summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2016-11-29 14:30:30 +0100
committerAndrey Andreev <narf@devilix.net>2016-11-29 14:30:30 +0100
commit6276926c6dcdf976a5f4de34d62f501852e2f84b (patch)
treea1d048d19d085e8f66e09d73d8441dd05a6a0371
parent45023e555e762baf22b94b0e9ca353548205efb4 (diff)
Fix #4923
-rw-r--r--system/libraries/Session/drivers/Session_database_driver.php10
-rw-r--r--system/libraries/Session/drivers/Session_memcached_driver.php37
-rw-r--r--system/libraries/Session/drivers/Session_redis_driver.php27
-rw-r--r--user_guide_src/source/changelog.rst1
4 files changed, 34 insertions, 41 deletions
diff --git a/system/libraries/Session/drivers/Session_database_driver.php b/system/libraries/Session/drivers/Session_database_driver.php
index 6a7282b23..2f5241256 100644
--- a/system/libraries/Session/drivers/Session_database_driver.php
+++ b/system/libraries/Session/drivers/Session_database_driver.php
@@ -208,8 +208,12 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan
// Prevent previous QB calls from messing with our queries
$this->_db->reset_query();
+ if ($this->_lock === FALSE)
+ {
+ return $this->_fail();
+ }
// Was the ID regenerated?
- if ($session_id !== $this->_session_id)
+ elseif ($session_id !== $this->_session_id)
{
if ( ! $this->_release_lock() OR ! $this->_get_lock($session_id))
{
@@ -219,10 +223,6 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan
$this->_row_exists = FALSE;
$this->_session_id = $session_id;
}
- elseif ($this->_lock === FALSE)
- {
- return $this->_fail();
- }
if ($this->_row_exists === FALSE)
{
diff --git a/system/libraries/Session/drivers/Session_memcached_driver.php b/system/libraries/Session/drivers/Session_memcached_driver.php
index 99b4d1baa..eb1dcd3d8 100644
--- a/system/libraries/Session/drivers/Session_memcached_driver.php
+++ b/system/libraries/Session/drivers/Session_memcached_driver.php
@@ -186,7 +186,7 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa
*/
public function write($session_id, $session_data)
{
- if ( ! isset($this->_memcached))
+ if ( ! isset($this->_memcached, $this->_lock_key))
{
return $this->_fail();
}
@@ -202,28 +202,25 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa
$this->_session_id = $session_id;
}
- if (isset($this->_lock_key))
- {
- $key = $this->_key_prefix.$session_id;
-
- $this->_memcached->replace($this->_lock_key, time(), 300);
- if ($this->_fingerprint !== ($fingerprint = md5($session_data)))
- {
- if ($this->_memcached->set($key, $session_data, $this->_config['expiration']))
- {
- $this->_fingerprint = $fingerprint;
- return $this->_success;
- }
+ $key = $this->_key_prefix.$session_id;
- return $this->_fail();
- }
- elseif (
- $this->_memcached->touch($key, $this->_config['expiration'])
- OR ($this->_memcached->getResultCode() === Memcached::RES_NOTFOUND && $this->_memcached->set($key, $session_data, $this->_config['expiration']))
- )
+ $this->_memcached->replace($this->_lock_key, time(), 300);
+ if ($this->_fingerprint !== ($fingerprint = md5($session_data)))
+ {
+ if ($this->_memcached->set($key, $session_data, $this->_config['expiration']))
{
+ $this->_fingerprint = $fingerprint;
return $this->_success;
}
+
+ return $this->_fail();
+ }
+ elseif (
+ $this->_memcached->touch($key, $this->_config['expiration'])
+ OR ($this->_memcached->getResultCode() === Memcached::RES_NOTFOUND && $this->_memcached->set($key, $session_data, $this->_config['expiration']))
+ )
+ {
+ return $this->_success;
}
return $this->_fail();
@@ -375,4 +372,4 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa
return TRUE;
}
-} \ No newline at end of file
+}
diff --git a/system/libraries/Session/drivers/Session_redis_driver.php b/system/libraries/Session/drivers/Session_redis_driver.php
index 8db74c0ca..a780100b1 100644
--- a/system/libraries/Session/drivers/Session_redis_driver.php
+++ b/system/libraries/Session/drivers/Session_redis_driver.php
@@ -199,7 +199,7 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle
*/
public function write($session_id, $session_data)
{
- if ( ! isset($this->_redis))
+ if ( ! isset($this->_redis, $this->_lock_key))
{
return $this->_fail();
}
@@ -215,27 +215,22 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle
$this->_session_id = $session_id;
}
- if (isset($this->_lock_key))
+ $this->_redis->setTimeout($this->_lock_key, 300);
+ if ($this->_fingerprint !== ($fingerprint = md5($session_data)) OR $this->_key_exists === FALSE)
{
- $this->_redis->setTimeout($this->_lock_key, 300);
- if ($this->_fingerprint !== ($fingerprint = md5($session_data)) OR $this->_key_exists === FALSE)
+ if ($this->_redis->set($this->_key_prefix.$session_id, $session_data, $this->_config['expiration']))
{
- if ($this->_redis->set($this->_key_prefix.$session_id, $session_data, $this->_config['expiration']))
- {
- $this->_fingerprint = $fingerprint;
- $this->_key_exists = TRUE;
- return $this->_success;
- }
-
- return $this->_fail();
+ $this->_fingerprint = $fingerprint;
+ $this->_key_exists = TRUE;
+ return $this->_success;
}
- return ($this->_redis->setTimeout($this->_key_prefix.$session_id, $this->_config['expiration']))
- ? $this->_success
- : $this->_fail();
+ return $this->_fail();
}
- return $this->_fail();
+ return ($this->_redis->setTimeout($this->_key_prefix.$session_id, $this->_config['expiration']))
+ ? $this->_success
+ : $this->_fail();
}
// ------------------------------------------------------------------------
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 1fe2d4616..cb95d173b 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -22,6 +22,7 @@ Bug fixes for 3.1.3
- Fixed a bug (#4905) - :doc:`Loader Library <libraries/loader>` didn't take into account possible user-provided directory paths when loading helpers.
- Fixed a bug (#4916) - :doc:`Session Library <libraries/sessions>` with ``sess_match_ip`` enabled was unusable for IPv6 clients when using the 'database' driver on MySQL 5.7.5+.
- Fixed a bug (#4917) - :doc:`Date Helper <helpers/date_helper>` function :php:func:`nice_date()` didn't handle YYYYMMDD inputs properly.
+- Fixed a bug (#4923) - :doc:`Session Library <libraries/sessions>` could execute an erroneous SQL query with the 'database' driver, if the lock attempt times out.
Version 3.1.2
=============