mirror of
https://github.com/mailcow/mailcow-dockerized.git
synced 2026-07-01 18:45:36 +00:00
Fix DEV_MODE access using $GLOBALS instead of global keyword
Co-authored-by: DerLinkman <62480600+DerLinkman@users.noreply.github.com>
This commit is contained in:
@@ -133,15 +133,13 @@ if (isset($_POST["logout"])) {
|
|||||||
|
|
||||||
// Check session
|
// Check session
|
||||||
function session_check() {
|
function session_check() {
|
||||||
global $DEV_MODE;
|
|
||||||
|
|
||||||
if (isset($_SESSION['mailcow_cc_api']) && $_SESSION['mailcow_cc_api'] === true) {
|
if (isset($_SESSION['mailcow_cc_api']) && $_SESSION['mailcow_cc_api'] === true) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
if (!isset($_SESSION['SESS_REMOTE_UA']) || ($_SESSION['SESS_REMOTE_UA'] != $_SERVER['HTTP_USER_AGENT'])) {
|
if (!isset($_SESSION['SESS_REMOTE_UA']) || ($_SESSION['SESS_REMOTE_UA'] != $_SERVER['HTTP_USER_AGENT'])) {
|
||||||
// In development mode, allow User-Agent changes (e.g., for responsive testing in dev tools)
|
// In development mode, allow User-Agent changes (e.g., for responsive testing in dev tools)
|
||||||
// Validate UA is not empty and has reasonable length (most UAs are under 200 chars, 500 is safe upper limit)
|
// Validate UA is not empty and has reasonable length (most UAs are under 200 chars, 500 is safe upper limit)
|
||||||
if ($DEV_MODE && isset($_SESSION['SESS_REMOTE_UA']) && !empty($_SERVER['HTTP_USER_AGENT']) && strlen($_SERVER['HTTP_USER_AGENT']) < 500) {
|
if ($GLOBALS['DEV_MODE'] && isset($_SESSION['SESS_REMOTE_UA']) && !empty($_SERVER['HTTP_USER_AGENT']) && strlen($_SERVER['HTTP_USER_AGENT']) < 500) {
|
||||||
$_SESSION['SESS_REMOTE_UA'] = $_SERVER['HTTP_USER_AGENT'];
|
$_SESSION['SESS_REMOTE_UA'] = $_SERVER['HTTP_USER_AGENT'];
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user