From c958eebea2525133bcef9fe47a5dfab9e23128dd Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Wed, 31 Jul 2013 14:28:50 +0300
Subject: Optimize CI_Session::__construct() routines and make driver validity
 check stricter

---
 system/libraries/Session/Session.php | 39 +++++++++++++++++-------------------
 1 file changed, 18 insertions(+), 21 deletions(-)

(limited to 'system/libraries/Session')

diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
index c7f6f828c..659a0269e 100644
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -59,12 +59,19 @@ class CI_Session extends CI_Driver_Library {
 	 */
 	public $params = array();
 
+	/**
+	 * Valid drivers list
+	 *
+	 * @var	array
+	 */
+	public $valid_drivers = array('native',	'cookie');
+
 	/**
 	 * Current driver in use
 	 *
 	 * @var	string
 	 */
-	protected $current = NULL;
+	public $current = NULL;
 
 	/**
 	 * User data
@@ -105,36 +112,26 @@ class CI_Session extends CI_Driver_Library {
 
 		log_message('debug', 'CI_Session Class Initialized');
 
-		// Get valid drivers list
-		$this->valid_drivers = array(
-			'native',
-			'cookie'
-		);
-		$key = 'sess_valid_drivers';
-		$drivers = isset($params[$key]) ? $params[$key] : $CI->config->item($key);
-		if ($drivers)
+		// Add possible extra entries to our valid drivers list
+		$drivers = isset($params['sess_valid_drivers']) ? $params['sess_valid_drivers'] : $CI->config->item('sess_valid_drivers');
+		if ( ! empty($drivers))
 		{
-			// Add driver names to valid list
-			foreach ((array) $drivers as $driver)
-			{
-				if ( ! in_array(strtolower($driver), array_map('strtolower', $this->valid_drivers)))
-				{
-					$this->valid_drivers[] = $driver;
-				}
-			}
+			$drivers = array_map('strtolower', (array) $drivers);
+			$this->valid_drivers = array_merge($this->valid_drivers, array_diff($drivers, $this->valid_drivers));
 		}
 
 		// Get driver to load
-		$key = 'sess_driver';
-		$driver = isset($params[$key]) ? $params[$key] : $CI->config->item($key);
+		$driver = isset($params['sess_driver']) ? $params['sess_driver'] : $CI->config->item('sess_driver');
 		if ( ! $driver)
 		{
+			log_message('debug', "Session: No driver name is configured, defaulting to 'cookie'.");
 			$driver = 'cookie';
 		}
 
-		if ( ! in_array(strtolower($driver), array_map('strtolower', $this->valid_drivers)))
+		if ( ! in_array($driver, $this->valid_drivers))
 		{
-			$this->valid_drivers[] = $driver;
+			log_message('error', 'Session: Configured driver name is not valid, aborting.');
+			return;
 		}
 
 		// Save a copy of parameters in case drivers need access
-- 
cgit v1.2.3-24-g4f1b


From f964b16f3db95d655420dfae2012ee9fbb98a1a8 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Tue, 12 Nov 2013 17:04:55 +0200
Subject: Deprecate CI_Input::is_cli_request() and add common function is_cli()
 to replace it

Calls to this function are often needed before the Input library is available
---
 system/libraries/Session/Session.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'system/libraries/Session')

diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
index 659a0269e..19de97994 100644
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -102,10 +102,10 @@ class CI_Session extends CI_Driver_Library {
 	 */
 	public function __construct(array $params = array())
 	{
-		$CI =& get_instance();
+		$_config =& get_instance()->config;
 
 		// No sessions under CLI
-		if ($CI->input->is_cli_request())
+		if (is_cli())
 		{
 			return;
 		}
@@ -113,7 +113,7 @@ class CI_Session extends CI_Driver_Library {
 		log_message('debug', 'CI_Session Class Initialized');
 
 		// Add possible extra entries to our valid drivers list
-		$drivers = isset($params['sess_valid_drivers']) ? $params['sess_valid_drivers'] : $CI->config->item('sess_valid_drivers');
+		$drivers = isset($params['sess_valid_drivers']) ? $params['sess_valid_drivers'] : $_config->item('sess_valid_drivers');
 		if ( ! empty($drivers))
 		{
 			$drivers = array_map('strtolower', (array) $drivers);
@@ -121,7 +121,7 @@ class CI_Session extends CI_Driver_Library {
 		}
 
 		// Get driver to load
-		$driver = isset($params['sess_driver']) ? $params['sess_driver'] : $CI->config->item('sess_driver');
+		$driver = isset($params['sess_driver']) ? $params['sess_driver'] : $_config->item('sess_driver');
 		if ( ! $driver)
 		{
 			log_message('debug', "Session: No driver name is configured, defaulting to 'cookie'.");
-- 
cgit v1.2.3-24-g4f1b


From 74c5f2668d31f7384ea5f014014356144059cbf3 Mon Sep 17 00:00:00 2001
From: Tyler Brownell <tyler@bluefoxstudio.ca>
Date: Fri, 13 Dec 2013 00:23:12 -0500
Subject: Issue #2763 - Fixes Session GC Probability Calculation

This should resolve issue #2763 where the cookie session garbage
collection was running every request.
---
 system/libraries/Session/drivers/Session_cookie.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'system/libraries/Session')

diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php
index d3d22d03a..cd8074474 100644
--- a/system/libraries/Session/drivers/Session_cookie.php
+++ b/system/libraries/Session/drivers/Session_cookie.php
@@ -841,7 +841,7 @@ class CI_Session_cookie extends CI_Session_driver {
 		$probability = ini_get('session.gc_probability');
 		$divisor = ini_get('session.gc_divisor');
 
-		if ((mt_rand(0, $divisor) / $divisor) < $probability)
+		if (mt_rand(1, $divisor) <= $probability)
 		{
 			$expire = $this->now - $this->sess_expiration;
 			$this->CI->db->delete($this->sess_table_name, 'last_activity < '.$expire);
-- 
cgit v1.2.3-24-g4f1b


From 5d6b9c597a9870f55a65bcfcb301d19d83447078 Mon Sep 17 00:00:00 2001
From: Jordan Eldredge <jordaneldredge@gmail.com>
Date: Sat, 21 Dec 2013 13:56:41 -0800
Subject: Remove unneeded manual escaping of session data

---
 .../libraries/Session/drivers/Session_cookie.php   | 63 ++--------------------
 1 file changed, 3 insertions(+), 60 deletions(-)

(limited to 'system/libraries/Session')

diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php
index cd8074474..124e0098e 100644
--- a/system/libraries/Session/drivers/Session_cookie.php
+++ b/system/libraries/Session/drivers/Session_cookie.php
@@ -739,86 +739,29 @@ class CI_Session_cookie extends CI_Session_driver {
 	/**
 	 * Serialize an array
 	 *
-	 * This function first converts any slashes found in the array to a temporary
-	 * marker, so when it gets unserialized the slashes will be preserved
+	 * This function serializes an array
 	 *
 	 * @param	mixed	Data to serialize
 	 * @return	string	Serialized data
 	 */
 	protected function _serialize($data)
 	{
-		if (is_array($data))
-		{
-			array_walk_recursive($data, array(&$this, '_escape_slashes'));
-		}
-		elseif (is_string($data))
-		{
-			$data = str_replace('\\', '{{slash}}', $data);
-		}
-
 		return serialize($data);
 	}
 
 	// ------------------------------------------------------------------------
 
-	/**
-	 * Escape slashes
-	 *
-	 * This function converts any slashes found into a temporary marker
-	 *
-	 * @param	string	Value
-	 * @param	string	Key
-	 * @return	void
-	 */
-	protected function _escape_slashes(&$val, $key)
-	{
-		if (is_string($val))
-		{
-			$val = str_replace('\\', '{{slash}}', $val);
-		}
-	}
-
-	// ------------------------------------------------------------------------
-
 	/**
 	 * Unserialize
 	 *
-	 * This function unserializes a data string, then converts any
-	 * temporary slash markers back to actual slashes
+	 * This function unserializes a data string
 	 *
 	 * @param	mixed	Data to unserialize
 	 * @return	mixed	Unserialized data
 	 */
 	protected function _unserialize($data)
 	{
-		$data = @unserialize(trim($data));
-
-		if (is_array($data))
-		{
-			array_walk_recursive($data, array(&$this, '_unescape_slashes'));
-			return $data;
-		}
-
-		return is_string($data) ? str_replace('{{slash}}', '\\', $data) : $data;
-	}
-
-	// ------------------------------------------------------------------------
-
-	/**
-	 * Unescape slashes
-	 *
-	 * This function converts any slash markers back into actual slashes
-	 *
-	 * @param	string	Value
-	 * @param	string	Key
-	 * @return	void
-	 */
-	protected function _unescape_slashes(&$val, $key)
-	{
-		if (is_string($val))
-		{
-	 		$val = str_replace('{{slash}}', '\\', $val);
-		}
+		return @unserialize(trim($data));
 	}
 
 	// ------------------------------------------------------------------------
-- 
cgit v1.2.3-24-g4f1b


From 5306cad2e40596a3a6fcac787e54689a7095e769 Mon Sep 17 00:00:00 2001
From: Jordan Eldredge <jordaneldredge@gmail.com>
Date: Mon, 23 Dec 2013 11:10:51 -0800
Subject: Remove _serialize() and _unserialize() methods

Since removing the unneeded manual escaping code, there is no-longer any reason
to have the serialization functions abstracted. This also allows us to only
suppress errors when unserializing cookie data, and only trim when we are
unserializing database data (see commit 6b8312).
---
 .../libraries/Session/drivers/Session_cookie.php   | 38 +++-------------------
 1 file changed, 4 insertions(+), 34 deletions(-)

(limited to 'system/libraries/Session')

diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php
index 124e0098e..dc75d8e8e 100644
--- a/system/libraries/Session/drivers/Session_cookie.php
+++ b/system/libraries/Session/drivers/Session_cookie.php
@@ -397,7 +397,7 @@ class CI_Session_cookie extends CI_Session_driver {
 		}
 
 		// Unserialize the session array
-		$session = $this->_unserialize($session);
+		$session = @unserialize($session);
 
 		// Is the session data we unserialized an array with the correct format?
 		if ( ! is_array($session) OR ! isset($session['session_id'], $session['ip_address'], $session['user_agent'], $session['last_activity']))
@@ -472,7 +472,7 @@ class CI_Session_cookie extends CI_Session_driver {
 			$row = $query->row();
 			if ( ! empty($row->user_data))
 			{
-				$custom_data = $this->_unserialize($row->user_data);
+				$custom_data = unserialize(trim($row->user_data));
 
 				if (is_array($custom_data))
 				{
@@ -608,7 +608,7 @@ class CI_Session_cookie extends CI_Session_driver {
 			if ( ! empty($userdata))
 			{
 				// Serialize the custom data array so we can store it
-				$set['user_data'] = $this->_serialize($userdata);
+				$set['user_data'] = serialize($userdata);
 			}
 
 			// Reset query builder values.
@@ -696,7 +696,7 @@ class CI_Session_cookie extends CI_Session_driver {
 				: $this->userdata;
 
 		// Serialize the userdata for the cookie
-		$cookie_data = $this->_serialize($cookie_data);
+		$cookie_data = serialize($cookie_data);
 
 		if ($this->sess_encrypt_cookie === TRUE)
 		{
@@ -736,36 +736,6 @@ class CI_Session_cookie extends CI_Session_driver {
 
 	// ------------------------------------------------------------------------
 
-	/**
-	 * Serialize an array
-	 *
-	 * This function serializes an array
-	 *
-	 * @param	mixed	Data to serialize
-	 * @return	string	Serialized data
-	 */
-	protected function _serialize($data)
-	{
-		return serialize($data);
-	}
-
-	// ------------------------------------------------------------------------
-
-	/**
-	 * Unserialize
-	 *
-	 * This function unserializes a data string
-	 *
-	 * @param	mixed	Data to unserialize
-	 * @return	mixed	Unserialized data
-	 */
-	protected function _unserialize($data)
-	{
-		return @unserialize(trim($data));
-	}
-
-	// ------------------------------------------------------------------------
-
 	/**
 	 * Garbage collection
 	 *
-- 
cgit v1.2.3-24-g4f1b


From e6376aa4a95b7641a5d0cc5101118b9307be75bc Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Mon, 6 Jan 2014 13:11:30 +0200
Subject: Make CI_Session's set_userdata(), set_flashdata(), set_tempdata(),
 unset_userdata() and unset_flashdata()'s first parameter mandatory

---
 system/libraries/Session/Session.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'system/libraries/Session')

diff --git a/system/libraries/Session/Session.php b/system/libraries/Session/Session.php
index 19de97994..ac97b944c 100644
--- a/system/libraries/Session/Session.php
+++ b/system/libraries/Session/Session.php
@@ -288,7 +288,7 @@ class CI_Session extends CI_Driver_Library {
 	 * @param	string	Item value or empty string
 	 * @return	void
 	 */
-	public function set_userdata($newdata = array(), $newval = '')
+	public function set_userdata($newdata, $newval = '')
 	{
 		// Wrap params as array if singular
 		if (is_string($newdata))
@@ -317,7 +317,7 @@ class CI_Session extends CI_Driver_Library {
 	 * @param	mixed	Item name or array of item names
 	 * @return	void
 	 */
-	public function unset_userdata($newdata = array())
+	public function unset_userdata($newdata)
 	{
 		// Wrap single name as array
 		if (is_string($newdata))
@@ -360,7 +360,7 @@ class CI_Session extends CI_Driver_Library {
 	 * @param	string	Item value or empty string
 	 * @return	void
 	 */
-	public function set_flashdata($newdata = array(), $newval = '')
+	public function set_flashdata($newdata, $newval = '')
 	{
 		// Wrap item as array if singular
 		if (is_string($newdata))
@@ -434,7 +434,7 @@ class CI_Session extends CI_Driver_Library {
 	 * @param	int	Item lifetime in seconds or 0 for default
 	 * @return	void
 	 */
-	public function set_tempdata($newdata = array(), $newval = '', $expire = 0)
+	public function set_tempdata($newdata, $newval = '', $expire = 0)
 	{
 		// Set expiration time
 		$expire = time() + ($expire ? $expire : self::TEMP_EXP_DEF);
@@ -475,7 +475,7 @@ class CI_Session extends CI_Driver_Library {
 	 * @param	mixed	Item name or array of item names
 	 * @return	void
 	 */
-	public function unset_tempdata($newdata = array())
+	public function unset_tempdata($newdata)
 	{
 		// Get expirations list
 		$expirations = $this->userdata(self::EXPIRATION_KEY);
-- 
cgit v1.2.3-24-g4f1b


From bfb635b276d880336db795f1a603de66ccfc80f6 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Wed, 8 Jan 2014 18:32:05 +0200
Subject: Make newline standardization configurable

Added ['standardize_newlines']

Also altered the Session cookie driver, which experienced issues with this
feature due to it's HMAC verification failing after the Input class alters
newlines in non-encrypted session cookies.

Supersedes PR #2470
---
 .../libraries/Session/drivers/Session_cookie.php   | 25 +++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

(limited to 'system/libraries/Session')

diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php
index dc75d8e8e..65debcb44 100644
--- a/system/libraries/Session/drivers/Session_cookie.php
+++ b/system/libraries/Session/drivers/Session_cookie.php
@@ -165,6 +165,8 @@ class CI_Session_cookie extends CI_Session_driver {
 	 */
 	public $now;
 
+	// ------------------------------------------------------------------------
+
 	/**
 	 * Default userdata keys
 	 *
@@ -184,6 +186,15 @@ class CI_Session_cookie extends CI_Session_driver {
 	 */
 	protected $data_dirty = FALSE;
 
+	/**
+	 * Standardize newlines flag
+	 *
+	 * @var	bool
+	 */
+	protected $_standardize_newlines;
+
+	// ------------------------------------------------------------------------
+
 	/**
 	 * Initialize session driver object
 	 *
@@ -209,9 +220,11 @@ class CI_Session_cookie extends CI_Session_driver {
 			'sess_time_to_update',
 			'time_reference',
 			'cookie_prefix',
-			'encryption_key'
+			'encryption_key',
 		);
 
+		$this->_standardize_newlines = (bool) $config['standardize_newlines'];
+
 		foreach ($prefs as $key)
 		{
 			$this->$key = isset($this->_parent->params[$key])
@@ -695,6 +708,16 @@ class CI_Session_cookie extends CI_Session_driver {
 				? array_intersect_key($this->userdata, $this->defaults)
 				: $this->userdata;
 
+		// The Input class will do this and since we use HMAC verification,
+		// unless we standardize here as well, the hash won't match.
+		if ($this->_standardize_newlines)
+		{
+			foreach (array_keys($this->userdata) as $key)
+			{
+				$this->userdata[$key] = preg_replace('/(?:\r\n|[\r\n])/', PHP_EOL, $this->userdata[$key]);
+			}
+		}
+
 		// Serialize the userdata for the cookie
 		$cookie_data = serialize($cookie_data);
 
-- 
cgit v1.2.3-24-g4f1b


From 4ea76cc2216b19bfae38dbbfe7104c21ee278d81 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Wed, 8 Jan 2014 21:49:23 +0200
Subject: Fix 2 errors caused by recent commits

---
 system/libraries/Session/drivers/Session_cookie.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'system/libraries/Session')

diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php
index 65debcb44..971dfeabe 100644
--- a/system/libraries/Session/drivers/Session_cookie.php
+++ b/system/libraries/Session/drivers/Session_cookie.php
@@ -223,7 +223,7 @@ class CI_Session_cookie extends CI_Session_driver {
 			'encryption_key',
 		);
 
-		$this->_standardize_newlines = (bool) $config['standardize_newlines'];
+		$this->_standardize_newlines = (bool) config_item('standardize_newlines');
 
 		foreach ($prefs as $key)
 		{
-- 
cgit v1.2.3-24-g4f1b