summaryrefslogtreecommitdiffstats
path: root/system/libraries/Session/Session.php
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2016-10-22 15:33:06 +0200
committerAndrey Andreev <narf@devilix.net>2016-10-22 15:33:06 +0200
commit6c6ee1a1e73b3f8a93ca031107bec35e56272a0a (patch)
tree359e27420e1ae51d4d052be8f531443e727af749 /system/libraries/Session/Session.php
parentdae08b59fd808c3baf838161223fdba2a80f1610 (diff)
Close #4830, #3649
Diffstat (limited to 'system/libraries/Session/Session.php')
-rw-r--r--system/libraries/Session/Session.php36
1 files changed, 33 insertions, 3 deletions
diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
index 3b391a8ef..5aac12f36 100644
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -57,6 +57,7 @@ class CI_Session {
protected $_driver = 'files';
protected $_config;
+ protected $_sid_regexp;
// ------------------------------------------------------------------------
@@ -99,6 +100,7 @@ class CI_Session {
// Configuration ...
$this->_configure($params);
+ $this->_config['_sid_regexp'] = $this->_sid_regexp;
$class = new $class($this->_config);
if ($class instanceof SessionHandlerInterface)
@@ -131,7 +133,7 @@ class CI_Session {
if (isset($_COOKIE[$this->_config['cookie_name']])
&& (
! is_string($_COOKIE[$this->_config['cookie_name']])
- OR ! preg_match('/^[0-9a-f]{40}$/', $_COOKIE[$this->_config['cookie_name']])
+ OR ! preg_match('#\A'.$this->_sid_regexp.'\z#', $_COOKIE[$this->_config['cookie_name']])
)
)
{
@@ -315,8 +317,36 @@ class CI_Session {
ini_set('session.use_strict_mode', 1);
ini_set('session.use_cookies', 1);
ini_set('session.use_only_cookies', 1);
- ini_set('session.hash_function', 1);
- ini_set('session.hash_bits_per_character', 4);
+
+ if (PHP_VERSION_ID < 70100)
+ {
+ if ((int) ini_get('session.hash_function') === 0)
+ {
+ ini_set('session.hash_function', 1);
+ ini_set('session.hash_bits_per_character', $bits_per_character = 4);
+ }
+ else
+ {
+ $bits_per_character = (int) ini_get('session.hash_bits_per_character');
+ }
+ }
+ elseif ((int) ini_get('session.sid_length') < 40 && ($bits_per_character = (int) ini_get('session.sid_bits_per_character')) === 4)
+ {
+ ini_set('session.sid_length', 40);
+ }
+
+ switch ($bits_per_character)
+ {
+ case 4:
+ $this->_sid_regexp = '[0-9a-f]{40,}';
+ break;
+ case 5:
+ $this->_sid_regexp = '[0-9a-v]{40,}';
+ break;
+ case 6:
+ $this->_sid_regexp = '[0-9a-zA-Z,-]{40,}';
+ break;
+ }
}
// ------------------------------------------------------------------------