From 4a44d5daa41ee50c526ffdc82137160c3013c647 Mon Sep 17 00:00:00 2001
From: Massimo Melina <a@rejetto.com>
Date: Thu, 28 May 2020 16:51:42 +0200
Subject: [PATCH] sounder session ID (fix possible session problem)

---
 main.pas | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/main.pas b/main.pas
index b0b7769..c279d92 100644
--- a/main.pas
+++ b/main.pas
@@ -2233,9 +2233,11 @@ if assigned(mainFrm) then
   mainfrm.visible:=userInteraction.bakVisible;
 end; // reenableUserInteraction
 
+function sanitizeSID(s:string):string;
+begin result:=reReplace(s, '[\D\W]', '', '!') end;
 
 function getNewSID():string;
-begin result:=replaceStr(base64encode(str_(now())+str_(random())), '=','') end;
+begin result:=sanitizeSID(base64encode(str_(now())+str_(random()))) end;
 
 constructor Tsession.create(const sid:string='');
 begin
@@ -4894,7 +4896,8 @@ var
     sid:=conn.getCookie(SESSION_COOKIE);
     if sid = '' then
       sid:=data.urlvars.Values[SESSION_COOKIE];
-    if sid = '' then
+    sid:=sanitizeSID(sid);
+    if sid.length < 10 then
       begin
       data.session:=Tsession.create();
       data.session.ip:=conn.address;