Commit 365e4c57 authored by Arnab Nandi's avatar Arnab Nandi

Fixed session highjacking vulnerability #26741

parent 05e9d605
...@@ -146,6 +146,8 @@ function captcha_comment($op,$edit) { ...@@ -146,6 +146,8 @@ function captcha_comment($op,$edit) {
if ($_SESSION['captcha_comment_correct']!='ok') { if ($_SESSION['captcha_comment_correct']!='ok') {
if (strtolower($edit['captchaword']) != '' && strtolower($edit['captchaword']) == strtolower($_SESSION['captcha'])) { if (strtolower($edit['captchaword']) != '' && strtolower($edit['captchaword']) == strtolower($_SESSION['captcha'])) {
$_SESSION['captcha_comment_correct'] = 'ok'; $_SESSION['captcha_comment_correct'] = 'ok';
//reset captcha variable to prevent session highjacking vulnerability #26741
$_SESSION['captcha']='';
} }
else { else {
form_set_error('captcha', t('The user verification code you entered is not correct.')); form_set_error('captcha', t('The user verification code you entered is not correct.'));
...@@ -321,4 +323,4 @@ function _captcha_image() { ...@@ -321,4 +323,4 @@ function _captcha_image() {
} }
?> ?>
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment