bdfad2 100644 --- a/lam/templates/masscreate.php +++ b/lam/templates/masscreate.php @@ -28,6 +28,8 @@ $Id$ * @package tools */ +/** security functions */ +include_once("../lib/security.inc"); /** access to configuration */ include_once('../lib/config.inc'); /** status messages */ @@ -37,8 +39,7 @@ include_once('../lib/modules.inc'); // Start session -session_save_path('../sess'); -@session_start(); +startSecureSession(); // Redirect to startpage if user is not loged in if (!isset($_SESSION['loggedIn'])) { diff --git a/lam/templates/ou_edit.php b/lam/templates/ou_edit.php index a4cd5857..58686fdf 100644 --- a/lam/templates/ou_edit.php +++ b/lam/templates/ou_edit.php @@ -28,16 +28,17 @@ $Id$ * @package tools */ +/** security functions */ +include_once("../lib/security.inc"); /** access to configuration data */ -include_once ("../lib/config.inc"); +include_once("../lib/config.inc"); /** access LDAP server */ -include_once ("../lib/ldap.inc"); +include_once("../lib/ldap.inc"); /** used to print status messages */ -include_once ("../lib/status.inc"); +include_once("../lib/status.inc"); // start session -session_save_path("../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/pdfedit/pdfdelete.php b/lam/templates/pdfedit/pdfdelete.php index fe7dc4b3..6340a234 100644 --- a/lam/templates/pdfedit/pdfdelete.php +++ b/lam/templates/pdfedit/pdfdelete.php @@ -28,12 +28,13 @@ $Id$ * @author Michael Dürgner */ +/** security functions */ +include_once("../../lib/security.inc"); /** helper functions for pdf */ include_once('../../lib/pdfstruct.inc'); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/pdfedit/pdfmain.php b/lam/templates/pdfedit/pdfmain.php index 2a1ef5de..27b8e8ff 100644 --- a/lam/templates/pdfedit/pdfmain.php +++ b/lam/templates/pdfedit/pdfmain.php @@ -28,6 +28,8 @@ $Id$ * @package PDF */ +/** security functions */ +include_once("../../lib/security.inc"); /** access to PDF configuration files */ include_once("../../lib/pdfstruct.inc"); /** LDAP object */ @@ -38,8 +40,7 @@ include_once("../../lib/config.inc"); include_once("../../lib/modules.inc"); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/pdfedit/pdfpage.php b/lam/templates/pdfedit/pdfpage.php index 48b34529..659217c2 100644 --- a/lam/templates/pdfedit/pdfpage.php +++ b/lam/templates/pdfedit/pdfpage.php @@ -31,6 +31,8 @@ $Id$ * @package PDF */ +/** security functions */ +include_once("../../lib/security.inc"); /** access to PDF configuration files */ include_once('../../lib/pdfstruct.inc'); /** LDAP object */ @@ -43,8 +45,7 @@ include_once('../../lib/modules.inc'); include_once('../../lib/xml_parser.inc'); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/profedit/profiledelete.php b/lam/templates/profedit/profiledelete.php index 215be020..34dba842 100644 --- a/lam/templates/profedit/profiledelete.php +++ b/lam/templates/profedit/profiledelete.php @@ -28,6 +28,8 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once("../../lib/security.inc"); /** helper functions for profiles */ include_once("../../lib/profiles.inc"); /** access to LDAP server */ @@ -36,8 +38,7 @@ include_once("../../lib/ldap.inc"); include_once("../../lib/config.inc"); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/profedit/profilemain.php b/lam/templates/profedit/profilemain.php index c4632a0c..42f11493 100644 --- a/lam/templates/profedit/profilemain.php +++ b/lam/templates/profedit/profilemain.php @@ -28,6 +28,8 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once("../../lib/security.inc"); /** helper functions for profiles */ include_once("../../lib/profiles.inc"); /** access to LDAP server */ @@ -36,8 +38,7 @@ include_once("../../lib/ldap.inc"); include_once("../../lib/config.inc"); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/profedit/profilepage.php b/lam/templates/profedit/profilepage.php index 687fcb3a..ab033e62 100644 --- a/lam/templates/profedit/profilepage.php +++ b/lam/templates/profedit/profilepage.php @@ -28,6 +28,8 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once("../../lib/security.inc"); /** helper functions for profiles */ include_once("../../lib/profiles.inc"); /** access to LDAP server */ @@ -40,8 +42,7 @@ include_once("../../lib/modules.inc"); include_once("../../lib/status.inc"); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/schema/schema.php b/lam/templates/schema/schema.php index 434736e5..bc4b8c6c 100644 --- a/lam/templates/schema/schema.php +++ b/lam/templates/schema/schema.php @@ -31,6 +31,8 @@ $Id$ */ +/** security functions */ +include_once("../../lib/security.inc"); /** access to LDAP server */ include_once("../../lib/ldap.inc"); /** access to configuration options */ @@ -39,8 +41,7 @@ include_once("../../lib/config.inc"); require_once("../../lib/schema.inc"); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/tools.php b/lam/templates/tools.php index cea1bcdc..dfa923f6 100644 --- a/lam/templates/tools.php +++ b/lam/templates/tools.php @@ -28,12 +28,13 @@ $Id$ * @package tools */ +/** security functions */ +include_once("../lib/security.inc"); /** access to configuration options */ include_once("../lib/config.inc"); // start session -session_save_path("../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/tree/add_attr.php b/lam/templates/tree/add_attr.php index 0ded677b..7f43d65f 100644 --- a/lam/templates/tree/add_attr.php +++ b/lam/templates/tree/add_attr.php @@ -43,6 +43,8 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once('../../lib/security.inc'); /** tree functions */ include_once('../../lib/tree.inc'); /** access to configuration */ @@ -55,8 +57,7 @@ include_once('../../lib/status.inc'); include_once('../../lib/account.inc'); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/tree/add_attr_form.php b/lam/templates/tree/add_attr_form.php index dbac2a35..d8b6d9c5 100644 --- a/lam/templates/tree/add_attr_form.php +++ b/lam/templates/tree/add_attr_form.php @@ -40,6 +40,8 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once('../../lib/security.inc'); /** tree functions */ include_once('../../lib/tree.inc'); /** access to configuration */ @@ -50,8 +52,7 @@ include_once('../../lib/ldap.inc'); include_once('../../lib/status.inc'); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/tree/add_oclass.php b/lam/templates/tree/add_oclass.php index f593f769..1f9a9a5a 100644 --- a/lam/templates/tree/add_oclass.php +++ b/lam/templates/tree/add_oclass.php @@ -45,6 +45,8 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once('../../lib/security.inc'); /** tree functions */ include_once('../../lib/tree.inc'); /** access to configuration */ @@ -55,8 +57,7 @@ include_once('../../lib/ldap.inc'); include_once('../../lib/status.inc'); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/tree/add_oclass_form.php b/lam/templates/tree/add_oclass_form.php index 0c79419b..44f387a0 100644 --- a/lam/templates/tree/add_oclass_form.php +++ b/lam/templates/tree/add_oclass_form.php @@ -46,6 +46,8 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once('../../lib/security.inc'); /** tree functions */ include_once('../../lib/tree.inc'); /** access to configuration */ @@ -56,8 +58,7 @@ include_once('../../lib/ldap.inc'); include_once('../../lib/status.inc'); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/tree/add_value.php b/lam/templates/tree/add_value.php index 6f38ed04..ca3e7956 100644 --- a/lam/templates/tree/add_value.php +++ b/lam/templates/tree/add_value.php @@ -45,6 +45,8 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once('../../lib/security.inc'); /** tree functions */ include_once('../../lib/tree.inc'); /** access to configuration */ @@ -55,8 +57,7 @@ include_once('../../lib/ldap.inc'); include_once('../../lib/status.inc'); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/tree/add_value_form.php b/lam/templates/tree/add_value_form.php index b238af2e..95f3db60 100644 --- a/lam/templates/tree/add_value_form.php +++ b/lam/templates/tree/add_value_form.php @@ -42,6 +42,8 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once('../../lib/security.inc'); /** tree functions */ include_once('../../lib/tree.inc'); /** access to configuration */ @@ -52,8 +54,7 @@ include_once('../../lib/ldap.inc'); include_once('../../lib/status.inc'); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/tree/collapse.php b/lam/templates/tree/collapse.php index b8fcae4a..540de84c 100644 --- a/lam/templates/tree/collapse.php +++ b/lam/templates/tree/collapse.php @@ -44,6 +44,8 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once('../../lib/security.inc'); /** tree functions */ include_once('../../lib/tree.inc'); /** access to configuration */ @@ -52,8 +54,7 @@ include_once('../../lib/config.inc'); include_once('../../lib/ldap.inc'); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/tree/create.php b/lam/templates/tree/create.php index 6ad3d7bb..e4c7bea4 100644 --- a/lam/templates/tree/create.php +++ b/lam/templates/tree/create.php @@ -45,6 +45,8 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once('../../lib/security.inc'); /** tree functions */ include_once('../../lib/tree.inc'); /** access to configuration */ @@ -55,8 +57,7 @@ include_once('../../lib/ldap.inc'); include_once('../../lib/status.inc'); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/tree/create_form.php b/lam/templates/tree/create_form.php index 185bf10c..feb14ee6 100644 --- a/lam/templates/tree/create_form.php +++ b/lam/templates/tree/create_form.php @@ -41,6 +41,8 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once('../../lib/security.inc'); /** tree functions */ include_once('../../lib/tree.inc'); /** access to configuration */ @@ -53,8 +55,7 @@ include_once('../../lib/status.inc'); include_once('templates/templates.inc'); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/tree/creation_template.php b/lam/templates/tree/creation_template.php index 108086b2..1ae86065 100644 --- a/lam/templates/tree/creation_template.php +++ b/lam/templates/tree/creation_template.php @@ -40,6 +40,8 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once('../../lib/security.inc'); /** tree functions */ include_once('../../lib/tree.inc'); /** access to configuration */ @@ -52,8 +54,7 @@ include_once('../../lib/status.inc'); include_once('templates/templates.inc'); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/tree/delete.php b/lam/templates/tree/delete.php index 73dcfb2e..1e37259e 100644 --- a/lam/templates/tree/delete.php +++ b/lam/templates/tree/delete.php @@ -40,6 +40,8 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once('../../lib/security.inc'); /** tree functions */ include_once('../../lib/tree.inc'); /** access to configuration */ @@ -50,8 +52,7 @@ include_once('../../lib/ldap.inc'); include_once('../../lib/status.inc'); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/tree/delete_attr.php b/lam/templates/tree/delete_attr.php index 7d2c47c8..d7319138 100644 --- a/lam/templates/tree/delete_attr.php +++ b/lam/templates/tree/delete_attr.php @@ -40,6 +40,8 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once('../../lib/security.inc'); /** tree functions */ include_once('../../lib/tree.inc'); /** access to configuration */ @@ -50,8 +52,7 @@ include_once('../../lib/ldap.inc'); include_once('../../lib/status.inc'); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/tree/delete_form.php b/lam/templates/tree/delete_form.php index cda914dc..bbb771c4 100644 --- a/lam/templates/tree/delete_form.php +++ b/lam/templates/tree/delete_form.php @@ -40,6 +40,8 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once('../../lib/security.inc'); /** tree functions */ include_once('../../lib/tree.inc'); /** access to configuration */ @@ -50,8 +52,7 @@ include_once('../../lib/ldap.inc'); include_once('../../lib/status.inc'); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/tree/download_binary_attr.php b/lam/templates/tree/download_binary_attr.php index 26b413e9..efccd236 100644 --- a/lam/templates/tree/download_binary_attr.php +++ b/lam/templates/tree/download_binary_attr.php @@ -37,6 +37,8 @@ $Id$ */ +/** security functions */ +include_once('../../lib/security.inc'); /** tree functions */ include_once('../../lib/tree.inc'); /** access to configuration */ @@ -47,8 +49,7 @@ include_once('../../lib/ldap.inc'); include_once('../../lib/status.inc'); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/tree/edit.php b/lam/templates/tree/edit.php index 7ac797ad..4f37047d 100644 --- a/lam/templates/tree/edit.php +++ b/lam/templates/tree/edit.php @@ -42,6 +42,8 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once('../../lib/security.inc'); /** tree functions */ include_once('../../lib/tree.inc'); /** access to configuration */ @@ -52,8 +54,7 @@ include_once('../../lib/ldap.inc'); include_once('../../lib/status.inc'); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/tree/expand.php b/lam/templates/tree/expand.php index 1be466fd..26a3cb84 100644 --- a/lam/templates/tree/expand.php +++ b/lam/templates/tree/expand.php @@ -43,6 +43,8 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once('../../lib/security.inc'); /** tree functions */ include_once('../../lib/tree.inc'); /** access to configuration */ @@ -51,8 +53,7 @@ include_once('../../lib/config.inc'); include_once('../../lib/ldap.inc'); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/tree/export.php b/lam/templates/tree/export.php index f8d1fcf6..a0c5e114 100644 --- a/lam/templates/tree/export.php +++ b/lam/templates/tree/export.php @@ -35,6 +35,8 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once('../../lib/security.inc'); /** export functions */ require '../../lib/export.inc'; /** common functions */ @@ -47,8 +49,7 @@ include_once('../../lib/ldap.inc'); include_once('../../lib/status.inc'); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/tree/export_form.php b/lam/templates/tree/export_form.php index 3cc3ab68..dea399fd 100644 --- a/lam/templates/tree/export_form.php +++ b/lam/templates/tree/export_form.php @@ -40,6 +40,8 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once('../../lib/security.inc'); /** export functions */ require '../../lib/export.inc'; /** access to configuration */ @@ -50,8 +52,7 @@ include_once('../../lib/ldap.inc'); include_once('../../lib/status.inc'); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/tree/rdelete.php b/lam/templates/tree/rdelete.php index d562037f..2d5cc397 100644 --- a/lam/templates/tree/rdelete.php +++ b/lam/templates/tree/rdelete.php @@ -39,6 +39,8 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once('../../lib/security.inc'); /** tree functions */ include_once('../../lib/tree.inc'); /** access to configuration */ @@ -49,8 +51,7 @@ include_once('../../lib/ldap.inc'); include_once('../../lib/status.inc'); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/tree/refresh.php b/lam/templates/tree/refresh.php index ff1bd023..e6b5ee93 100644 --- a/lam/templates/tree/refresh.php +++ b/lam/templates/tree/refresh.php @@ -40,6 +40,8 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once('../../lib/security.inc'); /** tree functions */ include_once('../../lib/tree.inc'); /** access to configuration */ @@ -48,8 +50,7 @@ include_once('../../lib/config.inc'); include_once('../../lib/ldap.inc'); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); if( ! array_key_exists( 'tree', $_SESSION ) ) header( "Location: tree.php" ); diff --git a/lam/templates/tree/tree.php b/lam/templates/tree/tree.php index 8e8d0321..69293c82 100644 --- a/lam/templates/tree/tree.php +++ b/lam/templates/tree/tree.php @@ -43,6 +43,8 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once('../../lib/security.inc'); /** tree functions */ include_once('../../lib/tree.inc'); /** access to configuration */ @@ -51,8 +53,7 @@ include_once('../../lib/config.inc'); include_once('../../lib/ldap.inc'); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/tree/tree_view.php b/lam/templates/tree/tree_view.php index a6598329..66a96af6 100644 --- a/lam/templates/tree/tree_view.php +++ b/lam/templates/tree/tree_view.php @@ -30,6 +30,8 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once('../../lib/security.inc'); /** tree functions */ include_once('../../lib/tree.inc'); /** access to configuration */ @@ -38,8 +40,7 @@ include_once('../../lib/config.inc'); include_once('../../lib/ldap.inc'); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); // get encoding $lang = explode(":",$_SESSION['language']); diff --git a/lam/templates/tree/update.php b/lam/templates/tree/update.php index 48aadf0f..6b32665c 100644 --- a/lam/templates/tree/update.php +++ b/lam/templates/tree/update.php @@ -53,6 +53,8 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once('../../lib/security.inc'); /** tree functions */ include_once('../../lib/tree.inc'); /** access to configuration */ @@ -61,8 +63,7 @@ include_once('../../lib/config.inc'); include_once('../../lib/ldap.inc'); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage(); diff --git a/lam/templates/tree/update_confirm.php b/lam/templates/tree/update_confirm.php index 27399386..4592b84a 100644 --- a/lam/templates/tree/update_confirm.php +++ b/lam/templates/tree/update_confirm.php @@ -41,6 +41,8 @@ $Id$ * @author Roland Gruber */ +/** security functions */ +include_once('../../lib/security.inc'); /** tree functions */ include_once('../../lib/tree.inc'); /** access to configuration */ @@ -51,8 +53,7 @@ include_once('../../lib/ldap.inc'); include_once('../../lib/account.inc'); // start session -session_save_path("../../sess"); -@session_start(); +startSecureSession(); setlanguage();