From c2916b62d3faf36200dc7c6c314449287f47e32c Mon Sep 17 00:00:00 2001 From: Daniel Calviño Sánchez Date: Thu, 11 Oct 2018 10:53:25 +0200 Subject: Ignore "session_lifetime" if it can not be converted to a number MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When "session_lifetime" can not be converted to a number the interval becomes a NaN due to dividing it by 2. This NaN was "dragged" over all the other mathematical operations and caused the csrftoken to be got again and again due to an infinite loop with no pauses in "setInterval". Now, the interval is set to the default value instead if the "session_lifetime" can not be converted to a number. Signed-off-by: Daniel Calviño Sánchez --- core/js/js.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'core') diff --git a/core/js/js.js b/core/js/js.js index e7e1c301bb5..d78b0159cfa 100644 --- a/core/js/js.js +++ b/core/js/js.js @@ -1383,10 +1383,12 @@ function initCore() { */ function initSessionHeartBeat() { // interval in seconds - var interval = 900; + var interval = NaN; if (oc_config.session_lifetime) { interval = Math.floor(oc_config.session_lifetime / 2); } + interval = isNaN(interval)? 900: interval; + // minimum one minute interval = Math.max(60, interval); // max interval in seconds set to 24 hours -- cgit v1.2.3