From e3810cb84d3fa341e3808d6aa9c3e18f8bda3305 Mon Sep 17 00:00:00 2001
From: George Petculescu <gxgpet@users.noreply.github.com>
Date: Wed, 10 Mar 2021 22:11:52 +0200
Subject: Merge pull request #6028 from vibbow/patch-1

Update Session.php
---
 system/libraries/Session/Session.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'system/libraries/Session')

diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
index 06b953ab2..ec57ee548 100644
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -723,7 +723,7 @@ class CI_Session {
 	 *
 	 * Legacy CI_Session compatibility method
 	 *
-	 * @returns	array
+	 * @return	array
 	 */
 	public function &get_userdata()
 	{
-- 
cgit v1.2.3-24-g4f1b


From 9b7541e04c4976f3cd0366b1866a4c71f3e3bb5f Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Wed, 5 Jan 2022 12:54:45 +0200
Subject: PHP 8.1 compatibility for sessions (ref #6078)

---
 .../Session/CI_Session_driver_interface.php        | 58 ++++++++++++++
 system/libraries/Session/OldSessionWrapper.php     | 88 +++++++++++++++++++++
 system/libraries/Session/PHP8SessionWrapper.php    | 90 ++++++++++++++++++++++
 system/libraries/Session/Session.php               | 42 +++++-----
 .../libraries/Session/SessionHandlerInterface.php  |  3 +-
 system/libraries/Session/Session_driver.php        |  5 +-
 .../Session/drivers/Session_database_driver.php    |  5 +-
 .../Session/drivers/Session_files_driver.php       |  5 +-
 .../Session/drivers/Session_memcached_driver.php   |  5 +-
 .../Session/drivers/Session_redis_driver.php       |  5 +-
 10 files changed, 273 insertions(+), 33 deletions(-)
 create mode 100644 system/libraries/Session/CI_Session_driver_interface.php
 create mode 100644 system/libraries/Session/OldSessionWrapper.php
 create mode 100644 system/libraries/Session/PHP8SessionWrapper.php

(limited to 'system/libraries/Session')

diff --git a/system/libraries/Session/CI_Session_driver_interface.php b/system/libraries/Session/CI_Session_driver_interface.php
new file mode 100644
index 000000000..a854e92af
--- /dev/null
+++ b/system/libraries/Session/CI_Session_driver_interface.php
@@ -0,0 +1,58 @@
+<?php
+/**
+ * CodeIgniter
+ *
+ * An open source application development framework for PHP
+ *
+ * This content is released under the MIT License (MIT)
+ *
+ * Copyright (c) 2022, CodeIgniter Foundation
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ * @package	CodeIgniter
+ * @author	EllisLab Dev Team
+ * @copyright	Copyright (c) 2022, CodeIgniter Foundation (https://codeigniter.com/)
+ * @license	http://opensource.org/licenses/MIT	MIT License
+ * @link	https://codeigniter.com
+ * @since	Version 3.0.0
+ * @filesource
+ */
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+/**
+ * CI_Session_driver_interface
+ *
+ * A compatibility typeless SessionHandlerInterface alias
+ *
+ * @package	CodeIgniter
+ * @subpackage	Libraries
+ * @category	Sessions
+ * @author	Andrey Andreev
+ * @link	https://codeigniter.com/userguide3/libraries/sessions.html
+ */
+interface CI_Session_driver_interface {
+
+	public function open($save_path, $name);
+	public function close();
+	public function read($session_id);
+	public function write($session_id, $session_data);
+	public function destroy($session_id);
+	public function gc($maxlifetime);
+}
diff --git a/system/libraries/Session/OldSessionWrapper.php b/system/libraries/Session/OldSessionWrapper.php
new file mode 100644
index 000000000..5934b5218
--- /dev/null
+++ b/system/libraries/Session/OldSessionWrapper.php
@@ -0,0 +1,88 @@
+<?php
+/**
+ * CodeIgniter
+ *
+ * An open source application development framework for PHP
+ *
+ * This content is released under the MIT License (MIT)
+ *
+ * Copyright (c) 2022, CodeIgniter Foundation
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ * @package	CodeIgniter
+ * @author	EllisLab Dev Team
+ * @copyright	Copyright (c) 2022, CodeIgniter Foundation (https://codeigniter.com/)
+ * @license	http://opensource.org/licenses/MIT	MIT License
+ * @link	https://codeigniter.com
+ * @since	Version 3.0.0
+ * @filesource
+ */
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+/**
+ * OldSessionWrapper
+ *
+ * PHP 8 Session handler compatibility wrapper, pre-PHP8 version
+ *
+ * @package	CodeIgniter
+ * @subpackage	Libraries
+ * @category	Sessions
+ * @author	Andrey Andreev
+ * @link	https://codeigniter.com/userguide3/libraries/sessions.html
+ */
+class CI_SessionWrapper implements SessionHandlerInterface {
+
+	protected CI_Session_driver_interface $driver;
+
+	public function __construct(CI_Session_driver_interface $driver)
+	{
+		$this->driver = $driver;
+	}
+
+	public function open($save_path, $name)
+	{
+		return $this->driver->open($save_path, $name);
+	}
+
+	public function close()
+	{
+		return $this->driver->close();
+	}
+
+	public function read($id)
+	{
+		return $this->driver->read($id);
+	}
+
+	public function write($id, $data)
+	{
+		return $this->driver->write($id, $data);
+	}
+
+	public function destroy($id)
+	{
+		return $this->driver->destroy($id);
+	}
+
+	public function gc($maxlifetime)
+	{
+		return $this->driver->gc($maxlifetime);
+	}
+}
diff --git a/system/libraries/Session/PHP8SessionWrapper.php b/system/libraries/Session/PHP8SessionWrapper.php
new file mode 100644
index 000000000..c6dfaf7e0
--- /dev/null
+++ b/system/libraries/Session/PHP8SessionWrapper.php
@@ -0,0 +1,90 @@
+<?php
+/**
+ * CodeIgniter
+ *
+ * An open source application development framework for PHP
+ *
+ * This content is released under the MIT License (MIT)
+ *
+ * Copyright (c) 2022, CodeIgniter Foundation
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ * @package	CodeIgniter
+ * @author	EllisLab Dev Team
+ * @copyright	Copyright (c) 2022, CodeIgniter Foundation (https://codeigniter.com/)
+ * @license	http://opensource.org/licenses/MIT	MIT License
+ * @link	https://codeigniter.com
+ * @since	Version 3.0.0
+ * @filesource
+ */
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+/**
+ * PHP8SessionWrapper
+ *
+ * PHP 8 Session handler compatibility wrapper
+ *
+ * @package	CodeIgniter
+ * @subpackage	Libraries
+ * @category	Sessions
+ * @author	Andrey Andreev
+ * @link	https://codeigniter.com/userguide3/libraries/sessions.html
+ */
+class CI_SessionWrapper implements SessionHandlerInterface {
+
+	protected CI_Session_driver_interface $driver;
+
+	public function __construct(CI_Session_driver_interface $driver)
+	{
+		$this->driver = $driver;
+	}
+
+	public function open(string $save_path, string $name): bool
+	{
+		return $this->driver->open($save_path, $name);
+	}
+
+	public function close(): bool
+	{
+		return $this->driver->close();
+	}
+
+	#[\ReturnTypeWillChange]
+	public function read(string $id): mixed
+	{
+		return $this->driver->read($id);
+	}
+
+	public function write(string $id, string $data): bool
+	{
+		return $this->driver->write($id, $data);
+	}
+
+	public function destroy(string $id): bool
+	{
+		return $this->driver->destroy($id);
+	}
+
+	#[\ReturnTypeWillChange]
+	public function gc(int $maxlifetime): mixed
+	{
+		return $this->driver->gc($maxlifetime);
+	}
+}
diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
index ec57ee548..ed379146d 100644
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -6,7 +6,7 @@
  *
  * This content is released under the MIT License (MIT)
  *
- * Copyright (c) 2014 - 2019, British Columbia Institute of Technology
+ * Copyright (c) 2019 - 2022, CodeIgniter Foundation
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -30,6 +30,7 @@
  * @author	EllisLab Dev Team
  * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
  * @copyright	Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
+ * @copyright	Copyright (c) 2019 - 2022, CodeIgniter Foundation (https://codeigniter.com/)
  * @license	https://opensource.org/licenses/MIT	MIT License
  * @link	https://codeigniter.com
  * @since	Version 2.0.0
@@ -102,31 +103,24 @@ class CI_Session {
 		$this->_configure($params);
 		$this->_config['_sid_regexp'] = $this->_sid_regexp;
 
-		$class = new $class($this->_config);
-		if ($class instanceof SessionHandlerInterface)
+		$class   = new $class($this->_config);
+		$wrapper = new CI_SessionWrapper($class);
+		if (is_php('5.4'))
 		{
-			if (is_php('5.4'))
-			{
-				session_set_save_handler($class, TRUE);
-			}
-			else
-			{
-				session_set_save_handler(
-					array($class, 'open'),
-					array($class, 'close'),
-					array($class, 'read'),
-					array($class, 'write'),
-					array($class, 'destroy'),
-					array($class, 'gc')
-				);
-
-				register_shutdown_function('session_write_close');
-			}
+			session_set_save_handler($class, TRUE);
 		}
 		else
 		{
-			log_message('error', "Session: Driver '".$this->_driver."' doesn't implement SessionHandlerInterface. Aborting.");
-			return;
+			session_set_save_handler(
+				array($class, 'open'),
+				array($class, 'close'),
+				array($class, 'read'),
+				array($class, 'write'),
+				array($class, 'destroy'),
+				array($class, 'gc')
+			);
+
+			register_shutdown_function('session_write_close');
 		}
 
 		// Sanitize the cookie, because apparently PHP doesn't do that for userspace handlers
@@ -193,6 +187,10 @@ class CI_Session {
 		// PHP 5.4 compatibility
 		interface_exists('SessionHandlerInterface', FALSE) OR require_once(BASEPATH.'libraries/Session/SessionHandlerInterface.php');
 
+		require_once(BASEPATH.'libraries/Session/CI_Session_driver_interface.php');
+		$wrapper = is_php('8.0') ? 'PHP8SessionWrapper' : 'OldSessionWrapper';
+		require_once(BASEPATH.'libraries/Session/'.$wrapper.'.php');
+
 		$prefix = config_item('subclass_prefix');
 
 		if ( ! class_exists('CI_Session_driver', FALSE))
diff --git a/system/libraries/Session/SessionHandlerInterface.php b/system/libraries/Session/SessionHandlerInterface.php
index 95d2488b4..914eae03f 100644
--- a/system/libraries/Session/SessionHandlerInterface.php
+++ b/system/libraries/Session/SessionHandlerInterface.php
@@ -6,7 +6,7 @@
  *
  * This content is released under the MIT License (MIT)
  *
- * Copyright (c) 2014 - 2019, British Columbia Institute of Technology
+ * Copyright (c) 2019 - 2022, CodeIgniter Foundation
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -30,6 +30,7 @@
  * @author	EllisLab Dev Team
  * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
  * @copyright	Copyright (c) 2014 - 2019, British Columbia Institute of Technology (http://bcit.ca/)
+ * @copyright	Copyright (c) 2019 - 2022, CodeIgniter Foundation (http://codeigniter.com/)
  * @license	http://opensource.org/licenses/MIT	MIT License
  * @link	https://codeigniter.com
  * @since	Version 3.0.0
diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php
index 734b6e052..d78492b5e 100644
--- a/system/libraries/Session/Session_driver.php
+++ b/system/libraries/Session/Session_driver.php
@@ -6,7 +6,7 @@
  *
  * This content is released under the MIT License (MIT)
  *
- * Copyright (c) 2014 - 2019, British Columbia Institute of Technology
+ * Copyright (c) 2019 - 2022, CodeIgniter Foundation
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -30,6 +30,7 @@
  * @author	EllisLab Dev Team
  * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
  * @copyright	Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
+ * @copyright	Copyright (c) 2019 - 2022, CodeIgniter Foundation (https://codeigniter.com/)
  * @license	https://opensource.org/licenses/MIT	MIT License
  * @link	https://codeigniter.com
  * @since	Version 3.0.0
@@ -46,7 +47,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
  * @author	Andrey Andreev
  * @link	https://codeigniter.com/userguide3/libraries/sessions.html
  */
-abstract class CI_Session_driver implements SessionHandlerInterface {
+abstract class CI_Session_driver {
 
 	protected $_config;
 
diff --git a/system/libraries/Session/drivers/Session_database_driver.php b/system/libraries/Session/drivers/Session_database_driver.php
index a3055af5e..2f788a1a1 100644
--- a/system/libraries/Session/drivers/Session_database_driver.php
+++ b/system/libraries/Session/drivers/Session_database_driver.php
@@ -6,7 +6,7 @@
  *
  * This content is released under the MIT License (MIT)
  *
- * Copyright (c) 2014 - 2019, British Columbia Institute of Technology
+ * Copyright (c) 2019 - 2022, CodeIgniter Foundation
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -30,6 +30,7 @@
  * @author	EllisLab Dev Team
  * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
  * @copyright	Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
+ * @copyright	Copyright (c) 2019 - 2022, CodeIgniter Foundation (https://codeigniter.com/)
  * @license	https://opensource.org/licenses/MIT	MIT License
  * @link	https://codeigniter.com
  * @since	Version 3.0.0
@@ -46,7 +47,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
  * @author	Andrey Andreev
  * @link	https://codeigniter.com/userguide3/libraries/sessions.html
  */
-class CI_Session_database_driver extends CI_Session_driver implements SessionHandlerInterface {
+class CI_Session_database_driver extends CI_Session_driver implements CI_Session_driver_interface {
 
 	/**
 	 * DB object
diff --git a/system/libraries/Session/drivers/Session_files_driver.php b/system/libraries/Session/drivers/Session_files_driver.php
index 49bf5b781..5ed556759 100644
--- a/system/libraries/Session/drivers/Session_files_driver.php
+++ b/system/libraries/Session/drivers/Session_files_driver.php
@@ -6,7 +6,7 @@
  *
  * This content is released under the MIT License (MIT)
  *
- * Copyright (c) 2014 - 2019, British Columbia Institute of Technology
+ * Copyright (c) 2019 - 2022, CodeIgniter Foundation
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -30,6 +30,7 @@
  * @author	EllisLab Dev Team
  * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
  * @copyright	Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
+ * @copyright	Copyright (c) 2019 - 2022, CodeIgniter Foundation (https://codeigniter.com/)
  * @license	https://opensource.org/licenses/MIT	MIT License
  * @link	https://codeigniter.com
  * @since	Version 3.0.0
@@ -46,7 +47,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
  * @author	Andrey Andreev
  * @link	https://codeigniter.com/userguide3/libraries/sessions.html
  */
-class CI_Session_files_driver extends CI_Session_driver implements SessionHandlerInterface {
+class CI_Session_files_driver extends CI_Session_driver implements CI_Session_driver_interface {
 
 	/**
 	 * Save path
diff --git a/system/libraries/Session/drivers/Session_memcached_driver.php b/system/libraries/Session/drivers/Session_memcached_driver.php
index b4d3eb464..d84a9df1d 100644
--- a/system/libraries/Session/drivers/Session_memcached_driver.php
+++ b/system/libraries/Session/drivers/Session_memcached_driver.php
@@ -6,7 +6,7 @@
  *
  * This content is released under the MIT License (MIT)
  *
- * Copyright (c) 2014 - 2019, British Columbia Institute of Technology
+ * Copyright (c) 2019 - 2022, CodeIgniter Foundation
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -30,6 +30,7 @@
  * @author	EllisLab Dev Team
  * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
  * @copyright	Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
+ * @copyright	Copyright (c) 2019 - 2022, CodeIgniter Foundation (https://codeigniter.com/)
  * @license	https://opensource.org/licenses/MIT	MIT License
  * @link	https://codeigniter.com
  * @since	Version 3.0.0
@@ -46,7 +47,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
  * @author	Andrey Andreev
  * @link	https://codeigniter.com/userguide3/libraries/sessions.html
  */
-class CI_Session_memcached_driver extends CI_Session_driver implements SessionHandlerInterface {
+class CI_Session_memcached_driver extends CI_Session_driver implements CI_Session_driver_interface {
 
 	/**
 	 * Memcached instance
diff --git a/system/libraries/Session/drivers/Session_redis_driver.php b/system/libraries/Session/drivers/Session_redis_driver.php
index d65c6ee14..b112a18c8 100644
--- a/system/libraries/Session/drivers/Session_redis_driver.php
+++ b/system/libraries/Session/drivers/Session_redis_driver.php
@@ -6,7 +6,7 @@
  *
  * This content is released under the MIT License (MIT)
  *
- * Copyright (c) 2014 - 2019, British Columbia Institute of Technology
+ * Copyright (c) 2019 - 2022, CodeIgniter Foundation
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -30,6 +30,7 @@
  * @author	EllisLab Dev Team
  * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
  * @copyright	Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
+ * @copyright	Copyright (c) 2019 - 2022, CodeIgniter Foundation (https://codeigniter.com/)
  * @license	https://opensource.org/licenses/MIT	MIT License
  * @link	https://codeigniter.com
  * @since	Version 3.0.0
@@ -46,7 +47,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
  * @author	Andrey Andreev
  * @link	https://codeigniter.com/userguide3/libraries/sessions.html
  */
-class CI_Session_redis_driver extends CI_Session_driver implements SessionHandlerInterface {
+class CI_Session_redis_driver extends CI_Session_driver implements CI_Session_driver_interface {
 
 	/**
 	 * phpRedis instance
-- 
cgit v1.2.3-24-g4f1b


From 318c485b7b83356543c9aa7ab65464893d7eb8fe Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Wed, 5 Jan 2022 13:57:33 +0200
Subject: Close #6021: Suppress possible E_DEPRECATION notices about
 mbstring.func_overload

---
 system/libraries/Session/drivers/Session_files_driver.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'system/libraries/Session')

diff --git a/system/libraries/Session/drivers/Session_files_driver.php b/system/libraries/Session/drivers/Session_files_driver.php
index 5ed556759..4b7b9878b 100644
--- a/system/libraries/Session/drivers/Session_files_driver.php
+++ b/system/libraries/Session/drivers/Session_files_driver.php
@@ -116,7 +116,7 @@ class CI_Session_files_driver extends CI_Session_driver implements CI_Session_dr
 
 		$this->_sid_regexp = $this->_config['_sid_regexp'];
 
-		isset(self::$func_overload) OR self::$func_overload = (extension_loaded('mbstring') && ini_get('mbstring.func_overload'));
+		isset(self::$func_overload) OR self::$func_overload = ( ! is_php('8.0') && extension_loaded('mbstring') && @ini_get('mbstring.func_overload'));
 	}
 
 	// ------------------------------------------------------------------------
-- 
cgit v1.2.3-24-g4f1b


From 1a2651040ef701e750b1c13cd69cc70814b079d0 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Wed, 5 Jan 2022 18:52:24 +0200
Subject: Add SameSite cookie support to Session library

---
 system/libraries/Session/Session.php        | 83 +++++++++++++++++++++++------
 system/libraries/Session/Session_driver.php | 24 +++++++--
 2 files changed, 86 insertions(+), 21 deletions(-)

(limited to 'system/libraries/Session')

diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
index ed379146d..1c5c980ae 100644
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -154,15 +154,36 @@ class CI_Session {
 		// unless it is being currently created or regenerated
 		elseif (isset($_COOKIE[$this->_config['cookie_name']]) && $_COOKIE[$this->_config['cookie_name']] === session_id())
 		{
-			setcookie(
-				$this->_config['cookie_name'],
-				session_id(),
-				(empty($this->_config['cookie_lifetime']) ? 0 : time() + $this->_config['cookie_lifetime']),
-				$this->_config['cookie_path'],
-				$this->_config['cookie_domain'],
-				$this->_config['cookie_secure'],
-				TRUE
-			);
+			$expires = empty($this->_config['cookie_lifetime']) ? 0 : time() + $this->_config['cookie_lifetime'];
+			if (is_php('7.3'))
+			{
+				setcookie(
+					$this->_config['cookie_name'],
+					session_id(),
+					array(
+						'expires' => $expires,
+						'path' => $this->_config['cookie_path'],
+						'domain' => $this->_config['cookie_domain'],
+						'secure' => $this->_config['cookie_secure'],
+						'httponly' => TRUE,
+						'samesite' => $this->_config['cookie_samesite']
+					)
+				);
+			}
+			else
+			{
+				$header = 'Set-Cookie: '.$this->_config['cookie_name'].'='.session_id();
+				$header .= empty($expires) ? '' : '; Expires='.gmdate('D, d-M-Y H:i:s T', $expires).'; Max-Age='.$this->_config['cookie_lifetime'];
+				$header .= '; Path='.$this->_config['cookie_path'];
+				$header .= ($this->_config['cookie_domain'] !== '' ? '; Domain='.$this->_config['cookie_domain'] : '');
+				$header .= ($this->_config['cookie_secure'] ? '; Secure' : '').'; HttpOnly; SameSite='.$this->_config['cookie_samesite'];
+				header($header);
+			}
+
+			if ( ! $this->_config['cookie_secure'] && $this->_config['cookie_samesite'] === 'None')
+			{
+				log_message('error', 'Session:', $this->_config['cookie_name'].' cookie sent with SameSite=None, but without Secure attribute.');
+			}
 		}
 
 		$this->_ci_init_vars();
@@ -284,13 +305,43 @@ class CI_Session {
 		isset($params['cookie_domain']) OR $params['cookie_domain'] = config_item('cookie_domain');
 		isset($params['cookie_secure']) OR $params['cookie_secure'] = (bool) config_item('cookie_secure');
 
-		session_set_cookie_params(
-			$params['cookie_lifetime'],
-			$params['cookie_path'],
-			$params['cookie_domain'],
-			$params['cookie_secure'],
-			TRUE // HttpOnly; Yes, this is intentional and not configurable for security reasons
-		);
+		isset($params['cookie_samesite']) OR $params['cookie_samesite'] = config_item('sess_samesite');
+		if ( ! isset($params['cookie_samesite']) && is_php('7.3'))
+		{
+			$params['cookie_samesite'] = ini_get('session.cookie_samesite');
+		}
+
+		if (isset($params['cookie_samesite']))
+		{
+			$params['cookie_samesite'] = ucfirst(strtolower($params['cookie_samesite']));
+			in_array($params['cookie_samesite'], array('Lax', 'Strict', 'None'), TRUE) OR $params['cookie_samesite'] = 'Lax';
+		}
+		else
+		{
+			$params['cookie_samesite'] = 'Lax';
+		}
+
+		if (is_php('7.3'))
+		{
+			session_set_cookie_params(array(
+				'lifetime' => $params['cookie_lifetime'],
+				'path'     => $params['cookie_path'],
+				'domain'   => $params['cookie_domain'],
+				'secure'   => $params['cookie_secure'],
+				'httponly' => $params['cookie_httponly'],
+				'samesite' => $params['cookie_samesite']
+			));
+		}
+		else
+		{
+			session_set_cookie_params(
+				$params['cookie_lifetime'],
+				$params['cookie_path'],
+				$params['cookie_domain'],
+				$params['cookie_secure'],
+				TRUE // HttpOnly; Yes, this is intentional and not configurable for security reasons
+			);
+		}
 
 		if (empty($expiration))
 		{
diff --git a/system/libraries/Session/Session_driver.php b/system/libraries/Session/Session_driver.php
index d78492b5e..b1b1b073e 100644
--- a/system/libraries/Session/Session_driver.php
+++ b/system/libraries/Session/Session_driver.php
@@ -140,14 +140,28 @@ abstract class CI_Session_driver {
 	 */
 	protected function _cookie_destroy()
 	{
+		if ( ! is_php('7.3'))
+		{
+			$header = 'Set-Cookie: '.$this->_config['cookie_name'].'=';
+			$header .= '; Expires='.gmdate('D, d-M-Y H:i:s T', 1).'; Max-Age=-1';
+			$header .= '; Path='.$this->_config['cookie_path'];
+			$header .= ($this->_config['cookie_domain'] !== '' ? '; Domain='.$this->_config['cookie_domain'] : '');
+			$header .= ($this->_config['cookie_secure'] ? '; Secure' : '').'; HttpOnly; SameSite='.$this->_config['cookie_samesite'];
+			header($header);
+			return;
+		}
+
 		return setcookie(
 			$this->_config['cookie_name'],
 			NULL,
-			1,
-			$this->_config['cookie_path'],
-			$this->_config['cookie_domain'],
-			$this->_config['cookie_secure'],
-			TRUE
+			array(
+				'expires' => 1,
+				'path' => $this->_config['cookie_path'],
+				'domain' => $this->_config['cookie_domain'],
+				'secure' => $this->_config['cookie_secure'],
+				'httponly' => TRUE,
+				'samesite' => $this->_config['cookie_samesite']
+			)
 		);
 	}
 
-- 
cgit v1.2.3-24-g4f1b


From 3853472a6ea2db4fbaf7d259184245b35b004fdf Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Fri, 7 Jan 2022 13:05:03 +0200
Subject: [ci skip] Fix #6083

---
 system/libraries/Session/Session.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'system/libraries/Session')

diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
index 1c5c980ae..87113e2b5 100644
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -328,7 +328,7 @@ class CI_Session {
 				'path'     => $params['cookie_path'],
 				'domain'   => $params['cookie_domain'],
 				'secure'   => $params['cookie_secure'],
-				'httponly' => $params['cookie_httponly'],
+				'httponly' => TRUE,
 				'samesite' => $params['cookie_samesite']
 			));
 		}
-- 
cgit v1.2.3-24-g4f1b


From 413381e7c9f297f94dff156adc4db00ba6ba2c9b Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Sat, 8 Jan 2022 01:32:39 +0200
Subject: [ci skip] Fix CI_Session_driver_interface for PHP 5 (ref #6078)

---
 system/libraries/Session/OldSessionWrapper.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'system/libraries/Session')

diff --git a/system/libraries/Session/OldSessionWrapper.php b/system/libraries/Session/OldSessionWrapper.php
index 5934b5218..a8bc1d0c0 100644
--- a/system/libraries/Session/OldSessionWrapper.php
+++ b/system/libraries/Session/OldSessionWrapper.php
@@ -49,7 +49,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
  */
 class CI_SessionWrapper implements SessionHandlerInterface {
 
-	protected CI_Session_driver_interface $driver;
+	protected $driver;
 
 	public function __construct(CI_Session_driver_interface $driver)
 	{
-- 
cgit v1.2.3-24-g4f1b


From 52d04d27b6e172093d7d9f70c6e77846b6742742 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Sat, 8 Jan 2022 16:57:19 +0200
Subject: [ci skip] Actually use the Session wrapper (ref #6078)

---
 system/libraries/Session/Session.php | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'system/libraries/Session')

diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
index 87113e2b5..9d4561616 100644
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -107,17 +107,17 @@ class CI_Session {
 		$wrapper = new CI_SessionWrapper($class);
 		if (is_php('5.4'))
 		{
-			session_set_save_handler($class, TRUE);
+			session_set_save_handler($wrapper, TRUE);
 		}
 		else
 		{
 			session_set_save_handler(
-				array($class, 'open'),
-				array($class, 'close'),
-				array($class, 'read'),
-				array($class, 'write'),
-				array($class, 'destroy'),
-				array($class, 'gc')
+				array($wrapper, 'open'),
+				array($wrapper, 'close'),
+				array($wrapper, 'read'),
+				array($wrapper, 'write'),
+				array($wrapper, 'destroy'),
+				array($wrapper, 'gc')
 			);
 
 			register_shutdown_function('session_write_close');
-- 
cgit v1.2.3-24-g4f1b


From 2d4ddf57cc64f37a76e53403bc1442a54cc01897 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Sat, 8 Jan 2022 17:02:48 +0200
Subject: [ci skip] Attempt to hack SameSite into session_set_cookie_params()
 pre-PHP7.3

---
 system/libraries/Session/Session.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'system/libraries/Session')

diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
index 9d4561616..8d3ba2857 100644
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -336,7 +336,7 @@ class CI_Session {
 		{
 			session_set_cookie_params(
 				$params['cookie_lifetime'],
-				$params['cookie_path'],
+				$params['cookie_path'].'; SameSite='.$params['cookie_samesite'],
 				$params['cookie_domain'],
 				$params['cookie_secure'],
 				TRUE // HttpOnly; Yes, this is intentional and not configurable for security reasons
-- 
cgit v1.2.3-24-g4f1b