ZenCartÆüËܸì¸ø¼°¥µ¥¤¥È¤Ç
* v1.3.0.2-l10n-jp-1ÍÑ
* v1.2-l10n-jp-6ÍÑ
¤ÎSession Fixation ÀȼåÀ­¤ËÂФ¹¤ë¥Ñ¥Ã¥Á¤¬¥ê¥ê¡¼¥¹¤µ¤ì¤Þ¤·¤¿¡£
¥À¥¦¥ó¥í¡¼¥É¤Ï¡¢¤³¤Á¤é

v1.3.0.2-l10n-jp-1ÍÑ

¥ª¡¼¥Ð¡¼¥é¥¤¥ÉÂбþ¤Ç¡¢¥³¥¢¥Õ¥¡¥¤¥ë¤ò½¤Àµ¤¹¤ëɬÍפϤʤ¤¤Î¤Ç
(¤â¤Á¤í¤ó¥ª¡¼¥Ð¡¼¥é¥¤¥É¤µ¤ì¤ë¥Õ¥¡¥¤¥ë¤Ë¼ê¤ò²Ã¤¨¤Æ¤¤¤ë¾ì¹ç¤Ï½¤Àµ¤¬É¬ÍפǤ¹¤¬)
raadme¤Ëµ­ºÜ¤µ¤ì¤Æ¤¤¤ëÄ̤ê¤Ëºî¶È¤ò¤¹¤ì¤Ð´Êñ¤ËƳÆþ¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

v1.2-l10n-jp-6ÍÑ

v1.2-l10n-jp-6ÍѤξì¹ç¤Ï¡¢¥³¥¢¥Õ¥¡¥¤¥ë¤ò½¤Àµ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
patch¥³¥Þ¥ó¥É¤¬»È¤¨¤ë´Ä¶­ÍѤ˥ѥåÁ¥Õ¥¡¥¤¥ë¤¬Æ±º­¤µ¤ì¤Æ¤Þ¤¹¤¬¡¢
¤³¤³¤Ç¤Ï¡¢patch¥³¥Þ¥ó¥É¤¬»È¤¨¤Ê¤¤´Ä¶­¤ÎÊý¸þ¤±¤Ë¡¢
session_fixation.patch¤ÎÃæ¿È(Êѹ¹Á°¤ÈÊѹ¹¸å)¤ò¾Ò²ð¤·¤Þ¤¹¡£

Step 1

—————
admin/includes/application_top.php 20¹ÔÌÜÉÕ¶á

// Start the clock for the page parse time log
    define('PAGE_PARSE_START_TIME', microtime());

¢­

ini_set("session.use_only_cookies", "1");
ini_set("session.use_cookies", "1");
ini_set("session.use_trans_sid", "0");

  // Start the clock for the page parse time log
    define('PAGE_PARSE_START_TIME', microtime());

admin/includes/functions/sessions.php 90¹ÔÌÜÉÕ¶á

function zen_session_start() {
    return session_start();
  }

¢­

function zen_session_start() {
     $result = session_start();
     if (!isset($_SESSION['initiated'])) {
       session_regenerate_id();
       $_SESSION['initiated'] = true;
     }
     return $result;
  }

includes/application_top.php 100¹ÔÌÜÉÕ¶á

// Load the database dependant query defines
  if (file_exists(DIR_WS_CLASSES . 'db/' . DB_TYPE . '/define_queries.php')) {
    include(DIR_WS_CLASSES . 'db/' . DB_TYPE . '/define_queries.php');
  }

¢­

// force cookie
 if (SESSION_ALWAYS_FORCE_COOKIE == "True") {
   ini_set("session.use_only_cookies", "1");
   ini_set("session.use_cookies", "1");
   ini_set("session.use_trans_sid", "0");
 }
 
// Load the database dependant query defines
  if (file_exists(DIR_WS_CLASSES . 'db/' . DB_TYPE . '/define_queries.php')) {
    include(DIR_WS_CLASSES . 'db/' . DB_TYPE . '/define_queries.php');
  }

includes/functions/sessions.php 110¹ÔÌÜÉÕ¶á

function zen_session_start() {
    if (defined('DIR_WS_ADMIN')) {
      ini_set('session.gc_maxlifetime', (SESSION_TIMEOUT_ADMIN <900 ? (SESSION_TIMEOUT_ADMIN + 900) : SESSION_TIMEOUT_ADMIN));
    }
    return session_start();
  }

¢­

function zen_session_start() {
     if (defined('DIR_WS_ADMIN')) {
       ini_set('session.gc_maxlifetime', (SESSION_TIMEOUT_ADMIN <900 ? (SESSION_TIMEOUT_ADMIN + 900) : SESSION_TIMEOUT_ADMIN));
     }
     $result = session_start();
     if (!isset($_SESSION['initiated'])) {
       session_regenerate_id();
       $_SESSION['initiated'] = true;
     }
     return $result;
    }

Step 2

—————
¥Ö¥é¥¦¥¶¤Ç´ÉÍý²èÌÌURL/sqlpatch.php¤Ë¥¢¥¯¥»¥¹¤·¡¢
session_fixation.patch.sql¤ò¼Â¹Ô¤¹¤ì¤Ð´°Î»¤Ç¤¹¡£

Related Post

  • No Related Posts

Related Ads