Merge pull request #1898 from owncloud/session_start_fix
set http 500 when session could not be started to prevent serving of emp...
This commit is contained in:
Lukas Reschke
commit
d713948d3f
1 changed files with 15 additions and 2 deletions
17
lib/base.php
17
lib/base.php
|
|
@ -320,8 +320,21 @@ class OC {
|
|||
// set the session name to the instance id - which is unique
|
||||
session_name(OC_Util::getInstanceId());
|
||||
|
||||
// (re)-initialize session
|
||||
session_start();
|
||||
// if session cant be started break with http 500 error
|
||||
if (session_start() === false){
|
||||
OC_Log::write('core', 'Session could not be initialized',
|
||||
OC_Log::ERROR);
|
||||
|
||||
header('HTTP/1.1 500 Internal Server Error');
|
||||
$error = 'Session could not be initialized. Please contact your ';
|
||||
$error .= 'system administrator';
|
||||
|
||||
$tmpl = new OC_Template('', 'error', 'guest');
|
||||
$tmpl->assign('errors', array(1 => array('error' => $error)));
|
||||
$tmpl->printPage();
|
||||
|
||||
exit();
|
||||
}
|
||||
|
||||
// regenerate session id periodically to avoid session fixation
|
||||
if (!isset($_SESSION['SID_CREATED'])) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue