Index: include/functions_config.inc.php =================================================================== --- include/functions_config.inc.php (revision 1610) +++ include/functions_config.inc.php (working copy) @@ -436,6 +436,12 @@ return $cookie; } +function serendipity_setAuthorToken() { + $hash = sha1(uniqid(rand(), true)); + serendipity_setCookie('author_token', $hash); + $_SESSION["author_token"] = $hash; +} + /** * Perform user authentication routine * @@ -479,7 +485,10 @@ $row =& serendipity_db_query($query, true, 'assoc'); if (is_array($row)) { - serendipity_setCookie('old_session', session_id()); + serendipity_setCookie('old_session', session_id(), FALSE); + if (! $is_md5) { + serendipity_setAuthorToken(); + } $_SESSION['serendipityUser'] = $serendipity['serendipityUser'] = $username; $_SESSION['serendipityRealname'] = $serendipity['serendipityRealname'] = $row['realname']; $_SESSION['serendipityPassword'] = $serendipity['serendipityPassword'] = $password; @@ -560,10 +569,14 @@ * @param string The contents of the cookie variable * @return null */ -function serendipity_setCookie($name,$value) { +function serendipity_setCookie($name,$value,$securebyprot=TRUE) { global $serendipity; - $secure = (strtolower($_SERVER['HTTPS']) == 'on') ? true : false; + if ($securebyprot) { + $secure = (strtolower($_SERVER['HTTPS']) == 'on') ? true : false; + } else { + $secure = FALSE; + } setcookie("serendipity[$name]", $value, time()+60*60*24*30, $serendipity['serendipityHTTPPath'], $_SERVER['HTTP_HOST'], $secure); $_COOKIE[$name] = $value; $serendipity['COOKIE'][$name] = $value; Index: plugins/serendipity_event_templatechooser/serendipity_event_templatechooser.php =================================================================== --- plugins/serendipity_event_templatechooser/serendipity_event_templatechooser.php (revision 1610) +++ plugins/serendipity_event_templatechooser/serendipity_event_templatechooser.php (working copy) @@ -60,7 +60,7 @@ if (isset($_REQUEST['user_template']) && (in_array($_REQUEST['user_template'], serendipity_fetchTemplates())) ) { $_SESSION['serendipityUseTemplate'] = $_REQUEST['user_template']; - serendipity_setCookie('user_template', $_REQUEST['user_template']); + serendipity_setCookie('user_template', $_REQUEST['user_template'], FALSE); } if (isset($_SESSION['serendipityUseTemplate']) ) { Index: serendipity_admin.php =================================================================== --- serendipity_admin.php (revision 1610) +++ serendipity_admin.php (working copy) @@ -25,9 +25,17 @@ if (isset($serendipity['GET']['adminModule']) && $serendipity['GET']['adminModule'] == 'logout') { serendipity_logout(); } else { - if (IS_installed === true && !serendipity_userLoggedIn()) { - // Try again to log in, this time with enabled external authentication event hook - serendipity_login(true); + if (IS_installed === true) { + /* Check author token to insure session not hijacked */ + if (! isset($_SESSION["author_token"]) || ! isset($serendipity['COOKIE']['author_token']) || + ($_SESSION["author_token"] !== $serendipity['COOKIE']['author_token'])) { + $_SESSION['serendipityAuthedUser'] = false; + @session_destroy(); + } + if (!serendipity_userLoggedIn()) { + // Try again to log in, this time with enabled external authentication event hook + serendipity_login(true); + } } } Index: serendipity_config.inc.php =================================================================== --- serendipity_config.inc.php (revision 1610) +++ serendipity_config.inc.php (working copy) @@ -9,10 +9,6 @@ @define('S9Y_FRAMEWORK', true); if (!headers_sent()) { - if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') { - @ini_set('session.name', 'SSLSID'); - @ini_set('session.cookie_secure', '1'); - } session_start(); }