set http 500 when session could not be started to prevent serving of empty files...

author Bernhard Posselt <nukeawhale@gmail.com>

Mon, 25 Feb 2013 17:37:05 +0000 (18:37 +0100)

committer Bernhard Posselt <nukeawhale@gmail.com>

Mon, 25 Feb 2013 17:37:05 +0000 (18:37 +0100)
author Bernhard Posselt <nukeawhale@gmail.com>
Mon, 25 Feb 2013 17:37:05 +0000 (18:37 +0100)
committer Bernhard Posselt <nukeawhale@gmail.com>
Mon, 25 Feb 2013 17:37:05 +0000 (18:37 +0100)
diff --git a/lib/base.php b/lib/base.php

index b5439c00abfcd9afc2eae23415e985d88f3c8577..16aa7bff305fbae7aaa5cf55c617c1feb0a928e6 100644 (file)
--- a/lib/base.php
+++ b/lib/base.php
@@ -320,8 +320,11 @@ class OC {
                 // set the session name to the instance id - which is unique
                 session_name(OC_Util::getInstanceId());
  
-               // (re)-initialize session
-               session_start();
+               // if session cant be started break with http 500 error
+               if (session_start() === false){
+                       header('HTTP/1.1 500 Internal Server Error');
+                       exit(1);
+               }
  
                 // regenerate session id periodically to avoid session fixation
                 if (!isset($_SESSION['SID_CREATED'])) {
author	Bernhard Posselt <nukeawhale@gmail.com>
	Mon, 25 Feb 2013 17:37:05 +0000 (18:37 +0100)
committer	Bernhard Posselt <nukeawhale@gmail.com>
	Mon, 25 Feb 2013 17:37:05 +0000 (18:37 +0100)