summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2014-11-12 14:38:58 +0100
committerAndrey Andreev <narf@devilix.net>2014-11-12 14:38:58 +0100
commit562e39bab43181fb709aeaf4dee14bf481a2cc6a (patch)
treeb38eb4c96395be4cfec5f18fa18c47a1c4f2e54d
parent46f2f26d7cc43c548ea3f2978f532754b3476d5f (diff)
#3073 (feature/session): Validate incoming session IDs
-rw-r--r--system/libraries/Session/Session.php29
1 files changed, 8 insertions, 21 deletions
diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
index 293811ec8..1d93cb1c8 100644
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -122,13 +122,15 @@ class CI_Session {
return;
}
- // Work-around for PHP bug #66827 (https://bugs.php.net/bug.php?id=66827)
- //
- // The session ID sanitizer doesn't check for the value type and blindly does
- // an implicit cast to string, which triggers an 'Array to string' E_NOTICE.
- if (isset($_COOKIE[$this->_cookie_name]) && ! is_string($_COOKIE[$this->_cookie_name]))
+ // Sanitize the cookie, because apparently PHP doesn't do that for userspace handlers
+ if (isset($_COOKIE[$this->_config['cookie_name']])
+ && (
+ ! is_string($_COOKIE[$this->_config['cookie_name']])
+ OR ! preg_match('/^[0-9a-f]{40}$/', $_COOKIE[$this->_config['cookie_name']])
+ )
+ )
{
- unset($_COOKIE[$this->_cookie_name]);
+ unset($_COOKIE[$this->_config['cookie_name']]);
}
session_start();
@@ -164,21 +166,6 @@ class CI_Session {
}
$this->_ci_init_vars();
-/*
- Need to test if this is necessary for a custom driver or if it's only
- relevant to PHP's own files handler.
-
- https://bugs.php.net/bug.php?id=65475
- do this after session is started:
- if (is_php('5.5.2') && ! is_php('5.5.4'))
- {
- $session_id = session_id();
- if ($_COOKIE[$this->_cookie_name] !== $session_id && file_exists(teh file))
- {
- unlink(<teh file>);
- }
- }
-*/
log_message('debug', "Session: Class initialized using '".$this->_driver."' driver.");
}