From 5c68503b3397f3d4f5cdd91a41afd30cdd718725 Mon Sep 17 00:00:00 2001
From: Alexander Paliarush <apaliarush@magento.com>
Date: Thu, 31 Mar 2016 18:57:28 -0500
Subject: [PATCH] MAGETWO-51376: Application Information disclosure on Update
---
.../Magento/Setup/Mvc/Bootstrap/InitParamListener.php | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/setup/src/Magento/Setup/Mvc/Bootstrap/InitParamListener.php b/setup/src/Magento/Setup/Mvc/Bootstrap/InitParamListener.php
index 769b3b634d0..135e03ae69b 100644
--- a/setup/src/Magento/Setup/Mvc/Bootstrap/InitParamListener.php
+++ b/setup/src/Magento/Setup/Mvc/Bootstrap/InitParamListener.php
@@ -123,15 +123,16 @@ class InitParamListener implements ListenerAggregateInterface, FactoryInterface
/** @var \Magento\Framework\App\State $adminAppState */
$adminAppState = $objectManager->get('Magento\Framework\App\State');
$adminAppState->setAreaCode(\Magento\Framework\App\Area::AREA_ADMIN);
- $objectManager->create(
- 'Magento\Backend\Model\Auth\Session',
+ /** @var \Magento\Backend\Model\Auth\Session $adminSession */
+ $adminSession = $objectManager->create(
+ \Magento\Backend\Model\Auth\Session::class,
[
- 'sessionConfig' => $objectManager->get('Magento\Backend\Model\Session\AdminConfig'),
+ 'sessionConfig' => $objectManager->get(\Magento\Backend\Model\Session\AdminConfig::class),
'appState' => $adminAppState
]
);
-
- if (!$objectManager->get('Magento\Backend\Model\Auth')->isLoggedIn()) {
+ if (!$objectManager->get(\Magento\Backend\Model\Auth::class)->isLoggedIn()) {
+ $adminSession->expireSessionCookie();
$response = $event->getResponse();
$response->getHeaders()->addHeaderLine('Location', 'index.php/session/unlogin');
$response->setStatusCode(302);
--
GitLab