From 93470fd63e22e2eec7a69768be7b8eb70400dc08 Mon Sep 17 00:00:00 2001
From: Sebastian Grewe <sebastian@grewe.ca>
Date: Thu, 6 Feb 2014 16:34:06 +0100
Subject: [PATCH] [FIX] Suppress potential empty HTTP_USER_AGENT

---
 public/include/classes/memcache_ad.class.php | 4 ++--
 public/include/classes/user.class.php        | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/public/include/classes/memcache_ad.class.php b/public/include/classes/memcache_ad.class.php
index 724c57d2..447e0118 100644
--- a/public/include/classes/memcache_ad.class.php
+++ b/public/include/classes/memcache_ad.class.php
@@ -10,7 +10,7 @@ class MemcacheAntiDos
   public function __construct($config, &$memcache, $request='') {
     $this->cache = $memcache;
     // set our config options
-    $userORip = $_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT'];
+    $userORip = $_SERVER['REMOTE_ADDR'].@$_SERVER['HTTP_USER_AGENT'];
     // prep stuff we need to check this request
     $key_md5 = $config['memcache']['keyprefix'].md5($userORip);
     $request_data = $this->cache->get($key_md5);
@@ -82,4 +82,4 @@ class MemcacheAntiDos
   }
 }
 
-?>
\ No newline at end of file
+?>
diff --git a/public/include/classes/user.class.php b/public/include/classes/user.class.php
index 2a210fbf..de244853 100644
--- a/public/include/classes/user.class.php
+++ b/public/include/classes/user.class.php
@@ -552,7 +552,7 @@ class User extends Base {
     // $this->user from checkUserPassword
     $_SESSION['USERDATA'] = $this->user;
     if ($this->config['protect_session_state']) {
-      $_SESSION['STATE'] = md5($_SESSION['USERDATA']['username'].$_SESSION['USERDATA']['id'].$_SERVER['HTTP_USER_AGENT']);
+      $_SESSION['STATE'] = md5($_SESSION['USERDATA']['username'].$_SESSION['USERDATA']['id'].@$_SERVER['HTTP_USER_AGENT']);
     }
   }
 
@@ -864,7 +864,7 @@ public function isAuthenticated($logout=true) {
     if (@$_SESSION['AUTHENTICATED'] == true &&
     !$this->isLocked($_SESSION['USERDATA']['id']) &&
     $this->getUserIp($_SESSION['USERDATA']['id']) == $_SERVER['REMOTE_ADDR'] &&
-    (!$this->config['protect_session_state'] || ($this->config['protect_session_state'] && $_SESSION['STATE'] == md5($_SESSION['USERDATA']['username'].$_SESSION['USERDATA']['id'].$_SERVER['HTTP_USER_AGENT'])))
+    (!$this->config['protect_session_state'] || ($this->config['protect_session_state'] && $_SESSION['STATE'] == md5($_SESSION['USERDATA']['username'].$_SESSION['USERDATA']['id'].@$_SERVER['HTTP_USER_AGENT'])))
     ) return true;
     // Catchall
     $this->log->log("warn", "Forcing logout, user is locked or IP changed mid session from [".$_SERVER['REMOTE_ADDR']."] [hijack attempt?]");