From c2916b62d3faf36200dc7c6c314449287f47e32c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Calvi=C3=B1o=20S=C3=A1nchez?= <danxuliu@gmail.com>
Date: Thu, 11 Oct 2018 10:53:25 +0200
Subject: [PATCH] Ignore "session_lifetime" if it can not be converted to a
 number
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When "session_lifetime" can not be converted to a number the interval
becomes a NaN due to dividing it by 2. This NaN was "dragged" over all
the other mathematical operations and caused the csrftoken to be got
again and again due to an infinite loop with no pauses in "setInterval".
Now, the interval is set to the default value instead if the
"session_lifetime" can not be converted to a number.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
---
 core/js/js.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/core/js/js.js b/core/js/js.js
index e7e1c301bb5..d78b0159cfa 100644
--- a/core/js/js.js
+++ b/core/js/js.js
@@ -1383,10 +1383,12 @@ function initCore() {
 	 */
 	function initSessionHeartBeat() {
 		// interval in seconds
-		var interval = 900;
+		var interval = NaN;
 		if (oc_config.session_lifetime) {
 			interval = Math.floor(oc_config.session_lifetime / 2);
 		}
+		interval = isNaN(interval)? 900: interval;
+
 		// minimum one minute
 		interval = Math.max(60, interval);
 		// max interval in seconds set to 24 hours
-- 
GitLab