public/mailcow-dockerized
1
0
Fork 0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2026-01-23 13:47:12 +00:00
Code Issues Releases Wiki Activity

Add comment explaining User-Agent length validation

Browse Source 
Co-authored-by: DerLinkman <62480600+DerLinkman@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2025-12-12 16:14:09 +00:00
parent 88376566f9
commit a1b0004be9
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
data/web/inc/sessions.inc.php
View File

@@ -140,6 +140,7 @@ function session_check() {
}
if (!isset($_SESSION['SESS_REMOTE_UA']) || ($_SESSION['SESS_REMOTE_UA'] != $_SERVER['HTTP_USER_AGENT'])) {
// In development mode, allow User-Agent changes (e.g., for responsive testing in dev tools)
// Validate UA is not empty and has reasonable length (most UAs are under 200 chars, 500 is safe upper limit)
if ($DEV_MODE && isset($_SESSION['SESS_REMOTE_UA']) && !empty($_SERVER['HTTP_USER_AGENT']) && strlen($_SERVER['HTTP_USER_AGENT']) < 500) {
$_SESSION['SESS_REMOTE_UA'] = $_SERVER['HTTP_USER_AGENT'];
return true;