diff options
author | Andrey Andreev <narf@devilix.net> | 2022-03-03 00:20:55 +0100 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2022-03-03 00:20:55 +0100 |
commit | 3378180483140fa9251e50843bda15a508e85e89 (patch) | |
tree | 5511462e595ccd3d40033d5c2ec01154ff2aa7eb /system/libraries/Session | |
parent | bb7192e43b251cb9620b35859f6283e80897c331 (diff) | |
parent | 4196eb22d7aa2f9d8325865567c2cbb82fd70960 (diff) |
Merge branch '3.1-stable' into develop
Diffstat (limited to 'system/libraries/Session')
10 files changed, 168 insertions, 14 deletions
diff --git a/system/libraries/Session/CI_Session_driver_interface.php b/system/libraries/Session/CI_Session_driver_interface.php index a854e92af..23a0dfd53 100644 --- a/system/libraries/Session/CI_Session_driver_interface.php +++ b/system/libraries/Session/CI_Session_driver_interface.php @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2022, CodeIgniter Foundation (https://codeigniter.com/) - * @license http://opensource.org/licenses/MIT MIT License + * @license https://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 3.0.0 * @filesource @@ -55,4 +55,6 @@ interface CI_Session_driver_interface { public function write($session_id, $session_data); public function destroy($session_id); public function gc($maxlifetime); + public function updateTimestamp($session_id, $data); + public function validateId($session_id); } diff --git a/system/libraries/Session/OldSessionWrapper.php b/system/libraries/Session/OldSessionWrapper.php index a8bc1d0c0..d013c777f 100644 --- a/system/libraries/Session/OldSessionWrapper.php +++ b/system/libraries/Session/OldSessionWrapper.php @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2022, CodeIgniter Foundation (https://codeigniter.com/) - * @license http://opensource.org/licenses/MIT MIT License + * @license https://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 3.0.0 * @filesource @@ -47,7 +47,7 @@ defined('BASEPATH') OR exit('No direct script access allowed'); * @author Andrey Andreev * @link https://codeigniter.com/userguide3/libraries/sessions.html */ -class CI_SessionWrapper implements SessionHandlerInterface { +class CI_SessionWrapper implements SessionHandlerInterface, SessionUpdateTimestampHandlerInterface { protected $driver; @@ -85,4 +85,14 @@ class CI_SessionWrapper implements SessionHandlerInterface { { return $this->driver->gc($maxlifetime); } + + public function updateTimestamp($id, $data) + { + return $this->driver->updateTimestamp($id, $data); + } + + public function validateId($id) + { + return $this->driver->validateId($id); + } } diff --git a/system/libraries/Session/PHP8SessionWrapper.php b/system/libraries/Session/PHP8SessionWrapper.php index c6dfaf7e0..41889bc61 100644 --- a/system/libraries/Session/PHP8SessionWrapper.php +++ b/system/libraries/Session/PHP8SessionWrapper.php @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2022, CodeIgniter Foundation (https://codeigniter.com/) - * @license http://opensource.org/licenses/MIT MIT License + * @license https://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 3.0.0 * @filesource @@ -47,7 +47,7 @@ defined('BASEPATH') OR exit('No direct script access allowed'); * @author Andrey Andreev * @link https://codeigniter.com/userguide3/libraries/sessions.html */ -class CI_SessionWrapper implements SessionHandlerInterface { +class CI_SessionWrapper implements SessionHandlerInterface, SessionUpdateTimestampHandlerInterface { protected CI_Session_driver_interface $driver; @@ -87,4 +87,14 @@ class CI_SessionWrapper implements SessionHandlerInterface { { return $this->driver->gc($maxlifetime); } + + public function updateTimestamp(string $id, string$data): bool + { + return $this->driver->updateTimestamp($id, $data); + } + + public function validateId(string $id): bool + { + return $this->driver->validateId($id); + } } diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php index 95defbedb..2d55f822a 100644 --- a/system/libraries/Session/Session.php +++ b/system/libraries/Session/Session.php @@ -205,6 +205,9 @@ class CI_Session { */ protected function _ci_load_classes($driver) { + // PHP 7 compatibility + interface_exists('SessionUpdateTimestampHandlerInterface', FALSE) OR require_once(BASEPATH.'libraries/Session/SessionUpdateTimestampHandlerInterface.php'); + require_once(BASEPATH.'libraries/Session/CI_Session_driver_interface.php'); $wrapper = is_php('8.0') ? 'PHP8SessionWrapper' : 'OldSessionWrapper'; require_once(BASEPATH.'libraries/Session/'.$wrapper.'.php'); diff --git a/system/libraries/Session/SessionUpdateTimestampHandlerInterface.php b/system/libraries/Session/SessionUpdateTimestampHandlerInterface.php new file mode 100644 index 000000000..4495a1b7a --- /dev/null +++ b/system/libraries/Session/SessionUpdateTimestampHandlerInterface.php @@ -0,0 +1,56 @@ +<?php +/** + * CodeIgniter + * + * An open source application development framework for PHP + * + * This content is released under the MIT License (MIT) + * + * Copyright (c) 2019 - 2022, CodeIgniter Foundation + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + * + * @package CodeIgniter + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) + * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/) + * @copyright Copyright (c) 2019 - 2022, CodeIgniter Foundation (https://codeigniter.com/) + * @license https://opensource.org/licenses/MIT MIT License + * @link https://codeigniter.com + * @since Version 3.0.0 + * @filesource + */ +defined('BASEPATH') OR exit('No direct script access allowed'); + +/** + * SessionUpdateTimestampHandlerInterface + * + * PHP 7 compatibility interface + * + * @package CodeIgniter + * @subpackage Libraries + * @category Sessions + * @author Andrey Andreev + * @link https://codeigniter.com/userguide3/libraries/sessions.html + */ +interface SessionHandlerInterface { + + public function updateTimestamp($session_id, $data); + public function validateId($session_id); +} diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php index ec4b76841..24b4b465e 100644 --- a/system/libraries/Session/Session_driver.php +++ b/system/libraries/Session/Session_driver.php @@ -122,7 +122,7 @@ abstract class CI_Session_driver { */ public function php5_validate_id() { - if (isset($_COOKIE[$this->_config['cookie_name']]) && ! $this->validateSessionId($_COOKIE[$this->_config['cookie_name']])) + if ($this->_success === 0 && isset($_COOKIE[$this->_config['cookie_name']]) && ! $this->validateId($_COOKIE[$this->_config['cookie_name']])) { unset($_COOKIE[$this->_config['cookie_name']]); } diff --git a/system/libraries/Session/drivers/Session_database_driver.php b/system/libraries/Session/drivers/Session_database_driver.php index 2f788a1a1..4b475364b 100644 --- a/system/libraries/Session/drivers/Session_database_driver.php +++ b/system/libraries/Session/drivers/Session_database_driver.php @@ -345,15 +345,40 @@ class CI_Session_database_driver extends CI_Session_driver implements CI_Session // -------------------------------------------------------------------- /** + * Update Timestamp + * + * Update session timestamp without modifying data + * + * @param string $id Session ID + * @param string $data Unknown & unused + * @return bool + */ + public function updateTimestamp($id, $unknown) + { + // Prevent previous QB calls from messing with our queries + $this->_db->reset_query(); + + $this->_db->where('id', $id); + if ($this->_config['match_ip']) + { + $this->_db->where('ip_address', $_SERVER['REMOTE_ADDR']); + } + + return (bool) $this->_db->update($this->_config['save_path'], array('timestamp' => time())); + } + + // -------------------------------------------------------------------- + + /** * Validate ID * * Checks whether a session ID record exists server-side, * to enforce session.use_strict_mode. * - * @param string $id + * @param string $id Session ID * @return bool */ - public function validateSessionId($id) + public function validateId($id) { // Prevent previous QB calls from messing with our queries $this->_db->reset_query(); diff --git a/system/libraries/Session/drivers/Session_files_driver.php b/system/libraries/Session/drivers/Session_files_driver.php index c912fc71d..be0dc9ede 100644 --- a/system/libraries/Session/drivers/Session_files_driver.php +++ b/system/libraries/Session/drivers/Session_files_driver.php @@ -401,15 +401,31 @@ class CI_Session_files_driver extends CI_Session_driver implements CI_Session_dr // -------------------------------------------------------------------- /** + * Update Timestamp + * + * Update session timestamp without modifying data + * + * @param string $id Session ID + * @param string $data Unknown & unused + * @return bool + */ + public function updateTimestamp($id, $unknown) + { + return touch($this->_file_path.$id); + } + + // -------------------------------------------------------------------- + + /** * Validate ID * * Checks whether a session ID record exists server-side, * to enforce session.use_strict_mode. * - * @param string $id + * @param string $id Session ID * @return bool */ - public function validateSessionId($id) + public function validateId($id) { $result = is_file($this->_file_path.$id); clearstatcache(TRUE, $this->_file_path.$id); diff --git a/system/libraries/Session/drivers/Session_memcached_driver.php b/system/libraries/Session/drivers/Session_memcached_driver.php index d84a9df1d..d1401630d 100644 --- a/system/libraries/Session/drivers/Session_memcached_driver.php +++ b/system/libraries/Session/drivers/Session_memcached_driver.php @@ -296,15 +296,31 @@ class CI_Session_memcached_driver extends CI_Session_driver implements CI_Sessio // -------------------------------------------------------------------- /** + * Update Timestamp + * + * Update session timestamp without modifying data + * + * @param string $id Session ID + * @param string $data Unknown & unused + * @return bool + */ + public function updateTimestamp($id, $unknown) + { + return $this->_memcached->touch($this->_key_prefix.$id, $this->_config['expiration']); + } + + // -------------------------------------------------------------------- + + /** * Validate ID * * Checks whether a session ID record exists server-side, * to enforce session.use_strict_mode. * - * @param string $id + * @param string $id Session ID * @return bool */ - public function validateSessionId($id) + public function validateId($id) { $this->_memcached->get($this->_key_prefix.$id); return ($this->_memcached->getResultCode() === Memcached::RES_SUCCESS); diff --git a/system/libraries/Session/drivers/Session_redis_driver.php b/system/libraries/Session/drivers/Session_redis_driver.php index fae024bee..2614aa37e 100644 --- a/system/libraries/Session/drivers/Session_redis_driver.php +++ b/system/libraries/Session/drivers/Session_redis_driver.php @@ -382,15 +382,31 @@ class CI_Session_redis_driver extends CI_Session_driver implements CI_Session_dr // -------------------------------------------------------------------- /** + * Update Timestamp + * + * Update session timestamp without modifying data + * + * @param string $id Session ID + * @param string $data Unknown & unused + * @return bool + */ + public function updateTimestamp($id, $unknown) + { + return $this->_redis->{$this->_setTimeout_name}($this->_key_prefix.$id, $this->_config['expiration']); + } + + // -------------------------------------------------------------------- + + /** * Validate ID * * Checks whether a session ID record exists server-side, * to enforce session.use_strict_mode. * - * @param string $id + * @param string $id Session ID * @return bool */ - public function validateSessionId($id) + public function validateId($id) { return (bool) $this->_redis->exists($this->_key_prefix.$id); } |