summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Rettberg2017-05-05 13:04:19 +0200
committerSimon Rettberg2017-05-05 13:04:19 +0200
commitf7900fa08276d2668221a1b4ce7462d68e6f2893 (patch)
tree420646ef6fdb71ca1ce088e1bf4a0f6cf31198fe
parent[webinterface] Add separate option to enable HSTS (diff)
downloadslx-admin-f7900fa08276d2668221a1b4ce7462d68e6f2893.tar.gz
slx-admin-f7900fa08276d2668221a1b4ce7462d68e6f2893.tar.xz
slx-admin-f7900fa08276d2668221a1b4ce7462d68e6f2893.zip
[webinterface] Log user out when disabling HTTPS to prevent lockout
-rw-r--r--inc/session.inc.php9
-rw-r--r--index.php2
-rw-r--r--modules-available/webinterface/page.inc.php14
3 files changed, 16 insertions, 9 deletions
diff --git a/inc/session.inc.php b/inc/session.inc.php
index 26effa3f..24bf6ac0 100644
--- a/inc/session.inc.php
+++ b/inc/session.inc.php
@@ -74,10 +74,15 @@ class Session
{
if (self::$sid === false) return;
@unlink(self::getSessionFile());
- @setcookie('sid', '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
+ self::deleteCookie();
self::$sid = false;
self::$data = false;
}
+
+ public static function deleteCookie()
+ {
+ setcookie('sid', '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
+ }
private static function getSessionFile()
{
@@ -104,7 +109,7 @@ class Session
$sessionfile = self::getSessionFile();
$ret = @file_put_contents($sessionfile, @serialize(self::$data));
if (!$ret) Util::traceError('Storing session data in ' . $sessionfile . ' failed.');
- $ret = @setcookie('sid', self::$sid, time() + CONFIG_SESSION_TIMEOUT, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
+ $ret = setcookie('sid', self::$sid, time() + CONFIG_SESSION_TIMEOUT, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
if (!$ret) Util::traceError('Error: Could not set Cookie for Client (headers already sent)');
}
}
diff --git a/index.php b/index.php
index 7cbb3b40..a3f45ff3 100644
--- a/index.php
+++ b/index.php
@@ -116,7 +116,7 @@ if (defined('CONFIG_DEBUG') && CONFIG_DEBUG) {
// Set HSTS Header if client is using HTTPS
if(!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
- if (Request::any('hsts') === 'off' || Property::get('webinterface.https-hsts', 'False') !== 'True') {
+ if (Property::get('webinterface.https-hsts', 'False') !== 'True') {
Header('Strict-Transport-Security: max-age=0', true);
} else {
Header('Strict-Transport-Security: max-age=15768000', true);
diff --git a/modules-available/webinterface/page.inc.php b/modules-available/webinterface/page.inc.php
index 5207420a..ae9a94fd 100644
--- a/modules-available/webinterface/page.inc.php
+++ b/modules-available/webinterface/page.inc.php
@@ -26,12 +26,10 @@ class Page_WebInterface extends Page
private function actionConfigureHttps()
{
- $task = false;
- $off = '';
- switch (Request::post('mode')) {
+ $mode = Request::post('mode');
+ switch ($mode) {
case 'off':
$task = $this->setHttpsOff();
- $off = '&hsts=off';
break;
case 'random':
$task = $this->setHttpsRandomCert();
@@ -43,10 +41,12 @@ class Page_WebInterface extends Page
$task = $this->setRedirectMode();
break;
}
- Property::set(self::PROP_HSTS, Request::post('usehsts', false, 'string') === 'on' ? 'True' : 'False');
+ if ($mode !== 'off') {
+ Property::set(self::PROP_HSTS, Request::post('usehsts', false, 'string') === 'on' ? 'True' : 'False');
+ }
if (isset($task['id'])) {
Session::set('https-id', $task['id']);
- Util::redirect('?do=WebInterface&show=httpsupdate' . $off);
+ Util::redirect('?do=WebInterface&show=httpsupdate');
}
Util::redirect('?do=WebInterface');
}
@@ -123,7 +123,9 @@ class Page_WebInterface extends Page
private function setHttpsOff()
{
Property::set(self::PROP_TYPE, 'off');
+ Property::set(self::PROP_HSTS, 'off');
Header('Strict-Transport-Security: max-age=0', true);
+ Session::deleteCookie();
return Taskmanager::submit('LighttpdHttps', array());
}