Commit
commit 985c8651434792e6c5c9a8525c8c74e3ce6672ca Author: Jan DankertDate: Thu Nov 19 00:45:44 2020 +0100 Security fix: We must update the login token on every login; Administrators are able to see the login tokens of users. modules/cms/Dispatcher.class.php | 100 +++++----- modules/cms/action/Action.class.php | 25 +-- .../cms/action/login/LoginLoginAction.class.php | 220 ++++++++++----------- .../cms/action/login/LoginLogoutAction.class.php | 5 +- .../cms/action/user/UserAdvancedAction.class.php | 26 +++ modules/cms/api/API.class.php | 5 +- modules/cms/auth/CookieAuth.class.php | 6 +- modules/cms/auth/InternalAuth.class.php | 2 - modules/cms/auth/RememberAuth.class.php | 61 +++++- modules/cms/model/User.class.php | 169 ++++++++++------ modules/cms/ui/UI.class.php | 2 +- .../ui/themes/default/html/views/user/advanced.php | 51 +++++ .../default/html/views/user/advanced.tpl.src.xml | 38 ++++ modules/database/Database.class.php | 1 - .../html/component_date/component-date.php | 7 +- modules/util/Cookie.class.php | 67 +++++++ 16 files changed, 510 insertions(+), 275 deletions(-)