fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PMCORE-651 Web entry data is insecure because the Guest user's session overwrites the one of the user currently logged

Browse Source
This commit is contained in:
Roly Rudy Gutierrez Pinto
2021-03-02 13:17:37 -04:00
parent d1f61a99fe
commit 838c2b3a32
6 changed files with 86 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
workflow/engine/methods/login/checkContinueOrCloseSession.php Normal file
View File

@@ -0,0 +1,11 @@
<?php
if (!empty($_POST['form'])) {
if (!empty($_POST['form']['buttonContinue'])) {
$_SESSION['__WEBENTRYCONTINUE__'] = true;
}
if (!empty($_POST['form']['buttonLogout'])) {
$_SESSION = [];
}
G::header('Location: ' . $_SERVER['HTTP_REFERER']);
}