diff options
| author | Andrey Andreev <narf@devilix.net> | 2018-06-12 15:40:12 +0200 |
|---|---|---|
| committer | Andrey Andreev <narf@devilix.net> | 2018-06-12 15:40:12 +0200 |
| commit | a9da3dd2f16a8f97d7bc4ff5572b28e4bb84c813 (patch) | |
| tree | aa3770006128ab46d570e6b6aad756e4e92299d9 /system/libraries/Session/drivers/Session_database_driver.php | |
| parent | 4d3fea4a628e7a9bc03192fb1a6e2e971f3f9d46 (diff) | |
[ci skip] Prepare 3.1.9 release
Diffstat (limited to 'system/libraries/Session/drivers/Session_database_driver.php')
| -rw-r--r-- | system/libraries/Session/drivers/Session_database_driver.php | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/system/libraries/Session/drivers/Session_database_driver.php b/system/libraries/Session/drivers/Session_database_driver.php index ae7a1b4a1..074accfe7 100644 --- a/system/libraries/Session/drivers/Session_database_driver.php +++ b/system/libraries/Session/drivers/Session_database_driver.php @@ -133,6 +133,8 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan return $this->_fail(); } + $this->php5_validate_id(); + return $this->_success; } @@ -340,6 +342,30 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan : $this->_fail(); } + // -------------------------------------------------------------------- + + /** + * Validate ID + * + * Checks whether a session ID record exists server-side, + * to enforce session.use_strict_mode. + * + * @param string $id + * @return bool + */ + public function validateId($id) + { + // Prevent previous QB calls from messing with our queries + $this->_db->reset_query(); + + $this->_db->select('1')->from($this->_config['save_path'])->where('id', $id); + empty($this->_config['match_ip']) OR $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']); + $result = $this->_db->get(); + empty($result) OR $result = $result->row(); + + return ! empty($result); + } + // ------------------------------------------------------------------------ /** |