Preprečujem sledenje z odprtimi okni.

Pojačana varnost hashanja (a pozor, pri geslih ostaja MD5/SHA1/... kombo zarazi družljivosti). Nadgradnja md5 bo poseben...tretma.
2023-01-23 20:39:16 +01:00 · 2023-01-23 20:39:16 +01:00 · 29c3fb4482
commit 29c3fb4482
parent b2bfe93693
20 changed files with 11 additions and 100 deletions
--- a/admin/exportclases/class.pdfIzvoz.php
+++ b/admin/exportclases/class.pdfIzvoz.php
@ -5,7 +5,6 @@
 * To change the template for this generated file go to
 * Window - Preferences - PHPeclipse - PHP - Code Templates
 */
 //error_reporting(E_ALL);
 set_time_limit(1800);
--- a/admin/exportclases/class.pdfIzvozResults.php
+++ b/admin/exportclases/class.pdfIzvozResults.php
@ -5,7 +5,6 @@
 * To change the template for this generated file go to
 * Window - Preferences - PHPeclipse - PHP - Code Templates
 */
 //error_reporting(E_ALL);
 set_time_limit(1800);
--- a/admin/survey/SurveyAdminSettings.php
+++ b/admin/survey/SurveyAdminSettings.php
@ -7990,13 +7990,13 @@ class SurveyAdminSettings {
 			$arrayTestni = array();
 			for ($i=1; $i<=$_POST['stevilo_vnosov']; $i++) {
-                session_start();
+                        session_start();
-				$_SESSION['progressBar'][$this->anketa]['current'] = $i;
+                        $_SESSION['progressBar'][$this->anketa]['current'] = $i;
-				session_commit();
+                        session_commit();
 				// izberemo random hash, ki se ni v bazi (to more bit, ker je index na fieldu cookie)
 				do {
-					$rand = md5(random_int(1, mt_getrandmax()).'@'.$_SERVER['REMOTE_ADDR']);
+					$rand = md5(random_int(1, PHP_INT_MAX).'@'.$_SERVER['REMOTE_ADDR']);
 					$sql1 = sisplet_query("SELECT id FROM srv_user WHERE cookie = '$rand'");
 				} while (mysqli_num_rows($sql1) > 0);
--- a/admin/survey/ajax.php
+++ b/admin/survey/ajax.php
@ -8,17 +8,6 @@ include_once 'definition.php';
 include_once '../../function.php';
 include_once '../../vendor/autoload.php';
 # error reporting
 if (isDebug()){
 #	error_reporting(E_ALL ^ E_NOTICE ^ E_STRICT);
 	error_reporting(E_ALL ^ E_NOTICE);
 	ini_set('display_errors', '1');
 }
 else{
    error_reporting(E_ALL ^ E_NOTICE ^ E_STRICT);
    ini_set('display_errors', '0');
 }
 Common::start();
 sisplet_query("BEGIN");
--- a/admin/survey/classes/surveyEmails/squalo/api_test.php
+++ b/admin/survey/classes/surveyEmails/squalo/api_test.php
@ -5,11 +5,6 @@
 *
 **/
 ini_set('display_errors', 1);
 ini_set('display_startup_errors', 1);
 error_reporting(E_ALL);
 include_once '../../../definition.php';
 include_once '../../../../../function.php';
 include_once '../../../../../vendor/autoload.php';
--- a/admin/survey/excel/PHPExcel/Shared/JAMA/examples/benchmark.php
+++ b/admin/survey/excel/PHPExcel/Shared/JAMA/examples/benchmark.php
@ -1,7 +1,5 @@
 <?php
 error_reporting(E_ALL);
 /**
 * @package JAMA
 */
--- a/admin/survey/izvoz.php
+++ b/admin/survey/izvoz.php
@ -8,19 +8,6 @@ include_once('../../vendor/autoload.php');
 global $site_path, $global_user_id, $admin_type, $lang;
 # error reporting
 if(isDebug()){
 	error_reporting(E_ALL ^ E_NOTICE);
 	ini_set('display_errors', '1');
 }
 else{
 	//error_reporting(E_ALL ^ E_NOTICE ^ E_STRICT);
 	error_reporting(0);
 	ini_set('display_errors', '0');
 }
 /****** DEFINITIONS ******/
 define("M_ANALIZA_DESCRIPTOR", "descriptor");
 define("M_ANALIZA_FREQUENCY", "frequency");
--- a/admin/survey/modules/mod_gorenje/SurveyGorenje.php
+++ b/admin/survey/modules/mod_gorenje/SurveyGorenje.php
@ -90,11 +90,7 @@ class SurveyGorenje{
 		</soapenv:Envelope>
 	*/
 	public static function sendGorenjeRekID($rek_id){
-		
+
 		/*ini_set('display_errors', 1);
 		ini_set('display_startup_errors', 1);
 		error_reporting(E_ALL);*/
 		$gorenje_wsdl = 'http://partners.gorenje.com/SAGWCFServices/SAGService.svc?wsdl';
 		$options = array(
--- a/frontend/install/classes/class.Display.php
+++ b/frontend/install/classes/class.Display.php
@ -1,11 +1,5 @@
 <?php
 ini_set('display_errors', 1);
 ini_set('display_startup_errors', 1);
 error_reporting(E_ALL);
 include_once '../../function.php';
 include_once 'classes/class.DisplayCheck.php';
--- a/frontend/install/index.php
+++ b/frontend/install/index.php
@ -2,12 +2,6 @@
 	session_start();
 	//phpinfo();
 	/*error_reporting(1);
 	ini_set('display_errors', 'On');*/
 	include_once('classes/class.Display.php');
 	// Inicializiramo razred za prikaz
--- a/frontend/payments/cebelica/InvoiceFox/api-tester.php
+++ b/frontend/payments/cebelica/InvoiceFox/api-tester.php
@ -1,7 +1,5 @@
 <?php
 session_start();
 ini_set('display_errors', 1);
 error_reporting (E_ALL); 
 require_once "lib/strpcapi.php";
 require_once "lib/invfoxapi.php";
--- a/frontend/simple/index.php
+++ b/frontend/simple/index.php
@ -1,11 +1,6 @@
 <?php 
-	session_start();
+    session_start();
 	//phpinfo();
 	error_reporting(0);
 	//ini_set('display_errors', 'On');
    include_once('classes/DisplayController.php');
--- a/function.php
+++ b/function.php
@ -1,7 +1,5 @@
 <?php
 error_reporting(E_ALL ^ E_NOTICE);
 if (!function_exists('apache_request_headers')) {
    function apache_request_headers()
    {
--- a/index_sa_anketa.php
+++ b/index_sa_anketa.php
@ -138,7 +138,7 @@ include('settings.php');
 <body style="background-color:#FFFFFF;background-image:none;">
 <div id="outercontainer" class=""><div id="container">
        <div id="logo">
-            <a href="<?php echo $site_url; ?>" title="1KA spletne ankete" target="_blank">1KA</a>
+            <a href="<?php echo $site_url; ?>" title="1KA spletne ankete" target="_blank" rel="noopener">1KA</a>
            <div id="logo_right"></div>
        </div>
        <h1>Vnos kode za dostop do samoevalvacije</h1>
@ -158,9 +158,9 @@ include('settings.php');
        </form>
    </div>
    <div id="footer_survey">
-        <p class="footer_1ka"><a href="http://www.1ka.si" target="_blank">1KA - spletne ankete</a></p>
+        <p class="footer_1ka"><a href="http://www.1ka.si" target="_blank" rel="noopener">1KA - spletne ankete</a></p>
-        <p class="privacy"><a href="https://www.1ka.si/d/sl/o-1ka/pogoji-uporabe-storitve-1ka/politika-zasebnosti?from1ka=1" target="_blank">Anketa </a>     <a href="https://www.1ka.si/d/sl/o-1ka/pogoji-uporabe-storitve-1ka/politika-zasebnosti?from1ka=1#cookies" target="_blank">brez piškotkov</a>, <a href="https://www.1ka.si/d/sl/o-1ka/pogoji-uporabe-storitve-1ka/politika-zasebnosti?from1ka=1#ip" target="_blank">brez IP sledenja</a></p>
+        <p class="privacy"><a href="https://www.1ka.si/d/sl/o-1ka/pogoji-uporabe-storitve-1ka/politika-zasebnosti?from1ka=1" target="_blank" rel="noopener">Anketa </a>     <a href="https://www.1ka.si/d/sl/o-1ka/pogoji-uporabe-storitve-1ka/politika-zasebnosti?from1ka=1#cookies" target="_blank" rel="noopener">brez piškotkov</a>, <a href="https://www.1ka.si/d/sl/o-1ka/pogoji-uporabe-storitve-1ka/politika-zasebnosti?from1ka=1#ip" target="_blank" rel="noopener">brez IP sledenja</a></p>
-        <p class="privacy_link"><a href="https://www.1ka.si/d/sl/o-1ka/pogoji-uporabe-storitve-1ka/politika-zasebnosti?from1ka=1" target="_blank">Politika zasebnosti</a></p>
+        <p class="privacy_link"><a href="https://www.1ka.si/d/sl/o-1ka/pogoji-uporabe-storitve-1ka/politika-zasebnosti?from1ka=1" target="_blank" rel="noopener">Politika zasebnosti</a></p>
    </div>
 </div>
--- a/main/survey/app/config.php
+++ b/main/survey/app/config.php
@ -24,8 +24,6 @@ if (in_array($site_url, [
 // Error reporting
 if (/*ENVIRONMENT == 'dev' ||*/ isDebug()) {
    error_reporting(E_ALL);
    ini_set("display_errors", 1);
    //ERROR blackscreen prikaz
    if (class_exists('\Whoops\Run)')) {
@ -34,12 +32,8 @@ if (/*ENVIRONMENT == 'dev' ||*/ isDebug()) {
        $whoops->register();
    }
 } else {
    error_reporting(0);
    ini_set("display_errors", 0);
 }
 //DB connection
 define('DB_TYPE', 'mysql');
 define('DB_HOST', $mysql_server);
--- a/utils/1kaUtils/app_settings_copy.php
+++ b/utils/1kaUtils/app_settings_copy.php
@ -6,12 +6,6 @@
 * 
 */
 ini_set('display_errors', '1');
 ini_set('display_startup_errors', '1');
 error_reporting(E_ALL);
 include_once('../../function.php');
 include_once('../../vendor/autoload.php');
 include_once($site_path.'/settings_optional.php');
--- a/utils/1kaUtils/check_packages.php
+++ b/utils/1kaUtils/check_packages.php
@ -8,10 +8,6 @@
 die();
 /*ini_set('display_errors', '1');
 ini_set('display_startup_errors', '1');
 error_reporting(E_ALL);*/
 include_once('../../function.php');
 include_once('../../vendor/autoload.php');
--- a/utils/1kaUtils/fix_comments.php
+++ b/utils/1kaUtils/fix_comments.php
@ -6,12 +6,6 @@
 * 
 */
 /*ini_set('display_errors', '1');
 ini_set('display_startup_errors', '1');
 error_reporting(E_ALL);*/
 include_once('../../function.php');
 include_once('../../vendor/autoload.php');
--- a/utils/1kaUtils/nijz_clean_db.php
+++ b/utils/1kaUtils/nijz_clean_db.php
@ -6,13 +6,8 @@
 * 
 */
 die();
 /*ini_set('display_errors', '1');
 ini_set('display_startup_errors', '1');
 error_reporting(E_ALL);*/
 include_once('../../function.php');
 include_once('../../vendor/autoload.php');
--- a/utils/ParadataExport/export.php
+++ b/utils/ParadataExport/export.php
@ -4,12 +4,8 @@
 	*/
 	set_time_limit(36000); 		// 10 ur
 	ini_set('display_errors', 1);
 	ini_set('display_startup_errors', 1);
 	error_reporting(E_ALL);
-	include_once '../../function.php';
+        include_once '../../function.php';
 	include_once '../../admin/survey/definition.php';
 	include_once '../../vendor/autoload.php';