diff options
author | Simon Rettberg | 2017-05-05 13:04:19 +0200 |
---|---|---|
committer | Simon Rettberg | 2017-05-05 13:04:19 +0200 |
commit | f7900fa08276d2668221a1b4ce7462d68e6f2893 (patch) | |
tree | 420646ef6fdb71ca1ce088e1bf4a0f6cf31198fe | |
parent | [webinterface] Add separate option to enable HSTS (diff) | |
download | slx-admin-f7900fa08276d2668221a1b4ce7462d68e6f2893.tar.gz slx-admin-f7900fa08276d2668221a1b4ce7462d68e6f2893.tar.xz slx-admin-f7900fa08276d2668221a1b4ce7462d68e6f2893.zip |
[webinterface] Log user out when disabling HTTPS to prevent lockout
-rw-r--r-- | inc/session.inc.php | 9 | ||||
-rw-r--r-- | index.php | 2 | ||||
-rw-r--r-- | modules-available/webinterface/page.inc.php | 14 |
3 files changed, 16 insertions, 9 deletions
diff --git a/inc/session.inc.php b/inc/session.inc.php index 26effa3f..24bf6ac0 100644 --- a/inc/session.inc.php +++ b/inc/session.inc.php @@ -74,10 +74,15 @@ class Session { if (self::$sid === false) return; @unlink(self::getSessionFile()); - @setcookie('sid', '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true); + self::deleteCookie(); self::$sid = false; self::$data = false; } + + public static function deleteCookie() + { + setcookie('sid', '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true); + } private static function getSessionFile() { @@ -104,7 +109,7 @@ class Session $sessionfile = self::getSessionFile(); $ret = @file_put_contents($sessionfile, @serialize(self::$data)); if (!$ret) Util::traceError('Storing session data in ' . $sessionfile . ' failed.'); - $ret = @setcookie('sid', self::$sid, time() + CONFIG_SESSION_TIMEOUT, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true); + $ret = setcookie('sid', self::$sid, time() + CONFIG_SESSION_TIMEOUT, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true); if (!$ret) Util::traceError('Error: Could not set Cookie for Client (headers already sent)'); } } @@ -116,7 +116,7 @@ if (defined('CONFIG_DEBUG') && CONFIG_DEBUG) { // Set HSTS Header if client is using HTTPS if(!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') { - if (Request::any('hsts') === 'off' || Property::get('webinterface.https-hsts', 'False') !== 'True') { + if (Property::get('webinterface.https-hsts', 'False') !== 'True') { Header('Strict-Transport-Security: max-age=0', true); } else { Header('Strict-Transport-Security: max-age=15768000', true); diff --git a/modules-available/webinterface/page.inc.php b/modules-available/webinterface/page.inc.php index 5207420a..ae9a94fd 100644 --- a/modules-available/webinterface/page.inc.php +++ b/modules-available/webinterface/page.inc.php @@ -26,12 +26,10 @@ class Page_WebInterface extends Page private function actionConfigureHttps() { - $task = false; - $off = ''; - switch (Request::post('mode')) { + $mode = Request::post('mode'); + switch ($mode) { case 'off': $task = $this->setHttpsOff(); - $off = '&hsts=off'; break; case 'random': $task = $this->setHttpsRandomCert(); @@ -43,10 +41,12 @@ class Page_WebInterface extends Page $task = $this->setRedirectMode(); break; } - Property::set(self::PROP_HSTS, Request::post('usehsts', false, 'string') === 'on' ? 'True' : 'False'); + if ($mode !== 'off') { + Property::set(self::PROP_HSTS, Request::post('usehsts', false, 'string') === 'on' ? 'True' : 'False'); + } if (isset($task['id'])) { Session::set('https-id', $task['id']); - Util::redirect('?do=WebInterface&show=httpsupdate' . $off); + Util::redirect('?do=WebInterface&show=httpsupdate'); } Util::redirect('?do=WebInterface'); } @@ -123,7 +123,9 @@ class Page_WebInterface extends Page private function setHttpsOff() { Property::set(self::PROP_TYPE, 'off'); + Property::set(self::PROP_HSTS, 'off'); Header('Strict-Transport-Security: max-age=0', true); + Session::deleteCookie(); return Taskmanager::submit('LighttpdHttps', array()); } |