Commit 365e4c57 authored by Arnab Nandi's avatar Arnab Nandi

Fixed session highjacking vulnerability #26741

parent 05e9d605
......@@ -146,6 +146,8 @@ function captcha_comment($op,$edit) {
if ($_SESSION['captcha_comment_correct']!='ok') {
if (strtolower($edit['captchaword']) != '' && strtolower($edit['captchaword']) == strtolower($_SESSION['captcha'])) {
$_SESSION['captcha_comment_correct'] = 'ok';
//reset captcha variable to prevent session highjacking vulnerability #26741
$_SESSION['captcha']='';
}
else {
form_set_error('captcha', t('The user verification code you entered is not correct.'));
......@@ -321,4 +323,4 @@ function _captcha_image() {
}
?>
\ No newline at end of file
?>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment