From a3f3496709061d8962557cfa86c4f38701ce346d Mon Sep 17 00:00:00 2001 From: mdipierro Date: Tue, 26 Aug 2014 14:38:09 -0500 Subject: [PATCH] fixed security issue again, thanks Niphlod --- VERSION | 2 +- applications/admin/controllers/appadmin.py | 2 +- applications/examples/controllers/appadmin.py | 2 +- applications/welcome/controllers/appadmin.py | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/VERSION b/VERSION index 3db54d93..5e829ed2 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -Version 2.9.6-beta+timestamp.2014.08.26.14.30.42 +Version 2.9.6-beta+timestamp.2014.08.26.14.38.05 diff --git a/applications/admin/controllers/appadmin.py b/applications/admin/controllers/appadmin.py index a74f0569..abd3c6ad 100644 --- a/applications/admin/controllers/appadmin.py +++ b/applications/admin/controllers/appadmin.py @@ -32,7 +32,7 @@ try: except: hosts = (http_host, ) -if request.env.http_x_forwarded_for or request.is_https: +if request.is_https: session.secure() elif (remote_addr not in hosts) and (remote_addr != "127.0.0.1") and \ (request.function != 'manage'): diff --git a/applications/examples/controllers/appadmin.py b/applications/examples/controllers/appadmin.py index a74f0569..abd3c6ad 100644 --- a/applications/examples/controllers/appadmin.py +++ b/applications/examples/controllers/appadmin.py @@ -32,7 +32,7 @@ try: except: hosts = (http_host, ) -if request.env.http_x_forwarded_for or request.is_https: +if request.is_https: session.secure() elif (remote_addr not in hosts) and (remote_addr != "127.0.0.1") and \ (request.function != 'manage'): diff --git a/applications/welcome/controllers/appadmin.py b/applications/welcome/controllers/appadmin.py index a74f0569..abd3c6ad 100644 --- a/applications/welcome/controllers/appadmin.py +++ b/applications/welcome/controllers/appadmin.py @@ -32,7 +32,7 @@ try: except: hosts = (http_host, ) -if request.env.http_x_forwarded_for or request.is_https: +if request.is_https: session.secure() elif (remote_addr not in hosts) and (remote_addr != "127.0.0.1") and \ (request.function != 'manage'):