upstream/opnsense-core
1
0
Fork 0
mirror of https://github.com/opnsense/core.git synced 2026-05-28 04:34:51 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Adding a string length restriction so cookie names can't be set to improper values

Browse source
This commit is contained in:
Kage 2025-04-01 23:45:20 -04:00 committed by GitHub
parent 0dd33e06d7
commit cdc0b3e7fe
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/www/system_advanced_admin.php
View file

@ -124,8 +124,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
}
if (!empty($pconfig['session_name'])) {
if (!ctype_alnum($pconfig['session_name'])) {
$input_errors[] = gettext('Session name must be alphanumeric only.');
$session_name_len = strlen($pconfig['session_name']);
if (!ctype_alnum($pconfig['session_name']) || $session_name_len < 3 || $session_name_len > 32) {
$input_errors[] = gettext('Session name must be between 3 and 32 alphanumeric characters only.');
}
}