vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-05-01 00:19:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Harden HTTP session checks and remove user cookie

Browse source
This commit is contained in:
emanuele-f 2018-08-21 18:16:54 +02:00
parent e7a7ffd65c
commit 8a7ead5924
11 changed files with 104 additions and 106 deletions
Download patch file Download diff file Expand all files Collapse all files

2
scripts/lua/admin/password_reset.lua
View file

@ -18,7 +18,7 @@ if(user_group == "administrator") then
old_password = ""
else
-- Check to avoid that this user changes password for other users
username = _COOKIE["user"]
username = _SESSION["user"]
end
if((username == nil) or (old_password == nil) or (new_password == nil) or (confirm_new_password == nil)) then