Commit b6866fa0 authored by Carsten  Rose's avatar Carsten Rose
Browse files

Merge branch 'S13933_sip_report_IP_adress_and_FE_user' into 'develop'

S13933 Ausgabe von Client Remote IP und falls vorhanden auch FE-Username.

See merge request !422
parents e3abf0a4 04ca482c
Pipeline #7091 passed with stage
in 1 minute and 38 seconds
......@@ -335,6 +335,8 @@ class Sip {
*/
public function getVarsFromSip($s) {
static $exceptionAlreadyThrown = false;
# Check if parameter is manipulated
if (strlen($s) != SIP_TOKEN_LENGTH) {
Config::attackDetectedExitNow(array(), 'Invalid SIP token length: ' . strlen($s) . " _GET['s']=" . htmlentities($s));
......@@ -347,6 +349,12 @@ class Sip {
$sessionVar = Session::get($s);
if ($sessionVar === false) {
if ($exceptionAlreadyThrown) {
// There is already an exception throw for Store SIP: just return an empty array and do not throw a new exception.
return array();
}
$exceptionAlreadyThrown = true;
throw new \UserFormException("SIP '$s' not registered - please reload the previous site and try again.", ERROR_SIP_NOT_FOUND);
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment