phplist

NOTE:: Before reporting an issue, make sure you are running the latest version, currently 3.3.1


View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0015547phplist applicationSecuritypublic07-10-10 23:5101-11-12 17:50
Reporterh2b2 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version2.10.12 
Target Version4.0.xFixed in Version2.11.8 
Summary0015547: Setting secure cookies to true with phpList in subdomain causes session problem.
Descriptionschkovich reported this issue and provides attached patch, presumbably for v2.10.12 (needs to be checked):
==== Start Quote ====
Having set use secure cookies to true and phpList in subdomain caused the problem.

It would be better to create a class that will handle sessions (not only starting and destroying but getters and setters, timers, secuirty, etc) but since phpList is far, far away from OOP perhaps at list a single function that will handle starting sessions should be created. Unfortunately I did not have time to figure out where such function should be placed therefore several files need to be patched.
==== End Quote ====
ref: http://forums.phplist.com/viewtopic.php?p=79355#p79355 [^]
TagsNo tags attached.
Attached Filesdiff file icon secure_sessions_patch.diff [^] (6,621 bytes) 07-10-10 23:51 [Show Content]

- Relationships
child of 0010998new Enhance security 

-  Notes
(0051124)
h2b2 (manager)
09-10-10 03:20

Patch was confirmed to apply to v2.10.12
(0051835)
michiel (manager)
01-11-12 17:50

can't see any "secure cookies" in the patch, but looks like session_name(md5("phplist")) is the main change.

revision3396


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker