[TYPO3-core] RFC: 11089 Fixing the built-in shopping basket
Oliver Hader
oliver at typo3.org
Fri May 15 23:56:08 CEST 2009
Hi Mattes,
Mathias Schreiber [wmdb] schrieb:
> This is an SVN patch request.
>
> Type: Bugfix
>
> Bugtracker references:
> http://bugs.typo3.org/view.php?id=11089
>
> Branches:
> TYPO3_4-2 & trunk
>
> Problem:
> Session fixation bugfix breaks the built-in shoppping basket
>
> Solution:
> Remove the check for $this->cookieId === $this->id and only check for
> $this->cookieId.
>
> Notes:
> We are not sure if this implies any other security issues by removing
> the check.
> Security team: Please advise.
We have been able to reproduce this issue and your patch solves it.
However, concerning security, I'm not sure if it is a solution. Maybe
it's also enough to move "$this->cookieId = $id;" in line 236 below the
session fixation stuff...
However, +1 on testing
olly
--
Oliver Hader
TYPO3 Release Manager 4.3
More information about the TYPO3-team-core
mailing list