PMCORE-651 Web entry data is insecure because the Guest user's session overwrites the one of the user currently logged

workflow/engine/methods/login/checkContinueOrCloseSession.php

@@ -3,6 +3,9 @@
 if (!empty($_POST['form'])) {
     if (!empty($_POST['form']['buttonContinue'])) {
         $_SESSION['__WEBENTRYCONTINUE__'] = true;
+        if (!empty($_SESSION['USER_LOGGED'])) {
+            $_SESSION['__WEBENTRYCONTINUE_USER_LOGGED__'] = $_SESSION['USER_LOGGED'];
+        }
     }
     if (!empty($_POST['form']['buttonLogout'])) {
         $_SESSION = [];

workflow/engine/methods/services/webentry/anonymousLogin.php

@@ -1,4 +1,5 @@
 <?php
+
 /**
  * This service is to start PM with the anonymous user.
  */
@@ -19,6 +20,12 @@ try {
     }
 
     $userUid = $webEntry->getUsrUid();
+
+    if (!empty($_SESSION['__WEBENTRYCONTINUE_USER_LOGGED__'])) {
+        $userUid = $_SESSION['__WEBENTRYCONTINUE_USER_LOGGED__'];
+        unset($_SESSION['__WEBENTRYCONTINUE_USER_LOGGED__']);
+    }
+
     $userInfo = UsersPeer::retrieveByPK($userUid);
     if (empty($userInfo)) {
         throw new Exception('WebEntry User not found');
@@ -33,7 +40,7 @@ try {
         'firstName' => $userInfo->getUsrFirstName(),
         'lastName' => $userInfo->getUsrLastName(),
         'mail' => $userInfo->getUsrEmail(),
-        'image' => '../users/users_ViewPhoto?t='.microtime(true),
+        'image' => '../users/users_ViewPhoto?t=' . microtime(true),
     ];
 } catch (Exception $e) {
     $result = [