mirror of
https://github.com/sbrl/Pepperminty-Wiki.git
synced 2024-11-22 04:23:01 +00:00
fix login when hosting Pepperminty Wiki in a subdirectory
This commit is contained in:
parent
7cf545a3ca
commit
4853c1f604
3 changed files with 6 additions and 1 deletions
|
@ -12,6 +12,7 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of t
|
||||||
- [security] Ensured that the `returnto` GET parameter leads you only to another place on your Pepperminty Wiki instance (thanks, @JamieSlome)
|
- [security] Ensured that the `returnto` GET parameter leads you only to another place on your Pepperminty Wiki instance (thanks, @JamieSlome)
|
||||||
- [security] Ensure that Javascript in SVGs never gets executed (it's too challenging to strip it, since it could be lurking in many different places - according to [this answer](https://stackoverflow.com/a/68505306/1460422) even Inkscape doesn't strip all Javascript when asked to)
|
- [security] Ensure that Javascript in SVGs never gets executed (it's too challenging to strip it, since it could be lurking in many different places - according to [this answer](https://stackoverflow.com/a/68505306/1460422) even Inkscape doesn't strip all Javascript when asked to)
|
||||||
- [security] Fixed XSS when the `action` GET param doesn't match a known action
|
- [security] Fixed XSS when the `action` GET param doesn't match a known action
|
||||||
|
- StorageBox: create SQLite DB ifi it doesn't exist explicitly with `touch()`, because some systems are weird
|
||||||
|
|
||||||
|
|
||||||
## v0.23
|
## v0.23
|
||||||
|
|
|
@ -54,7 +54,9 @@ class StorageBox {
|
||||||
*/
|
*/
|
||||||
function __construct(string $filename) {
|
function __construct(string $filename) {
|
||||||
$firstrun = !file_exists($filename);
|
$firstrun = !file_exists($filename);
|
||||||
$this->db = new \PDO("sqlite:" . path_resolve($filename, __DIR__)); // HACK: This might not work on some systems, because it depends on the current working directory
|
$filename_db = path_resolve($filename, __DIR__);
|
||||||
|
if(!file_exists($filename_db)) touch($filename_db);
|
||||||
|
$this->db = new \PDO("sqlite:$filename_db"); // HACK: This might not work on some systems, because it depends on the current working directory
|
||||||
$this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
$this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||||
if($firstrun) {
|
if($firstrun) {
|
||||||
$this->query("CREATE TABLE store (key TEXT UNIQUE NOT NULL, value TEXT)");
|
$this->query("CREATE TABLE store (key TEXT UNIQUE NOT NULL, value TEXT)");
|
||||||
|
|
|
@ -129,6 +129,8 @@ register_module([
|
||||||
// Ref https://guides.codepath.com/websecurity/Session-Fixation
|
// Ref https://guides.codepath.com/websecurity/Session-Fixation
|
||||||
session_regenerate_id(true);
|
session_regenerate_id(true);
|
||||||
|
|
||||||
|
send_cookie(session_name(), session_id(), time() + $settings->sessionlifetime);
|
||||||
|
|
||||||
|
|
||||||
// Update the environment
|
// Update the environment
|
||||||
$env->is_logged_in = true;
|
$env->is_logged_in = true;
|
||||||
|
|
Loading…
Reference in a new issue