From da484f8524164d1cdd1f07c5e6e96c27c45ca890 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@users.sourceforge.net>
Date: Mon, 27 Dec 2010 19:45:16 +0000
Subject: [PATCH] Fix: Fix security holes

---
 htdocs/lib/functions.lib.php | 3 ++-
 htdocs/main.inc.php          | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/htdocs/lib/functions.lib.php b/htdocs/lib/functions.lib.php
index 2cacdd0b21c..4889f6e6108 100644
--- a/htdocs/lib/functions.lib.php
+++ b/htdocs/lib/functions.lib.php
@@ -67,6 +67,7 @@ function GETPOST($paramname,$check='',$method=0)
 /**
  *  Return a prefix to use for this Dolibarr instance for session or cookie names.
  *  This prefix is unique for instance and avoid conflict between multi-instances Dolibarrs.
+ *  TODO This function is not called by main.inc.php because function is not included yet
  *  @return         string      A calculated prefix
  */
 function dol_getprefix()
@@ -80,7 +81,7 @@ function dol_getprefix()
         // Warning, using alt feature is a security hole because path is not in session name, so being authenticated into an instance allow access on another
         // FIXME The fix is to use only "root url" like the one defined into $dolibarr_main_url_root
     }
-    return $realpath;
+    return md5($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"].$realpath);
 }
 
 /**
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index b2c0e186860..b730f2ab825 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -125,8 +125,8 @@ $realpath='';
 if (preg_match('/^([^.]+)\/htdocs\//i', realpath($_SERVER["SCRIPT_FILENAME"]), $regs)) $realpath = isset($regs[1])?$regs[1]:'';
 if (defined('DOL_DOCUMENT_ROOT_ALT') && DOL_DOCUMENT_ROOT_ALT) $realpath=''; // warning, using alt feature is a security hole because path is not in session name, so being authenticated into an instance allow access on another
 $prefix=$realpath;
-$sessionname='DOLSESSID_'.$prefix;
-$sessiontimeout='DOLSESSTIMEOUT_'.$prefix;
+$sessionname='DOLSESSID_'.md5($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"].$realpath);
+$sessiontimeout='DOLSESSTIMEOUT_'.md5($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"].$realpath);
 if (! empty($_COOKIE[$sessiontimeout])) ini_set('session.gc_maxlifetime',$_COOKIE[$sessiontimeout]);
 session_name($sessionname);
 session_start();
-- 
GitLab