Commit 66ddb92e authored by Florian Azizian's avatar Florian Azizian
Browse files

FIX #6645 security sso

parent b3e97eb2
......@@ -57,8 +57,9 @@ if(isset($_SESSION['web_cas_url'])){
$_REQUEST['pass'] = 'maarch';
} else if (isset($_REQUEST['login'])) {
$login = $func->wash($_REQUEST['login'], 'no', _THE_ID, 'yes');
} else if (!empty($_SESSION['sso']['userId'])) {
$login = $_SESSION['sso']['userId'];
$_REQUEST['pass'] = 'maarch';
} else {
$login = '';
}
......
......@@ -59,7 +59,7 @@ if (file_exists($_SESSION['config']['corepath'] . 'custom' .
. DIRECTORY_SEPARATOR . 'xml' . DIRECTORY_SEPARATOR .
'mapping_sso.xml')
){
$xmlPath = $_SESSION['config']['corepath'] . DIRECTORY_SEPARATOR . 'apps'
$xmlPath = $_SESSION['config']['corepath'] . 'apps'
. DIRECTORY_SEPARATOR . $_SESSION['config']['app_id']
. DIRECTORY_SEPARATOR . 'xml' . DIRECTORY_SEPARATOR . 'mapping_sso.xml';
} else {
......@@ -401,9 +401,9 @@ if(!empty($control['error']) && $control['error'] <> 1) {
"ADMIN",
false);
} else {
$_SESSION['sso']['userId'] = $loginArray['UserId'];
header("location: " . $_SESSION['config']['businessappurl']
. "log.php?login=" . $loginArray['UserId']
. "&pass=" . $loginArray['password']);
. "log.php");
//Traces fonctionnelles
$trace->add("users",
$loginArray['UserId'],
......@@ -503,8 +503,9 @@ function getHeaders()
{
foreach ($_SERVER as $h => $v )
{
if( ereg( 'HTTP_(.+)', $h, $hp ) )
$headers[$hp[1]] = $v ;
if( strpos($h, 'HTTP_') === 0)
$headers[substr($h, 5)] = $v ;
// $headers[$h] = $v;
}
return $headers;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment