From 28cb84e549a0e55233dca1e59f6fd1e80fd6fcff Mon Sep 17 00:00:00 2001 From: phpnut Date: Fri, 6 Jan 2006 04:46:42 +0000 Subject: [PATCH] Merging: Revision: [1729] Fixed loading - added model, cakesession, security. Now loads properly. Revision: [1728] Fixing problems found in the way Cake handles sessions. These updates seem to work properly now. Added gethost() to basics.php to replace using gethostbyaddr which can be very slow. Added session_write_close(); in Controller::redirect(); Revision: [1719] Fix scaffold show.thtml undefined index error git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1730 3807eeeb-6ff5-0310-8944-8be069107fe0 --- cake/basics.php | 15 ++ cake/libs/controller/controller.php | 4 + cake/libs/session.php | 161 ++++++++---------- cake/libs/view/templates/scaffolds/show.thtml | 8 +- cake/scripts/acl.php | 4 + 5 files changed, 99 insertions(+), 93 deletions(-) diff --git a/cake/basics.php b/cake/basics.php index 624c9cb36..3fe3dddb4 100644 --- a/cake/basics.php +++ b/cake/basics.php @@ -482,4 +482,19 @@ function setUri() } return $uri; } + +function gethost ($ip) +{ + if (stristr(getenv('OS'), 'windows')) + { + $host = split('Name:',`nslookup $ip`); + return ( trim (isset($host[1]) ? str_replace ("\n".'Address: '.$ip, '', $host[1]) : $ip)); + } + else + { + $host = `host $ip`; + return (($host ? end ( explode (' ', $host)) : $ip)); + } +} + ?> \ No newline at end of file diff --git a/cake/libs/controller/controller.php b/cake/libs/controller/controller.php index cc5856d4c..df1c9f057 100644 --- a/cake/libs/controller/controller.php +++ b/cake/libs/controller/controller.php @@ -299,6 +299,10 @@ class Controller extends Object { $url = '/'.$url; } + if (function_exists('session_write_close')) + { + session_write_close(); + } header ('Location: '.$this->base.$url); } diff --git a/cake/libs/session.php b/cake/libs/session.php index 3f4726c40..42e6edc24 100644 --- a/cake/libs/session.php +++ b/cake/libs/session.php @@ -81,7 +81,6 @@ class CakeSession extends Object * @var unknown_type */ var $sessionId = null; - /** * Enter description here... * @@ -93,47 +92,46 @@ class CakeSession extends Object * * @return unknown */ - function __construct($base = null) { - $this->host = $_SERVER['HTTP_HOST']; + $this->host = $_SERVER['HTTP_HOST']; - if (empty($base)) - { - $this->path = '/'; - } - else - { - $this->path = $base; - } + if (empty($base)) + { + $this->path = '/'; + } + else + { + $this->path = $base; + } - if (strpos($this->host, ':') !== false) - { - $this->host = substr($this->host,0, strpos($this->host, ':')); - } + if (strpos($this->host, ':') !== false) + { + $this->host = substr($this->host,0, strpos($this->host, ':')); + } - if(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) - { - $this->ip = $_SERVER['HTTP_X_FORWARDED_FOR']; - } - else - { - $this->ip = $_SERVER['REMOTE_ADDR']; - } + if(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) + { + $this->ip = $_SERVER['HTTP_X_FORWARDED_FOR']; + } + else + { + $this->ip = $_SERVER['REMOTE_ADDR']; + } - if(!empty($_SERVER['HTTP_USER_AGENT'])) - { - $this->userAgent = md5($_SERVER['HTTP_USER_AGENT']); - } - else - { - $this->userAgent = ""; - } + if(!empty($_SERVER['HTTP_USER_AGENT'])) + { + $this->userAgent = md5($_SERVER['HTTP_USER_AGENT']); + } + else + { + $this->userAgent = ""; + } - $this->security = CAKE_SECURITY; - $this->_initSession(); - $this->_begin(); - parent::__construct(); + $this->security = CAKE_SECURITY; + $this->_initSession(); + $this->_begin(); + parent::__construct(); } /** @@ -191,7 +189,6 @@ class CakeSession extends Object */ function getLastError() { - if($this->lastError) { return $this->getError($this->lastError); @@ -209,7 +206,6 @@ class CakeSession extends Object */ function isValid() { - return $this->valid; } @@ -243,7 +239,6 @@ class CakeSession extends Object */ function returnSessionVars() { - if(!empty($_SESSION)) { $result = eval("return ".$_SESSION.";"); @@ -261,7 +256,6 @@ class CakeSession extends Object */ function writeSessionVar($name, $value) { - $expression = $this->_sessionVarNames($name); $expression .= " = \$value;"; eval($expression); @@ -274,12 +268,6 @@ class CakeSession extends Object */ function _begin() { - - if (function_exists('session_write_close')) - { - session_write_close(); - } - session_cache_limiter("must-revalidate"); session_start(); $this->_new(); @@ -331,6 +319,10 @@ class CakeSession extends Object */ function _initSession() { + if (function_exists('session_write_close')) + { + session_write_close(); + } switch ($this->security) { @@ -404,7 +396,6 @@ class CakeSession extends Object } break; } - } /** @@ -415,8 +406,7 @@ class CakeSession extends Object */ function _new() { - - if(!ereg("proxy\.aol\.com$", @gethostbyaddr($this->ip))) + if(!ereg("\.aol\.com$", gethost($this->ip))) { if($this->readSessionVar("Config")) { @@ -430,26 +420,26 @@ class CakeSession extends Object $this->_setError(1, "Session Highjacking Attempted !!!"); } } - else - { - srand((double)microtime() * 1000000); - $this->writeSessionVar('Config.rand', rand()); - $this->writeSessionVar("Config.ip", $this->ip); - $this->writeSessionVar("Config.userAgent", $this->userAgent); - $this->valid = true; - } - } - else - { - if(!$this->readSessionVar("Config")) - { - srand((double)microtime() * 1000000); - $this->writeSessionVar('Config.rand', rand()); - $this->writeSessionVar("Config.ip", $this->ip); - $this->writeSessionVar("Config.userAgent", $this->userAgent); - } - $this->valid = true; - } + else + { + srand((double)microtime() * 1000000); + $this->writeSessionVar('Config.rand', rand()); + $this->writeSessionVar("Config.ip", $this->ip); + $this->writeSessionVar("Config.userAgent", $this->userAgent); + $this->valid = true; + } + } + else + { + if(!$this->readSessionVar("Config")) + { + srand((double)microtime() * 1000000); + $this->writeSessionVar('Config.rand', rand()); + $this->writeSessionVar("Config.ip", $this->ip); + $this->writeSessionVar("Config.userAgent", $this->userAgent); + } + $this->valid = true; + } if($this->security == 'high') { @@ -486,7 +476,6 @@ class CakeSession extends Object die(); } - /** * Enter description here... * @@ -496,27 +485,23 @@ class CakeSession extends Object */ function _regenerateId() { - $oldSessionId = session_id(); + $sessionpath = session_save_path(); + if (empty($sessionpath)) + { + $sessionpath = "/tmp"; + } + if (isset($_COOKIE[session_name()])) + { + setcookie(CAKE_SESSION_COOKIE, '', time()-42000, $this->path); + } session_regenerate_id(); $newSessid = session_id(); - if (function_exists('session_write_close')) - { - if($this->security == 'high') - { - if (isset($_COOKIE[session_name()])) - { - setcookie(CAKE_SESSION_COOKIE, '', time()-42000, $this->path); - } - $sessionpath = session_save_path(); - $file = $sessionpath."/sess_$oldSessionId"; - @unlink($file); - } - session_write_close(); - $this->_initSession(); - session_id($newSessid); - session_start(); - } + $file = $sessionpath.DS."sess_$oldSessionId"; + @unlink($file); + $this->_initSession(); + session_id($newSessid); + session_start(); } /** @@ -539,7 +524,6 @@ class CakeSession extends Object */ function _sessionVarNames($name) { - if(is_string($name)) { if(strpos($name, ".")) @@ -571,7 +555,6 @@ class CakeSession extends Object */ function _setError($errorNumber, $errorMessage) { - if($this->error === false) { $this->error = array(); diff --git a/cake/libs/view/templates/scaffolds/show.thtml b/cake/libs/view/templates/scaffolds/show.thtml index 755e49302..ffdce0782 100644 --- a/cake/libs/view/templates/scaffolds/show.thtml +++ b/cake/libs/view/templates/scaffolds/show.thtml @@ -7,10 +7,10 @@ * PHP versions 4 and 5 * * CakePHP : Rapid Development Framework - * Copyright (c) 2005, Cake Software Foundation, Inc. + * Copyright (c) 2005, Cake Software Foundation, Inc. * 1785 E. Sahara Avenue, Suite 490-204 * Las Vegas, Nevada 89104 - * + * * Licensed under The MIT License * Redistributions of files must retain the above copyright notice. * @@ -93,7 +93,7 @@ foreach ($objModel->_oneToOne as $relation) { list($association, $model, $value) = $relation; - $otherModelName = $objModel->tableToModel[$model]; + $otherModelName = $objModel->tableToModel[$objModel->{$model}->table]; $controller = Inflector::pluralize($model); echo "

Related ".Inflector::humanize($association)."

"; @@ -113,7 +113,7 @@ } echo ""; - echo "
  • ".$html->linkTo('Edit '.Inflector::humanize($association),"/".Inflector::underscore($controller)."/edit/{$data[$association][$otherModelObject->primaryKey]}")."
"; + echo ""; } ?> diff --git a/cake/scripts/acl.php b/cake/scripts/acl.php index 5ebd3050f..3f6cac41a 100644 --- a/cake/scripts/acl.php +++ b/cake/scripts/acl.php @@ -58,6 +58,10 @@ require_once (CONFIGS.'core.php'); require_once (CONFIGS.'database.php'); uses ('neat_array'); +uses ('object'); +uses ('session'); +uses ('security'); +uses ('model'.DS.'model'); uses ('model'.DS.'dbo'.DS.'dbo_factory'); uses ('controller'.DS.'controller'); uses ('controller'.DS.'components'.DS.'acl');