adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2024-11-15 03:18:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Check for session.use_trans_sid and session ID in URL in case cookies are disabled (backport of cakephp/cakephp#10828 for 2.x)

Browse source
This commit is contained in:
Clemens Weiß 2017-10-06 17:04:53 +02:00
parent b3d83afb81
commit 5d5e791a31
1 changed files with 766 additions and 754 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

104
lib/Cake/Model/Datasource/CakeSession.php
View file

@ -34,84 +34,84 @@ App::uses('Security', 'Utility');
*/
class CakeSession {
/**
/**
* True if the Session is still valid
*
* @var bool
*/
public static $valid = false;
/**
/**
* Error messages for this session
*
* @var array
*/
public static $error = false;
/**
/**
* User agent string
*
* @var string
*/
protected static $_userAgent = '';
/**
/**
* Path to where the session is active.
*
* @var string
*/
public static $path = '/';
/**
/**
* Error number of last occurred error
*
* @var int
*/
public static $lastError = null;
/**
/**
* Start time for this session.
*
* @var int
*/
public static $time = false;
/**
/**
* Cookie lifetime
*
* @var int
*/
public static $cookieLifeTime;
/**
/**
* Time when this session becomes invalid.
*
* @var int
*/
public static $sessionTime = false;
/**
/**
* Current Session id
*
* @var string
*/
public static $id = null;
/**
/**
* Hostname
*
* @var string
*/
public static $host = null;
/**
/**
* Session timeout multiplier factor
*
* @var int
*/
public static $timeout = null;
/**
/**
* Number of requests that can occur during a session time without the session being renewed.
* This feature is only used when config value `Session.autoRegenerate` is set to true.
*
@ -120,21 +120,28 @@ class CakeSession {
*/
public static $requestCountdown = 10;
/**
/**
* Whether or not the init function in this class was already called
*
* @var bool
*/
protected static $_initialized = false;
/**
/**
* Session cookie name
*
* @var string
*/
protected static $_cookieName = null;
/**
/**
* Whether this session is running under a CLI environment
*
* @var bool
*/
protected static $_isCLI = false;
/**
* Pseudo constructor.
*
* @param string|null $base The base path for the Session
@ -155,9 +162,10 @@ class CakeSession {
}
static::$_initialized = true;
static::$_isCLI = (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg');
}
/**
/**
* Setup the Path variable
*
* @param string|null $base base path
@ -177,7 +185,7 @@ class CakeSession {
static::$path = $base;
}
/**
/**
* Set the host name
*
* @param string $host Hostname
@ -190,7 +198,7 @@ class CakeSession {
}
}
/**
/**
* Starts the Session.
*
* @return bool True if session was started
@ -211,7 +219,7 @@ class CakeSession {
return static::started();
}
/**
/**
* Determine if Session has been started.
*
* @return bool True if session has been started.
@ -223,7 +231,7 @@ class CakeSession {
return isset($_SESSION) && session_id();
}
/**
/**
* Returns true if given variable is set in session.
*
* @param string $name Variable name to check for
@ -240,7 +248,7 @@ class CakeSession {
return Hash::get($_SESSION, $name) !== null;
}
/**
/**
* Returns the session id.
* Calling this method will not auto start the session. You might have to manually
* assert a started session.
@ -265,7 +273,7 @@ class CakeSession {
return static::$id;
}
/**
/**
* Removes a variable from session.
*
* @param string $name Session variable to remove
@ -279,7 +287,7 @@ class CakeSession {
return false;
}
/**
/**
* Used to write new data to _SESSION, since PHP doesn't like us setting the _SESSION var itself.
*
* @param array &$old Set of old variables => values
@ -299,7 +307,7 @@ class CakeSession {
}
}
/**
/**
* Return error description for given error number.
*
* @param int $errorNumber Error to set
@ -312,7 +320,7 @@ class CakeSession {
return static::$error[$errorNumber];
}
/**
/**
* Returns last occurred error as a string, if any.
*
* @return mixed Error description as a string, or false.
@ -324,7 +332,7 @@ class CakeSession {
return false;
}
/**
/**
* Returns true if session is valid.
*
* @return bool Success
@ -341,7 +349,7 @@ class CakeSession {
return static::$valid;
}
/**
/**
* Tests that the user agent is valid and that the session hasn't 'timed out'.
* Since timeouts are implemented in CakeSession it checks the current static::$time
* against the time the session is set to expire. The User agent is only checked
@ -359,7 +367,7 @@ class CakeSession {
return ($validAgent && static::$time <= $time);
}
/**
/**
* Get / Set the user agent
*
* @param string|null $userAgent Set the user agent
@ -375,7 +383,7 @@ class CakeSession {
return static::$_userAgent;
}
/**
/**
* Returns given session variable, or all of them, if no parameters given.
*
* @param string|null $name The name of the session variable (or a path as sent to Set.extract)
@ -397,7 +405,7 @@ class CakeSession {
return null;
}
/**
/**
* Returns all session variables.
*
* @return mixed Full $_SESSION array, or false on error.
@ -410,7 +418,7 @@ class CakeSession {
return false;
}
/**
/**
* Writes value to given session variable name.
*
* @param string|array $name Name of variable
@ -435,7 +443,7 @@ class CakeSession {
return true;
}
/**
/**
* Reads and deletes a variable from session.
*
* @param string $name The key to read and remove (or a path as sent to Hash.extract).
@ -453,7 +461,7 @@ class CakeSession {
return $value;
}
/**
/**
* Helper method to destroy invalid sessions.
*
* @return void
@ -477,7 +485,7 @@ class CakeSession {
static::$_cookieName = null;
}
/**
/**
* Clears the session.
*
* Optionally also clears the session id and renews the session.
@ -496,7 +504,7 @@ class CakeSession {
static::renew();
}
/**
/**
* Helper method to initialize a session, based on CakePHP core settings.
*
* Sessions can be configured with a few shortcut names as well as have any number of ini settings declared.
@ -574,7 +582,7 @@ class CakeSession {
static::$sessionTime = static::$time + ($sessionConfig['timeout'] * 60);
}
/**
/**
* Get session cookie name.
*
* @return string
@ -590,20 +598,24 @@ class CakeSession {
return static::$_cookieName = session_name();
}
/**
/**
* Returns whether a session exists
*
* @return bool
*/
protected static function _hasSession() {
return static::started() || isset($_COOKIE[static::_cookieName()]) || (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg');
return static::started()
|| !ini_get('session.use_cookies')
|| isset($_COOKIE[static::_cookieName()])
|| static::$_isCLI
|| (ini_get('session.use_trans_sid') && isset($_GET[session_name()]));
}
/**
/**
* Find the handler class and make sure it implements the correct interface.
*
* @param string $handler Handler name.
* @return void
* @return CakeSessionHandlerInterface
* @throws CakeSessionException
*/
protected static function _getHandler($handler) {
@ -619,7 +631,7 @@ class CakeSession {
throw new CakeSessionException(__d('cake_dev', 'Chosen SessionHandler does not implement CakeSessionHandlerInterface it cannot be used with an engine key.'));
}
/**
/**
* Get one of the prebaked default session configurations.
*
* @param string $name Config name.
@ -686,7 +698,7 @@ class CakeSession {
return false;
}
/**
/**
* Helper method to start a session
*
* @return bool Success
@ -710,7 +722,7 @@ class CakeSession {
return true;
}
/**
/**
* Helper method to create a new session.
*
* @return void
@ -744,7 +756,7 @@ class CakeSession {
}
}
/**
/**
* Writes configuration variables to the session
*
* @return void
@ -755,7 +767,7 @@ class CakeSession {
static::write('Config.countdown', static::$requestCountdown);
}
/**
/**
* Restarts this session.
*
* @return void
@ -774,7 +786,7 @@ class CakeSession {
}
}
/**
/**
* Helper method to set an internal error message.
*
* @param int $errorNumber Number of the error