FIX #12266 does not check maarchCourrierAuth cookie in phpids

711a967e · Florian Azizian · 108d2c9f · 711a967e
Commit 711a967e authored 5 years ago by Florian Azizian
--- a/apps/maarch_entreprise/phpids_control.php
+++ b/apps/maarch_entreprise/phpids_control.php
@@ -5,10 +5,10 @@ for ($cptIDS=0;$cptIDS<count($_SESSION['PHPIDS_EXCLUDES']);$cptIDS++) {
    if (
            (
                $_REQUEST['module'] == $_SESSION['PHPIDS_EXCLUDES'][$cptIDS]['TARGET'] ||
-                $_REQUEST['admin']  == $_SESSION['PHPIDS_EXCLUDES'][$cptIDS]['TARGET'] || 
+                $_REQUEST['admin']  == $_SESSION['PHPIDS_EXCLUDES'][$cptIDS]['TARGET'] ||
                $_SESSION['PHPIDS_EXCLUDES'][$cptIDS]['TARGET'] == ""
            )
-        &&  
+        &&
            $_REQUEST['page'] == $_SESSION['PHPIDS_EXCLUDES'][$cptIDS]['PAGE']
    ) {
        $processIDS = false;
@@ -26,20 +26,20 @@ if ($processIDS) {
    require_once 'IDS/Init.php';

    try {
-
        $request = array(
            'REQUEST' => $_REQUEST,
            'GET' => $_GET,
            'POST' => $_POST,
            'COOKIE' => $_COOKIE
        );
+        unset($request['COOKIE']['maarchCourrierAuth']);

        $init = IDS_Init::init(
-            dirname(__FILE__) 
+            dirname(__FILE__)
            . '/tools/phpids/lib/IDS/Config/Config.ini.php'
        );
        
-        $init->config['General']['base_path'] = dirname(__FILE__) 
+        $init->config['General']['base_path'] = dirname(__FILE__)
            . '/tools/phpids/lib/IDS/';
        $init->config['General']['use_base_path'] = true;
        $init->config['Caching']['caching'] = 'none';
@@ -56,13 +56,13 @@ if ($processIDS) {
            $hist->add(
                $_SESSION['tablename']['users'],
                $_SESSION['user']['UserId'],
-                'PHPIDS','phpidscontrol',
-                ' PHPIDS CONTROL, USER : ' . $_SESSION['user']['UserId'] . ' IP : ' . $ip  
-                    . ' MESSAGE : ' 
+                'PHPIDS',
+                'phpidscontrol',
+                ' PHPIDS CONTROL, USER : ' . $_SESSION['user']['UserId'] . ' IP : ' . $ip
+                    . ' MESSAGE : '
                    . (string) $result,
                $_SESSION['config']['databasetype'],
-                'admin'
-                 ,
+                'admin',
                false,
                _OK,
                _LEVEL_ERROR
@@ -70,15 +70,15 @@ if ($processIDS) {
            if ($_SESSION['config']['debug'] == 'true') {
                echo $result;
                $_SESSION['securityMessage'] = (string) $result;
-                $varRedirect = '<script language="javascript">window.location.href=\'' 
-                    . $_SESSION['config']['businessappurl'] 
+                $varRedirect = '<script language="javascript">window.location.href=\''
+                    . $_SESSION['config']['businessappurl']
                    . "index.php?page=security_message';</script>";
                echo $varRedirect;
                exit;
            } elseif ($result->getImpact() >= 30) {
                $_SESSION['securityMessage'] = (string) $result;
-                $varRedirect = '<script language="javascript">window.location.href=\'' 
-                    . $_SESSION['config']['businessappurl'] 
+                $varRedirect = '<script language="javascript">window.location.href=\''
+                    . $_SESSION['config']['businessappurl']
                    . "index.php?page=security_message';</script>";
                echo $varRedirect;
                exit;