diff options
author | Andrey Andreev <narf@devilix.net> | 2014-11-12 14:38:58 +0100 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2014-11-12 14:38:58 +0100 |
commit | 562e39bab43181fb709aeaf4dee14bf481a2cc6a (patch) | |
tree | b38eb4c96395be4cfec5f18fa18c47a1c4f2e54d | |
parent | 46f2f26d7cc43c548ea3f2978f532754b3476d5f (diff) |
#3073 (feature/session): Validate incoming session IDs
-rw-r--r-- | system/libraries/Session/Session.php | 29 |
1 files changed, 8 insertions, 21 deletions
diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php index 293811ec8..1d93cb1c8 100644 --- a/system/libraries/Session/Session.php +++ b/system/libraries/Session/Session.php @@ -122,13 +122,15 @@ class CI_Session { return; } - // Work-around for PHP bug #66827 (https://bugs.php.net/bug.php?id=66827) - // - // The session ID sanitizer doesn't check for the value type and blindly does - // an implicit cast to string, which triggers an 'Array to string' E_NOTICE. - if (isset($_COOKIE[$this->_cookie_name]) && ! is_string($_COOKIE[$this->_cookie_name])) + // Sanitize the cookie, because apparently PHP doesn't do that for userspace handlers + if (isset($_COOKIE[$this->_config['cookie_name']]) + && ( + ! is_string($_COOKIE[$this->_config['cookie_name']]) + OR ! preg_match('/^[0-9a-f]{40}$/', $_COOKIE[$this->_config['cookie_name']]) + ) + ) { - unset($_COOKIE[$this->_cookie_name]); + unset($_COOKIE[$this->_config['cookie_name']]); } session_start(); @@ -164,21 +166,6 @@ class CI_Session { } $this->_ci_init_vars(); -/* - Need to test if this is necessary for a custom driver or if it's only - relevant to PHP's own files handler. - - https://bugs.php.net/bug.php?id=65475 - do this after session is started: - if (is_php('5.5.2') && ! is_php('5.5.4')) - { - $session_id = session_id(); - if ($_COOKIE[$this->_cookie_name] !== $session_id && file_exists(teh file)) - { - unlink(<teh file>); - } - } -*/ log_message('debug', "Session: Class initialized using '".$this->_driver."' driver."); } |