<categoryname>security.general.session</categoryname>
<optiontype>integer</optiontype>
<defaultvalue>1800</defaultvalue>
- <minvalue>1</minvalue>
+ <minvalue>600</minvalue>
<maxvalue>86400</maxvalue>
</option>
<option name="user_online_timeout">
+++ /dev/null
-<?php
-use wcf\system\WCF;
-
-/**
- * @author Alexander Ebert
- * @copyright 2001-2013 WoltLab GmbH
- * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
- * @package com.woltlab.wcf
- * @category Community Framework
- */
-
-// disable APC if applicable
-$sql = "UPDATE wcf".WCF_N."_option
- SET optionValue = ?
- WHERE optionName = ?
- AND optionValue = ?";
-$statement = WCF::getDB()->prepareStatement($sql);
-$statement->execute(array(
- 'disk',
- 'cache_source_type',
- 'apc'
-));
--- /dev/null
+<?php
+use wcf\system\WCF;
+
+/**
+ * @author Alexander Ebert
+ * @copyright 2001-2014 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @package com.woltlab.wcf
+ * @category Community Framework
+ */
+// enforce new limits for session timeout (prevents misconfiguration)
+$sql = "UPDATE wcf".WCF_N."_option
+ SET optionValue = MIN(MAX(optionValue, ?), ?)
+ WHERE optionName = ?";
+$statement = WCF::getDB()->prepareStatement($sql);
+$statement->execute(array(
+ 600,
+ 86400,
+ 'session_timeout'
+));
projects / GitHub / WoltLab / WCF.git / commitdiff