summaryrefslogtreecommitdiffstats
path: root/system/libraries/Session/drivers/Session_database_driver.php
diff options
context:
space:
mode:
authorJohn de Kroon <johndekroon@gmail.com>2018-09-03 11:21:33 +0200
committerGitHub <noreply@github.com>2018-09-03 11:21:33 +0200
commit8abd21b17e9da1f3808f537643bfeaba0a790837 (patch)
tree26119f00ab2a4931a54d2b55874cdc8d5217d4d1 /system/libraries/Session/drivers/Session_database_driver.php
parent9bf6753a1bcd54d6ca69fc194efc9f982661aa66 (diff)
parent8537680955fbc045bf8011a2915e18583a91d52f (diff)
Merge pull request #1 from bcit-ci/develop
Update from source
Diffstat (limited to 'system/libraries/Session/drivers/Session_database_driver.php')
-rw-r--r--system/libraries/Session/drivers/Session_database_driver.php30
1 files changed, 28 insertions, 2 deletions
diff --git a/system/libraries/Session/drivers/Session_database_driver.php b/system/libraries/Session/drivers/Session_database_driver.php
index ae7a1b4a1..1a0514b53 100644
--- a/system/libraries/Session/drivers/Session_database_driver.php
+++ b/system/libraries/Session/drivers/Session_database_driver.php
@@ -29,8 +29,8 @@
* @package CodeIgniter
* @author EllisLab Dev Team
* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright Copyright (c) 2014 - 2018, British Columbia Institute of Technology (http://bcit.ca/)
- * @license http://opensource.org/licenses/MIT MIT License
+ * @copyright Copyright (c) 2014 - 2018, British Columbia Institute of Technology (https://bcit.ca/)
+ * @license https://opensource.org/licenses/MIT MIT License
* @link https://codeigniter.com
* @since Version 3.0.0
* @filesource
@@ -133,6 +133,8 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan
return $this->_fail();
}
+ $this->php5_validate_id();
+
return $this->_success;
}
@@ -340,6 +342,30 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan
: $this->_fail();
}
+ // --------------------------------------------------------------------
+
+ /**
+ * Validate ID
+ *
+ * Checks whether a session ID record exists server-side,
+ * to enforce session.use_strict_mode.
+ *
+ * @param string $id
+ * @return bool
+ */
+ public function validateId($id)
+ {
+ // Prevent previous QB calls from messing with our queries
+ $this->_db->reset_query();
+
+ $this->_db->select('1')->from($this->_config['save_path'])->where('id', $id);
+ empty($this->_config['match_ip']) OR $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']);
+ $result = $this->_db->get();
+ empty($result) OR $result = $result->row();
+
+ return ! empty($result);
+ }
+
// ------------------------------------------------------------------------
/**
generated by cgit v1.2.3-24-g4f1b (git 2.32.0) at 2024-10-18 04:35:01 +0200