saajan / cookiecheck Goto Github PK
View Code? Open in Web Editor NEWAutomatically exported from code.google.com/p/cookiecheck
Automatically exported from code.google.com/p/cookiecheck
I simple copy-paste the code to my php file
include_once(cookiecheck.php);
if (cc_cookie_cutter() == FALSE) {
// Cookies are disabled
echo 'Sorry, you do not have cookies enabled. Please enable them and reload this page';
exit();
}
cc_cookie_cutter return FALSE.
My host is Windows 7 XAMPP v3.1.0
Original issue reported on code.google.com by [email protected]
on 14 Sep 2013 at 12:09
CookieCheck is configured by default to use the directory '~/tmp' for
storing session information. This is meant to expand to
'/home/username/tmp' but instead a directory with the name '~' is being
created in the place where the script is being run with a subdirectory
called tmp.
This is a serious security issue as the script is likely being run from a
publicly visible directory, meaning that the session files are publicly
visible (including any post/get data stored there - possibly login
information). This session information should be deleted fairly quickly if
the script runs to completion, but if the user aborts the script, it may
not get deleted until someone else runs the script, leaving the session
data and associated information publicly accessible.
The default directory setting will need to be changed to a safer value
(potentially /dev/null) forcing the website owner to explicitly specify
where to store session information.
In the meantime:
ALL USERS OF COOKIECHECK-1.0 SCRIPT SHOULD CHANGE THE DEFAULT SESSION SAVE
PATH TO BE SOMEWHERE OUTSIDE OF THE WEB ROOT OR OTHERWISE PROTECTED FROM
EXTERNAL ACCESS.
Original issue reported on code.google.com by [email protected]
on 7 Apr 2008 at 12:44
After the script has run, there is the potential that the address displayed
in the browsers address bar will look something like:
'http://www.site.com/test.php?cc_code=cc-sessid-12345' rather than
'http://www.site.com/test.php' or
'http://www.site.com/test.php?yourvar1=yourval1&yourvar2=yourval2'
This does not cause a functional impact on the script per-se as the global
variables (including $_SERVER['QUERY_STRING'] and all the $_GET variables)
are all correct. It does however look ugly. It also causes problems if the
address is bookmarked and/or reloaded as it will cause the script to
malfunction.
This can be resolved for the case where cookies are enabled by on the last
iteration storing the session id in the cookie and reloading using the
proper URL or by adding the session id to the end of the proper URL. For
cases where cookies are not enabled I think the session id would have to be
appended to the proper URL.
The solution mentioned above partially solves this problem but I think
there are still some potential issues that will need to be fleshed out.
Original issue reported on code.google.com by [email protected]
on 5 Apr 2008 at 1:42
Hi,
Well, I believe the subjects tells everything.
Original issue reported on code.google.com by [email protected]
on 11 Apr 2012 at 1:08
In the body of the cc_cookie_cutter() function, it does not check the
return values of it's helper functions to see whether an error has occurred.
It is unlikely that these functions will return an error, and it is not
clear how best an error should be handled (should the script just abort?)
so this is why it is still TBD.
Original issue reported on code.google.com by [email protected]
on 5 Apr 2008 at 1:35
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.