Docs for page redirect.php

/src/redirect.php

Description

Prevents users from reposting their form data after a successful logout.

Derived from webmail.php by Ralf Kraudelt <kraude@wiwi.uni-rostock.de>

version: $Id: redirect.php 14248 2012-01-02 00:18:17Z pdontthink $
copyright: 1999-2012 The SquirrelMail Project Team
filesource: Source Code for this file
license: GNU Public License

Includes

include_once (SM_PATH.'functions/display_messages.php') (line 65)

require_once (SM_PATH.'functions/strings.php') (line 26)

require_once (SM_PATH.'functions/global.php') (line 24)

require_once (SM_PATH.'functions/i18n.php') (line 25)

require_once (SM_PATH.'functions/prefs.php') (line 27)

require_once (SM_PATH.'functions/plugin.php') (line 29)

require_once (SM_PATH.'functions/constants.php') (line 30)

require_once (SM_PATH.'functions/page_header.php') (line 31)

require_once (SM_PATH.'functions/imap.php') (line 28)

Functions

attachment_common_parse (line 197)

Regenerate session id to make sure that authenticated session uses different ID than one used before user authenticated. This is a countermeasure against session fixation attacks.

NB: session_regenerate_id() was added in PHP 4.3.2 (and new session cookie is only sent out in this call as of PHP 4.3.3), but PHP 4 is not vulnerable to session fixation problems in SquirrelMail because it prioritizes $base_uri subdirectory cookies differently than PHP 5, which is otherwise vulnerable. If we really want to, we could define our own session_regenerate_id() when one does not exist, but there seems to be no reason to do so.

void attachment_common_parse ( $str)

$str

Documentation generated on Wed, 23 May 2012 04:21:27 +0200 by phpDocumentor 1.4.3