13 years ago · dca1c715d4
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -163,6 +163,13 @@ $sessiontimeout='DOLSESSTIMEOUT_'.$prefix;
 
				 if (! empty($_COOKIE[$sessiontimeout])) ini_set('session.gc_maxlifetime',$_COOKIE[$sessiontimeout]);
			
 
				 session_name($sessionname);
			
 
				 session_start();
			
 
				+if (ini_get('register_globals'))    // To solve bug in using $_SESSION
			
 
				+{
			
 
				+    foreach ($_SESSION as $key=>$value)
			
 
				+    {
			
 
				+        if (isset($GLOBALS[$key])) unset($GLOBALS[$key]);
			
 
				+    }
			
 
				+}
			
 
				 
			
 
				 // Init the 5 global objects
			
 
				 // This include will set: $conf, $db, $langs, $user, $mysoc objects
			
@@ -433,7 +440,7 @@ if (! defined('NOLOGIN'))
 
				             dol_syslog('User not found, connexion refused');
			
 
				             session_destroy();
			
 
				             session_name($sessionname);
			
 
				-            session_start();
			
 
				+            session_start();    // Fixing the bug of register_globals here is useless since session is empty
			
 
				 
			
 
				             if ($resultFetchUser == 0)
			
 
				             {
			
@@ -475,7 +482,7 @@ if (! defined('NOLOGIN'))
 
				             dol_syslog("Can't load user even if session logged. _SESSION['dol_login']=".$login, LOG_WARNING);
			
 
				             session_destroy();
			
 
				             session_name($sessionname);
			
 
				-            session_start();
			
 
				+            session_start();    // Fixing the bug of register_globals here is useless since session is empty
			
 
				 
			
 
				             if ($resultFetchUser == 0)
			
 
				             {
			
--- a/htdocs/paypal/lib/paypalfunctions.lib.php
+++ b/htdocs/paypal/lib/paypalfunctions.lib.php
@@ -22,8 +22,17 @@
 
				  * \brief      Page with Paypal init var.
			
 
				  */
			
 
				 
			
 
				-if (session_id() == "") session_start();
			
 
				-
			
 
				+if (session_id() == "")
			
 
				+{
			
 
				+    session_start();
			
 
				+    if (ini_get('register_globals'))    // To solve bug in using $_SESSION
			
 
				+    {
			
 
				+        foreach ($_SESSION as $key=>$value)
			
 
				+        {
			
 
				+            if (isset($GLOBALS[$key])) unset($GLOBALS[$key]);
			
 
				+        }
			
 
				+    }
			
 
				+}
			
 
				 
			
 
				 // ==================================
			
 
				 // PayPal Express Checkout Module
			
--- a/htdocs/user/passwordforgotten.php
+++ b/htdocs/user/passwordforgotten.php
@@ -70,8 +70,6 @@ if ($action == 'validatenewpassword' && $username && $passwordmd5)
 
				         {
			
 
				             $newpassword=$edituser->setPassword($user,$edituser->pass_temp,0);
			
 
				             dol_syslog("passwordforgotten.php new password for user->id=".$edituser->id." validated in database");
			
 
				-            //session_start();
			
 
				-            //$_SESSION["loginmesg"]=$langs->trans("PasswordChanged");
			
 
				             header("Location: ".DOL_URL_ROOT.'/');
			
 
				             exit;
			
 
				         }