Remove IPAddress::remote and all implicit resolving of the request remote address.
This commit is contained in:
parent
ce392055b8
commit
bc03c0756c
26 changed files with 65 additions and 69 deletions
10
misuzu.php
10
misuzu.php
|
|
@ -187,7 +187,7 @@ if($authToken->isValid()) {
|
|||
if(!$userInfo->isDeleted()) {
|
||||
$sessionInfo->setCurrent();
|
||||
$userInfo->setCurrent();
|
||||
$sessionInfo->bump();
|
||||
$sessionInfo->bump($_SERVER['REMOTE_ADDR']);
|
||||
|
||||
if($sessionInfo->shouldBumpExpire())
|
||||
setcookie('msz_auth', $authToken->pack(), $sessionInfo->getExpiresTime(), '/', msz_cookie_domain(), !empty($_SERVER['HTTPS']), true);
|
||||
|
|
@ -202,7 +202,7 @@ if($authToken->isValid()) {
|
|||
}
|
||||
|
||||
if(UserSession::hasCurrent()) {
|
||||
$userInfo->bumpActivity();
|
||||
$userInfo->bumpActivity($_SERVER['REMOTE_ADDR']);
|
||||
} else {
|
||||
setcookie('msz_auth', '', -9001, '/', msz_cookie_domain(), !empty($_SERVER['HTTPS']), true);
|
||||
setcookie('msz_auth', '', -9001, '/', '', !empty($_SERVER['HTTPS']), true);
|
||||
|
|
@ -210,7 +210,11 @@ if($authToken->isValid()) {
|
|||
}
|
||||
|
||||
CSRF::setGlobalSecretKey($cfg->getValue('csrf.secret', CfgType::T_STR, 'soup'));
|
||||
CSRF::setGlobalIdentity(UserSession::hasCurrent() ? UserSession::getCurrent()->getToken() : IPAddress::remote());
|
||||
CSRF::setGlobalIdentity(
|
||||
UserSession::hasCurrent()
|
||||
? UserSession::getCurrent()->getToken()
|
||||
: ($_SERVER['REMOTE_ADDR'] ?? '::1')
|
||||
);
|
||||
|
||||
function mszLockdown(): void {
|
||||
global $misuzuBypassLockdown, $cfg;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue