diff options
author | Andrey Andreev <narf@devilix.net> | 2014-01-08 17:32:05 +0100 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2014-01-08 17:32:05 +0100 |
commit | bfb635b276d880336db795f1a603de66ccfc80f6 (patch) | |
tree | 1f1edf4376188523c79ff9e5084492b6af713923 /system/libraries/Session | |
parent | 80a16b1cd0d4716b5ea41497685a8fac02e34333 (diff) |
Make newline standardization configurable
Added ['standardize_newlines']
Also altered the Session cookie driver, which experienced issues with this
feature due to it's HMAC verification failing after the Input class alters
newlines in non-encrypted session cookies.
Supersedes PR #2470
Diffstat (limited to 'system/libraries/Session')
-rw-r--r-- | system/libraries/Session/drivers/Session_cookie.php | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php index dc75d8e8e..65debcb44 100644 --- a/system/libraries/Session/drivers/Session_cookie.php +++ b/system/libraries/Session/drivers/Session_cookie.php @@ -165,6 +165,8 @@ class CI_Session_cookie extends CI_Session_driver { */ public $now; + // ------------------------------------------------------------------------ + /** * Default userdata keys * @@ -185,6 +187,15 @@ class CI_Session_cookie extends CI_Session_driver { protected $data_dirty = FALSE; /** + * Standardize newlines flag + * + * @var bool + */ + protected $_standardize_newlines; + + // ------------------------------------------------------------------------ + + /** * Initialize session driver object * * @return void @@ -209,9 +220,11 @@ class CI_Session_cookie extends CI_Session_driver { 'sess_time_to_update', 'time_reference', 'cookie_prefix', - 'encryption_key' + 'encryption_key', ); + $this->_standardize_newlines = (bool) $config['standardize_newlines']; + foreach ($prefs as $key) { $this->$key = isset($this->_parent->params[$key]) @@ -695,6 +708,16 @@ class CI_Session_cookie extends CI_Session_driver { ? array_intersect_key($this->userdata, $this->defaults) : $this->userdata; + // The Input class will do this and since we use HMAC verification, + // unless we standardize here as well, the hash won't match. + if ($this->_standardize_newlines) + { + foreach (array_keys($this->userdata) as $key) + { + $this->userdata[$key] = preg_replace('/(?:\r\n|[\r\n])/', PHP_EOL, $this->userdata[$key]); + } + } + // Serialize the userdata for the cookie $cookie_data = serialize($cookie_data); |