From d564f561233a682729c60c23c7bab474ce3ec14b Mon Sep 17 00:00:00 2001
From: Janusz Dobrowolski <janusz@frontaccounting.eu>
Date: Thu, 9 Dec 2010 11:04:16 +0000
Subject: [PATCH] [0000314] Fixed session fixation vulnerability

---
 includes/session.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/includes/session.inc b/includes/session.inc
index 4a50596f..f98c97b2 100644
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -239,6 +239,7 @@ if (!isset($_SESSION["wa_current_user"]))
 html_cleanup($_GET);
 html_cleanup($_POST);
 html_cleanup($_REQUEST);
+html_cleanup($_SERVER);
 
 // logout.php is the only page we should have always 
 // accessable regardless of access level and current login status.
-- 
2.30.2