From 97b0d8331eecd7f3efe3a1c9a93de55a2f26e877 Mon Sep 17 00:00:00 2001 From: dchill42 Date: Tue, 4 Sep 2012 10:09:00 -0400 Subject: Fixed issues #1756 and #1711 Signed-off-by: dchill42 --- system/libraries/Session/drivers/Session_cookie.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'system/libraries/Session/drivers') diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php index 69e5fde14..ce63b976f 100755 --- a/system/libraries/Session/drivers/Session_cookie.php +++ b/system/libraries/Session/drivers/Session_cookie.php @@ -309,6 +309,7 @@ class CI_Session_cookie extends CI_Session_driver { if ($this->sess_use_database === TRUE && isset($this->userdata['session_id'])) { $this->CI->db->delete($this->sess_table_name, array('session_id' => $this->userdata['session_id'])); + $this->data_dirty = FALSE; } // Kill the cookie @@ -571,11 +572,22 @@ class CI_Session_cookie extends CI_Session_driver { $set['user_data'] = $this->_serialize($userdata); } + // Is caching in effect? Turn it off + $db_cache = $this->CI->db->cache_on; + $this->CI->db->cache_off(); + // Run the update query // Any time we change the session id, it gets updated immediately, // so our where clause below is always safe $this->CI->db->update($this->sess_table_name, $set, array('session_id' => $this->userdata['session_id'])); + // Was caching in effect? + if ($db_cache) + { + // Turn it back on + $this->CI->db->cache_on(); + } + // Clear dirty flag to prevent double updates $this->data_dirty = FALSE; -- cgit v1.2.3-24-g4f1b From cd436e92ec5f9a5d0361fb186bccacb908dbea22 Mon Sep 17 00:00:00 2001 From: dchill42 Date: Tue, 4 Sep 2012 10:15:14 -0400 Subject: That doesn't go there. Put cache fix around correct query. Signed-off-by: dchill42 --- .../libraries/Session/drivers/Session_cookie.php | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) (limited to 'system/libraries/Session/drivers') diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php index ce63b976f..52eeddbc4 100755 --- a/system/libraries/Session/drivers/Session_cookie.php +++ b/system/libraries/Session/drivers/Session_cookie.php @@ -444,8 +444,19 @@ class CI_Session_cookie extends CI_Session_driver { $this->CI->db->where('user_agent', $session['user_agent']); } + // Is caching in effect? Turn it off + $db_cache = $this->CI->db->cache_on; + $this->CI->db->cache_off(); + $query = $this->CI->db->limit(1)->get($this->sess_table_name); + // Was caching in effect? + if ($db_cache) + { + // Turn it back on + $this->CI->db->cache_on(); + } + // No result? Kill it! if ($query->num_rows() === 0) { @@ -572,22 +583,11 @@ class CI_Session_cookie extends CI_Session_driver { $set['user_data'] = $this->_serialize($userdata); } - // Is caching in effect? Turn it off - $db_cache = $this->CI->db->cache_on; - $this->CI->db->cache_off(); - // Run the update query // Any time we change the session id, it gets updated immediately, // so our where clause below is always safe $this->CI->db->update($this->sess_table_name, $set, array('session_id' => $this->userdata['session_id'])); - // Was caching in effect? - if ($db_cache) - { - // Turn it back on - $this->CI->db->cache_on(); - } - // Clear dirty flag to prevent double updates $this->data_dirty = FALSE; -- cgit v1.2.3-24-g4f1b From 9ffcee60140b20ca3ec4e7688f83a039c7c080f7 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 5 Sep 2012 16:25:16 +0300 Subject: Cleanup and optimize new Session classes --- .../libraries/Session/drivers/Session_cookie.php | 125 ++++++++++++--------- .../libraries/Session/drivers/Session_native.php | 69 ++++++++---- 2 files changed, 114 insertions(+), 80 deletions(-) (limited to 'system/libraries/Session/drivers') diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php index 52eeddbc4..6d931c16c 100755 --- a/system/libraries/Session/drivers/Session_cookie.php +++ b/system/libraries/Session/drivers/Session_cookie.php @@ -37,6 +37,7 @@ * @link http://codeigniter.com/user_guide/libraries/sessions.html */ class CI_Session_cookie extends CI_Session_driver { + /** * Whether to encrypt the session cookie * @@ -192,7 +193,6 @@ class CI_Session_cookie extends CI_Session_driver { /** * Initialize session driver object * - * @access protected * @return void */ protected function initialize() @@ -220,16 +220,17 @@ class CI_Session_cookie extends CI_Session_driver { 'cookie_prefix', 'encryption_key' ); + foreach ($prefs as $key) { - $this->$key = isset($this->_parent->params[$key]) ? $this->_parent->params[$key] : - $this->CI->config->item($key); + $this->$key = isset($this->_parent->params[$key]) + ? $this->_parent->params[$key] + : $this->CI->config->item($key); } if ($this->encryption_key === '') { - show_error('In order to use the Cookie Session driver you are required to set an encryption key '. - 'in your config file.'); + show_error('In order to use the Cookie Session driver you are required to set an encryption key in your config file.'); } // Load the string helper so we can use the strip_slashes() function @@ -280,6 +281,8 @@ class CI_Session_cookie extends CI_Session_driver { $this->_sess_gc(); } + // ------------------------------------------------------------------------ + /** * Write the session data * @@ -298,6 +301,8 @@ class CI_Session_cookie extends CI_Session_driver { $this->_set_cookie(); } + // ------------------------------------------------------------------------ + /** * Destroy the current session * @@ -320,15 +325,17 @@ class CI_Session_cookie extends CI_Session_driver { $this->userdata = array(); } + // ------------------------------------------------------------------------ + /** * Regenerate the current session * * Regenerate the session id * - * @param boolean Destroy session data flag (default: false) + * @param bool Destroy session data flag (default: false) * @return void */ - public function sess_regenerate($destroy = false) + public function sess_regenerate($destroy = FALSE) { // Check destroy flag if ($destroy) @@ -344,21 +351,23 @@ class CI_Session_cookie extends CI_Session_driver { } } + // ------------------------------------------------------------------------ + /** * Get a reference to user data array * - * @return array - Reference to userdata + * @return array Reference to userdata */ public function &get_userdata() { - // Return reference to array return $this->userdata; } + // ------------------------------------------------------------------------ + /** * Fetch the current session data if it exists * - * @access protected * @return bool */ protected function _sess_read() @@ -389,8 +398,7 @@ class CI_Session_cookie extends CI_Session_driver { // Does the md5 hash match? This is to prevent manipulation of session data in userspace if ($hash !== md5($session.$this->encryption_key)) { - log_message('error', 'The session cookie data did not match what was expected. '. - 'This could be a possible hacking attempt.'); + log_message('error', 'The session cookie data did not match what was expected. This could be a possible hacking attempt.'); $this->sess_destroy(); return FALSE; } @@ -400,8 +408,7 @@ class CI_Session_cookie extends CI_Session_driver { $session = $this->_unserialize($session); // Is the session data we unserialized an array with the correct format? - if ( ! is_array($session) || ! isset($session['session_id'], $session['ip_address'], $session['user_agent'], - $session['last_activity'])) + if ( ! is_array($session) OR ! isset($session['session_id'], $session['ip_address'], $session['user_agent'], $session['last_activity'])) { $this->sess_destroy(); return FALSE; @@ -423,7 +430,7 @@ class CI_Session_cookie extends CI_Session_driver { // Does the User Agent Match? if ($this->sess_match_useragent === TRUE && - trim($session['user_agent']) !== trim(substr($this->CI->input->user_agent(), 0, 120))) + trim($session['user_agent']) !== trim(substr($this->CI->input->user_agent(), 0, 120))) { $this->sess_destroy(); return FALSE; @@ -482,10 +489,11 @@ class CI_Session_cookie extends CI_Session_driver { return TRUE; } + // ------------------------------------------------------------------------ + /** * Create a new session * - * @access protected * @return void */ protected function _sess_create() @@ -509,11 +517,12 @@ class CI_Session_cookie extends CI_Session_driver { $this->_set_cookie(); } + // ------------------------------------------------------------------------ + /** * Update an existing session * - * @access protected - * @param boolean Force update flag (default: false) + * @param bool Force update flag (default: false) * @return void */ protected function _sess_update($force = FALSE) @@ -551,6 +560,8 @@ class CI_Session_cookie extends CI_Session_driver { $this->_set_cookie(); } + // ------------------------------------------------------------------------ + /** * Update database with current data * @@ -559,6 +570,8 @@ class CI_Session_cookie extends CI_Session_driver { * so it's guaranteed to update even when a fatal error * occurs. The first call makes the update and clears the * dirty flag so it won't happen twice. + * + * @return void */ public function _update_db() { @@ -595,6 +608,8 @@ class CI_Session_cookie extends CI_Session_driver { } } + // ------------------------------------------------------------------------ + /** * Generate a new session id * @@ -616,15 +631,16 @@ class CI_Session_cookie extends CI_Session_driver { return md5(uniqid($new_sessid, TRUE)); } + // ------------------------------------------------------------------------ + /** * Get the "now" time * - * @access protected * @return int Time */ protected function _get_time() { - if ($this->time_reference === 'local' || $this->time_reference === date_default_timezone_get()) + if ($this->time_reference === 'local' OR $this->time_reference === date_default_timezone_get()) { return time(); } @@ -635,36 +651,27 @@ class CI_Session_cookie extends CI_Session_driver { return mktime($hour, $minute, $second, $month, $day, $year); } + // ------------------------------------------------------------------------ + /** * Write the session cookie * - * @access protected * @return void */ protected function _set_cookie() { // Get userdata (only defaults if database) - if ($this->sess_use_database === TRUE) - { - $cookie_data = array_intersect_key($this->userdata, $this->defaults); - } - else - { - $cookie_data = $this->userdata; - } + $cookie_data = ($this->sess_use_database === TRUE) + ? array_intersect_key($this->userdata, $this->defaults) + : $this->userdata; // Serialize the userdata for the cookie $cookie_data = $this->_serialize($cookie_data); - if ($this->sess_encrypt_cookie === TRUE) - { - $cookie_data = $this->CI->encrypt->encode($cookie_data); - } - else - { + $cookie_data = ($this->sess_encrypt_cookie === TRUE) + ? $this->CI->encrypt->encode($cookie_data) // if encryption is not used, we provide an md5 hash to prevent userside tampering - $cookie_data = $cookie_data.md5($cookie_data.$this->encryption_key); - } + : $cookie_data.md5($cookie_data.$this->encryption_key); $expire = ($this->sess_expire_on_close === TRUE) ? 0 : $this->sess_expiration + time(); @@ -673,35 +680,35 @@ class CI_Session_cookie extends CI_Session_driver { $this->cookie_secure, $this->cookie_httponly); } + // ------------------------------------------------------------------------ + /** * Set a cookie with the system * * This abstraction of the setcookie call allows overriding for unit testing * - * @access protected - * @param string Cookie name - * @param string Cookie value - * @param int Expiration time - * @param string Cookie path - * @param string Cookie domain - * @param bool Secure connection flag - * @param bool HTTP protocol only flag - * @return void - */ - protected function _setcookie($name, $value = '', $expire = 0, $path = '', $domain = '', $secure = false, - $httponly = false) + * @param string Cookie name + * @param string Cookie value + * @param int Expiration time + * @param string Cookie path + * @param string Cookie domain + * @param bool Secure connection flag + * @param bool HTTP protocol only flag + * @return void + */ + protected function _setcookie($name, $value = '', $expire = 0, $path = '', $domain = '', $secure = FALSE, $httponly = FALSE) { - // Set the cookie setcookie($name, $value, $expire, $path, $domain, $secure, $httponly); } + // ------------------------------------------------------------------------ + /** * Serialize an array * * This function first converts any slashes found in the array to a temporary * marker, so when it gets unserialized the slashes will be preserved * - * @access protected * @param mixed Data to serialize * @return string Serialized data */ @@ -715,15 +722,17 @@ class CI_Session_cookie extends CI_Session_driver { { $data = str_replace('\\', '{{slash}}', $data); } + return serialize($data); } + // ------------------------------------------------------------------------ + /** * Escape slashes * * This function converts any slashes found into a temporary marker * - * @access protected * @param string Value * @param string Key * @return void @@ -736,13 +745,14 @@ class CI_Session_cookie extends CI_Session_driver { } } + // ------------------------------------------------------------------------ + /** * Unserialize * * This function unserializes a data string, then converts any * temporary slash markers back to actual slashes * - * @access protected * @param mixed Data to unserialize * @return mixed Unserialized data */ @@ -759,12 +769,13 @@ class CI_Session_cookie extends CI_Session_driver { return is_string($data) ? str_replace('{{slash}}', '\\', $data) : $data; } + // ------------------------------------------------------------------------ + /** * Unescape slashes * * This function converts any slash markers back into actual slashes * - * @access protected * @param string Value * @param string Key * @return void @@ -777,13 +788,14 @@ class CI_Session_cookie extends CI_Session_driver { } } + // ------------------------------------------------------------------------ + /** * Garbage collection * * This deletes expired session rows from database * if the probability percentage is met * - * @access protected * @return void */ protected function _sess_gc() @@ -805,7 +817,8 @@ class CI_Session_cookie extends CI_Session_driver { log_message('debug', 'Session garbage collection performed.'); } } + } /* End of file Session_cookie.php */ -/* Location: ./system/libraries/Session/drivers/Session_cookie.php */ +/* Location: ./system/libraries/Session/drivers/Session_cookie.php */ \ No newline at end of file diff --git a/system/libraries/Session/drivers/Session_native.php b/system/libraries/Session/drivers/Session_native.php index 8ba8e749a..c97e15356 100755 --- a/system/libraries/Session/drivers/Session_native.php +++ b/system/libraries/Session/drivers/Session_native.php @@ -2,18 +2,29 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer + * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2010, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com - * @since Version 2.0 + * @since Version 1.0 * @filesource */ - /** * Native PHP session management driver * @@ -22,13 +33,13 @@ * @package CodeIgniter * @subpackage Libraries * @category Sessions - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team */ class CI_Session_native extends CI_Session_driver { + /** * Initialize session driver object * - * @access protected * @return void */ protected function initialize() @@ -47,10 +58,12 @@ class CI_Session_native extends CI_Session_driver { 'cookie_path', 'cookie_domain' ); + foreach ($prefs as $key) { - $config[$key] = isset($this->_parent->params[$key]) ? $this->_parent->params[$key] : - $CI->config->item($key); + $config[$key] = isset($this->_parent->params[$key]) + ? $this->_parent->params[$key] + : $CI->config->item($key); } // Set session name, if specified @@ -75,11 +88,13 @@ class CI_Session_native extends CI_Session_driver { // Default to 2 years if expiration is "0" $expire = ($config['sess_expiration'] == 0) ? (60*60*24*365*2) : $config['sess_expiration']; } + if ($config['cookie_path']) { // Use specified path $path = $config['cookie_path']; } + if ($config['cookie_domain']) { // Use specified domain @@ -98,14 +113,14 @@ class CI_Session_native extends CI_Session_driver { // Expired - destroy $destroy = TRUE; } - else if ($config['sess_match_ip'] == TRUE && isset($_SESSION['ip_address']) && - $_SESSION['ip_address'] != $CI->input->ip_address()) + elseif ($config['sess_match_ip'] === TRUE && isset($_SESSION['ip_address']) + && $_SESSION['ip_address'] !== $CI->input->ip_address()) { // IP doesn't match - destroy $destroy = TRUE; } - else if ($config['sess_match_useragent'] == TRUE && isset($_SESSION['user_agent']) && - $_SESSION['user_agent'] != trim(substr($CI->input->user_agent(), 0, 50))) + elseif ($config['sess_match_useragent'] === TRUE && isset($_SESSION['user_agent']) + && $_SESSION['user_agent'] !== trim(substr($CI->input->user_agent(), 0, 50))) { // Agent doesn't match - destroy $destroy = TRUE; @@ -120,8 +135,8 @@ class CI_Session_native extends CI_Session_driver { } // Check for update time - if ($config['sess_time_to_update'] && isset($_SESSION['last_activity']) && - ($_SESSION['last_activity'] + $config['sess_time_to_update']) < $now) + if ($config['sess_time_to_update'] && isset($_SESSION['last_activity']) + && ($_SESSION['last_activity'] + $config['sess_time_to_update']) < $now) { // Regenerate ID, but don't destroy session $this->sess_regenerate(FALSE); @@ -131,12 +146,13 @@ class CI_Session_native extends CI_Session_driver { $_SESSION['last_activity'] = $now; // Set matching values as required - if ($config['sess_match_ip'] == TRUE && !isset($_SESSION['ip_address'])) + if ($config['sess_match_ip'] === TRUE && ! isset($_SESSION['ip_address'])) { // Store user IP address $_SESSION['ip_address'] = $CI->input->ip_address(); } - if ($config['sess_match_useragent'] == TRUE && !isset($_SESSION['user_agent'])) + + if ($config['sess_match_useragent'] === TRUE && ! isset($_SESSION['user_agent'])) { // Store user agent string $_SESSION['user_agent'] = trim(substr($CI->input->user_agent(), 0, 50)); @@ -146,10 +162,11 @@ class CI_Session_native extends CI_Session_driver { $_SESSION['session_id'] = session_id(); } + // ------------------------------------------------------------------------ + /** * Save the session data * - * @access public * @return void */ public function sess_save() @@ -157,10 +174,11 @@ class CI_Session_native extends CI_Session_driver { // Nothing to do - changes to $_SESSION are automatically saved } + // ------------------------------------------------------------------------ + /** * Destroy the current session * - * @access public * @return void */ public function sess_destroy() @@ -178,13 +196,14 @@ class CI_Session_native extends CI_Session_driver { session_destroy(); } + // ------------------------------------------------------------------------ + /** * Regenerate the current session * * Regenerate the session id * - * @access public - * @param boolean Destroy session data flag (default: FALSE) + * @param bool Destroy session data flag (default: FALSE) * @return void */ public function sess_regenerate($destroy = FALSE) @@ -194,10 +213,11 @@ class CI_Session_native extends CI_Session_driver { $_SESSION['session_id'] = session_id(); } + // ------------------------------------------------------------------------ + /** * Get a reference to user data array * - * @access public * @return array Reference to userdata */ public function &get_userdata() @@ -205,7 +225,8 @@ class CI_Session_native extends CI_Session_driver { // Just return reference to $_SESSION return $_SESSION; } + } /* End of file Session_native.php */ -/* Location: ./system/libraries/Session/drivers/Session_native.php */ +/* Location: ./system/libraries/Session/drivers/Session_native.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b From 3f3f135ed5b47fd87a59d31fb3d1a4c773dcc3b3 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 5 Sep 2012 16:39:28 +0300 Subject: Misc. style changes --- system/libraries/Session/drivers/Session_cookie.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Session/drivers') diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php index 6d931c16c..4f415cc0d 100755 --- a/system/libraries/Session/drivers/Session_cookie.php +++ b/system/libraries/Session/drivers/Session_cookie.php @@ -347,7 +347,7 @@ class CI_Session_cookie extends CI_Session_driver { else { // Just force an update to recreate the id - $this->_sess_update(true); + $this->_sess_update(TRUE); } } -- cgit v1.2.3-24-g4f1b From 2e3e23053d9748c68fa2c0e11f43af67da8743e8 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 9 Oct 2012 15:52:34 +0300 Subject: Disable Session library under CLI and create a CI singleton to be used by its drivers --- system/libraries/Session/drivers/Session_cookie.php | 10 ---------- system/libraries/Session/drivers/Session_native.php | 11 +++++------ 2 files changed, 5 insertions(+), 16 deletions(-) (limited to 'system/libraries/Session/drivers') diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php index 4f415cc0d..fb62c7ec4 100755 --- a/system/libraries/Session/drivers/Session_cookie.php +++ b/system/libraries/Session/drivers/Session_cookie.php @@ -157,13 +157,6 @@ class CI_Session_cookie extends CI_Session_driver { */ public $userdata = array(); - /** - * Reference to CodeIgniter instance - * - * @var object - */ - public $CI; - /** * Current time * @@ -197,9 +190,6 @@ class CI_Session_cookie extends CI_Session_driver { */ protected function initialize() { - // Set the super object to a local variable for use throughout the class - $this->CI =& get_instance(); - // Set all the session preferences, which can either be set // manually via the $params array or via the config file $prefs = array( diff --git a/system/libraries/Session/drivers/Session_native.php b/system/libraries/Session/drivers/Session_native.php index c97e15356..8d5e51546 100755 --- a/system/libraries/Session/drivers/Session_native.php +++ b/system/libraries/Session/drivers/Session_native.php @@ -46,7 +46,6 @@ class CI_Session_native extends CI_Session_driver { { // Get config parameters $config = array(); - $CI =& get_instance(); $prefs = array( 'sess_cookie_name', 'sess_expire_on_close', @@ -63,7 +62,7 @@ class CI_Session_native extends CI_Session_driver { { $config[$key] = isset($this->_parent->params[$key]) ? $this->_parent->params[$key] - : $CI->config->item($key); + : $this->CI->config->item($key); } // Set session name, if specified @@ -114,13 +113,13 @@ class CI_Session_native extends CI_Session_driver { $destroy = TRUE; } elseif ($config['sess_match_ip'] === TRUE && isset($_SESSION['ip_address']) - && $_SESSION['ip_address'] !== $CI->input->ip_address()) + && $_SESSION['ip_address'] !== $this->CI->input->ip_address()) { // IP doesn't match - destroy $destroy = TRUE; } elseif ($config['sess_match_useragent'] === TRUE && isset($_SESSION['user_agent']) - && $_SESSION['user_agent'] !== trim(substr($CI->input->user_agent(), 0, 50))) + && $_SESSION['user_agent'] !== trim(substr($this->CI->input->user_agent(), 0, 50))) { // Agent doesn't match - destroy $destroy = TRUE; @@ -149,13 +148,13 @@ class CI_Session_native extends CI_Session_driver { if ($config['sess_match_ip'] === TRUE && ! isset($_SESSION['ip_address'])) { // Store user IP address - $_SESSION['ip_address'] = $CI->input->ip_address(); + $_SESSION['ip_address'] = $this->CI->input->ip_address(); } if ($config['sess_match_useragent'] === TRUE && ! isset($_SESSION['user_agent'])) { // Store user agent string - $_SESSION['user_agent'] = trim(substr($CI->input->user_agent(), 0, 50)); + $_SESSION['user_agent'] = trim(substr($this->CI->input->user_agent(), 0, 50)); } // Make session ID available -- cgit v1.2.3-24-g4f1b