Package: mantis
Version: 1.1.2+dfsg-5
Followup-For: Bug #501179
Hi,
the patch from upstream VCS was applied incorrectly,
session_set_cookie_params() needs to be called _before_ session_start(),
see http://php.net/session_set_cookie_params for the documentation.
Minimal patch attached.
Kind regards
WK
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.18-6-xen-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages mantis depends on:
ii apache2 2.2.9-7 Apache HTTP Server metapackage
ii apache2-mpm-prefork [httpd] 2.2.9-7 Apache HTTP Server - traditional n
ii dbconfig-common 1.8.39 common framework for packaging dat
ii debconf 1.5.22 Debian configuration management sy
ii libapache2-mod-php5 5.2.6-5 server-side, HTML-embedded scripti
ii libphp-adodb 5.05-1 The ADOdb database abstraction lay
ii libphp-phpmailer 1.73-6 full featured email transfer class
ii ucf 3.0010 Update Configuration File: preserv
Versions of packages mantis recommends:
ii mysql-client 5.0.51a-15 MySQL database client (metapackage
ii mysql-client-5.0 [mysql-clien 5.0.51a-15 MySQL database client binaries
ii php5-mysql 5.2.6-5 MySQL module for php5
Versions of packages mantis suggests:
pn mysql-server <none> (no description available)
pn php5-cli <none> (no description available)
-- debconf information excluded
--- session_api.php.orig 2008-10-12 07:54:20.000000000 +0200
+++ session_api.php 2008-10-12 07:54:31.000000000 +0200
@@ -49,10 +49,10 @@ $g_session = null;
*/
class MantisPHPSession extends MantisSession {
function __construct() {
- session_start();
if ( isset( $_SERVER['HTTPS'] ) && ( strtolower( $_SERVER['HTTPS'] ) != 'off' ) ) {
session_set_cookie_params( 0, config_get( 'cookie_path' ), config_get( 'cookie_domain' ), true, true );
}
+ session_start();
$this->id = session_id();
}
