diff options
author | Andrey Andreev <narf@devilix.net> | 2018-06-12 15:57:07 +0200 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2018-06-12 15:57:07 +0200 |
commit | b3f7aae1079e8e484437bc67f4c126f34e7903d8 (patch) | |
tree | 8d5961bc6260fec1769f852f2383656e15e5b77a /system/libraries/Session/drivers | |
parent | 1fd1494c709ced0b20252976c65145e21be046ee (diff) | |
parent | 44f53fb063eed55c79d31d0d19eef7ba973b6054 (diff) |
Merge branch '3.1-stable' into develop
Conflicts resolved:
system/core/CodeIgniter.php
system/libraries/Email.php
user_guide_src/source/changelog.rst
user_guide_src/source/conf.py
user_guide_src/source/installation/downloads.rst
user_guide_src/source/installation/upgrading.rst
Diffstat (limited to 'system/libraries/Session/drivers')
4 files changed, 81 insertions, 0 deletions
diff --git a/system/libraries/Session/drivers/Session_database_driver.php b/system/libraries/Session/drivers/Session_database_driver.php index 72c043c4e..1a0514b53 100644 --- a/system/libraries/Session/drivers/Session_database_driver.php +++ b/system/libraries/Session/drivers/Session_database_driver.php @@ -133,6 +133,8 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan return $this->_fail(); } + $this->php5_validate_id(); + return $this->_success; } @@ -340,6 +342,30 @@ class CI_Session_database_driver extends CI_Session_driver implements SessionHan : $this->_fail(); } + // -------------------------------------------------------------------- + + /** + * Validate ID + * + * Checks whether a session ID record exists server-side, + * to enforce session.use_strict_mode. + * + * @param string $id + * @return bool + */ + public function validateId($id) + { + // Prevent previous QB calls from messing with our queries + $this->_db->reset_query(); + + $this->_db->select('1')->from($this->_config['save_path'])->where('id', $id); + empty($this->_config['match_ip']) OR $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']); + $result = $this->_db->get(); + empty($result) OR $result = $result->row(); + + return ! empty($result); + } + // ------------------------------------------------------------------------ /** diff --git a/system/libraries/Session/drivers/Session_files_driver.php b/system/libraries/Session/drivers/Session_files_driver.php index 92c5ebc03..4a86ec9d6 100644 --- a/system/libraries/Session/drivers/Session_files_driver.php +++ b/system/libraries/Session/drivers/Session_files_driver.php @@ -148,6 +148,8 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle .$name // we'll use the session cookie name as a prefix to avoid collisions .($this->_config['match_ip'] ? md5($_SERVER['REMOTE_ADDR']) : ''); + $this->php5_validate_id(); + return $this->_success; } @@ -392,6 +394,22 @@ class CI_Session_files_driver extends CI_Session_driver implements SessionHandle // -------------------------------------------------------------------- /** + * Validate ID + * + * Checks whether a session ID record exists server-side, + * to enforce session.use_strict_mode. + * + * @param string $id + * @return bool + */ + public function validateId($id) + { + return is_file($this->_file_path.$id); + } + + // -------------------------------------------------------------------- + + /** * Byte-safe strlen() * * @param string $str diff --git a/system/libraries/Session/drivers/Session_memcached_driver.php b/system/libraries/Session/drivers/Session_memcached_driver.php index d9506ba7e..efc084d8b 100644 --- a/system/libraries/Session/drivers/Session_memcached_driver.php +++ b/system/libraries/Session/drivers/Session_memcached_driver.php @@ -145,6 +145,8 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa return $this->_fail(); } + $this->php5_validate_id(); + return $this->_success; } @@ -290,6 +292,23 @@ class CI_Session_memcached_driver extends CI_Session_driver implements SessionHa return $this->_success; } + // -------------------------------------------------------------------- + + /** + * Validate ID + * + * Checks whether a session ID record exists server-side, + * to enforce session.use_strict_mode. + * + * @param string $id + * @return bool + */ + public function validateId($id) + { + $this->_memcached-get($this->_key_prefix.$id); + return ($this->_memcached->getResultCode() === Memcached::RES_SUCCESS); + } + // ------------------------------------------------------------------------ /** diff --git a/system/libraries/Session/drivers/Session_redis_driver.php b/system/libraries/Session/drivers/Session_redis_driver.php index 0fee40e3a..0562301b2 100644 --- a/system/libraries/Session/drivers/Session_redis_driver.php +++ b/system/libraries/Session/drivers/Session_redis_driver.php @@ -177,6 +177,8 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle log_message('error', 'Session: Unable to connect to Redis with the configured settings.'); } + $this->php5_validate_id(); + return $this->_fail(); } @@ -334,6 +336,22 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle return $this->_success; } + // -------------------------------------------------------------------- + + /** + * Validate ID + * + * Checks whether a session ID record exists server-side, + * to enforce session.use_strict_mode. + * + * @param string $id + * @return bool + */ + public function validateId($id) + { + return (bool) $this->_redis->exists($this->_key_prefix.$id); + } + // ------------------------------------------------------------------------ /** |