set http 500 when session could not be started to prevent serving of empty files see #1049

author: Bernhard Posselt <nukeawhale@gmail.com> 2013-02-25 18:37:05 +0100
committer: Bernhard Posselt <nukeawhale@gmail.com> 2013-02-25 18:37:05 +0100
commit: 55c72617c6a582f25f3769872ad09d0494049a5f (patch)
tree: a81648d569092b72d9569333aaf419ff1d903db3 /lib/base.php
parent: 946a064fc6b57915c09026e0b02d0bed01a852e3 (diff)
download: nextcloud-server-55c72617c6a582f25f3769872ad09d0494049a5f.tar.gz
nextcloud-server-55c72617c6a582f25f3769872ad09d0494049a5f.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/base.php b/lib/base.php
index b5439c00abf..16aa7bff305 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -320,8 +320,11 @@ class OC {
 		// set the session name to the instance id - which is unique
 		session_name(OC_Util::getInstanceId());
 
-		// (re)-initialize session
-		session_start();
+		// if session cant be started break with http 500 error
+		if (session_start() === false){
+			header('HTTP/1.1 500 Internal Server Error');
+			exit(1);
+		}
 
 		// regenerate session id periodically to avoid session fixation
 		if (!isset($_SESSION['SID_CREATED'])) {
author	Bernhard Posselt <nukeawhale@gmail.com>	2013-02-25 18:37:05 +0100
committer	Bernhard Posselt <nukeawhale@gmail.com>	2013-02-25 18:37:05 +0100
commit	55c72617c6a582f25f3769872ad09d0494049a5f (patch)
tree	a81648d569092b72d9569333aaf419ff1d903db3 /lib/base.php
parent	946a064fc6b57915c09026e0b02d0bed01a852e3 (diff)
download	nextcloud-server-55c72617c6a582f25f3769872ad09d0494049a5f.tar.gz nextcloud-server-55c72617c6a582f25f3769872ad09d0494049a5f.zip