diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/base.php | 45 | ||||
| -rw-r--r-- | lib/session/internal.php | 39 | ||||
| -rw-r--r-- | lib/session/memory.php | 63 | ||||
| -rw-r--r-- | lib/session/session.php | 79 | ||||
| -rw-r--r-- | lib/template.php | 8 | ||||
| -rw-r--r-- | lib/user.php | 16 | ||||
| -rwxr-xr-x | lib/util.php | 14 |
7 files changed, 228 insertions, 36 deletions
diff --git a/lib/base.php b/lib/base.php index 724bd250a5c..f1145b651ae 100644 --- a/lib/base.php +++ b/lib/base.php @@ -75,6 +75,11 @@ class OC { protected static $router = null; /** + * @var \OC\Session\Session + */ + public static $session = null; + + /** * @var \OC\Autoloader $loader */ public static $loader = null; @@ -283,14 +288,17 @@ class OC { $cookie_path = OC::$WEBROOT ?: '/'; ini_set('session.cookie_path', $cookie_path); - // set the session name to the instance id - which is unique - session_name(OC_Util::getInstanceId()); + try{ + // set the session name to the instance id - which is unique + self::$session = new \OC\Session\Internal(OC_Util::getInstanceId()); + // if session cant be started break with http 500 error + }catch (Exception $e){ + //set the session object to a dummy session so code relying on the session existing still works + self::$session = new \OC\Session\Memory(''); - // if session cant be started break with http 500 error - if (session_start() === false){ - OC_Log::write('core', 'Session could not be initialized', + OC_Log::write('core', 'Session could not be initialized', OC_Log::ERROR); - + header('HTTP/1.1 500 Internal Server Error'); OC_Util::addStyle("styles"); $error = 'Session could not be initialized. Please contact your '; @@ -304,15 +312,15 @@ class OC { } // regenerate session id periodically to avoid session fixation - if (!isset($_SESSION['SID_CREATED'])) { - $_SESSION['SID_CREATED'] = time(); - } else if (time() - $_SESSION['SID_CREATED'] > 60*60*12) { + if (!self::$session->exists('SID_CREATED')) { + self::$session->set('SID_CREATED', time()); + } else if (time() - self::$session->get('SID_CREATED') > 60*60*12) { session_regenerate_id(true); - $_SESSION['SID_CREATED'] = time(); + self::$session->set('SID_CREATED', time()); } // session timeout - if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 60*60*24)) { + if (self::$session->exists('LAST_ACTIVITY') && (time() - self::$session->get('LAST_ACTIVITY') > 60*60*24)) { if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time() - 42000, $cookie_path); } @@ -320,7 +328,8 @@ class OC { session_destroy(); session_start(); } - $_SESSION['LAST_ACTIVITY'] = time(); + + self::$session->set('LAST_ACTIVITY', time()); } public static function getRouter() { @@ -436,6 +445,8 @@ class OC { self::checkSSL(); if ( !self::$CLI ) { self::initSession(); + } else { + self::$session = new \OC\Session\Memory(''); } $errors = OC_Util::checkServer(); @@ -446,14 +457,14 @@ class OC { // User and Groups if (!OC_Config::getValue("installed", false)) { - $_SESSION['user_id'] = ''; + self::$session->set('user_id',''); } OC_User::useBackend(new OC_User_Database()); OC_Group::useBackend(new OC_Group_Database()); - if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SESSION['user_id']) - && $_SERVER['PHP_AUTH_USER'] != $_SESSION['user_id']) { + if (isset($_SERVER['PHP_AUTH_USER']) && self::$session->exists('user_id') + && $_SERVER['PHP_AUTH_USER'] != self::$session->get('user_id')) { OC_User::logout(); } @@ -598,7 +609,7 @@ class OC { // Handle redirect URL for logged in users if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) { $location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url'])); - + // Deny the redirect if the URL contains a @ // This prevents unvalidated redirects like ?redirect_url=:user@domain.com if (strpos($location, '@') === false) { @@ -748,7 +759,7 @@ class OC { if (OC_User::login($_POST["user"], $_POST["password"])) { // setting up the time zone if (isset($_POST['timezone-offset'])) { - $_SESSION['timezone'] = $_POST['timezone-offset']; + self::$session->set('timezone', $_POST['timezone-offset']); } self::cleanupLoginTokens($_POST['user']); diff --git a/lib/session/internal.php b/lib/session/internal.php new file mode 100644 index 00000000000..60aecccc8aa --- /dev/null +++ b/lib/session/internal.php @@ -0,0 +1,39 @@ +<?php +/** + * Copyright (c) 2013 Robin Appelman <icewind@owncloud.com> + * This file is licensed under the Affero General Public License version 3 or + * later. + * See the COPYING-README file. + */ + +namespace OC\Session; + +/** + * Class Internal + * + * wrap php's internal session handling into the Session interface + * + * @package OC\Session + */ +class Internal extends Memory { + public function __construct($name) { + session_name($name); + session_start(); + if (!isset($_SESSION)) { + throw new \Exception('Failed to start session'); + } + $this->data = $_SESSION; + } + + public function __destruct() { + $_SESSION = $this->data; + session_write_close(); + } + + public function clear() { + session_unset(); + @session_regenerate_id(true); + @session_start(); + $this->data = $_SESSION = array(); + } +} diff --git a/lib/session/memory.php b/lib/session/memory.php new file mode 100644 index 00000000000..c148ff4b9b9 --- /dev/null +++ b/lib/session/memory.php @@ -0,0 +1,63 @@ +<?php +/** + * Copyright (c) 2013 Robin Appelman <icewind@owncloud.com> + * This file is licensed under the Affero General Public License version 3 or + * later. + * See the COPYING-README file. + */ + +namespace OC\Session; + +/** + * Class Internal + * + * store session data in an in-memory array, not persistance + * + * @package OC\Session + */ +class Memory extends Session { + protected $data; + + public function __construct($name) { + //no need to use $name since all data is already scoped to this instance + $this->data = array(); + } + + /** + * @param string $key + * @param mixed $value + */ + public function set($key, $value) { + $this->data[$key] = $value; + } + + /** + * @param string $key + * @return mixed + */ + public function get($key) { + if (!$this->exists($key)) { + return null; + } + return $this->data[$key]; + } + + /** + * @param string $key + * @return bool + */ + public function exists($key) { + return isset($this->data[$key]); + } + + /** + * @param string $key + */ + public function remove($key) { + unset($this->data[$key]); + } + + public function clear() { + $this->data = array(); + } +} diff --git a/lib/session/session.php b/lib/session/session.php new file mode 100644 index 00000000000..55515f57a87 --- /dev/null +++ b/lib/session/session.php @@ -0,0 +1,79 @@ +<?php +/** + * Copyright (c) 2013 Robin Appelman <icewind@owncloud.com> + * This file is licensed under the Affero General Public License version 3 or + * later. + * See the COPYING-README file. + */ + +namespace OC\Session; + +abstract class Session implements \ArrayAccess { + /** + * $name serves as a namespace for the session keys + * + * @param string $name + */ + abstract public function __construct($name); + + /** + * @param string $key + * @param mixed $value + */ + abstract public function set($key, $value); + + /** + * @param string $key + * @return mixed should return null if $key does not exist + */ + abstract public function get($key); + + /** + * @param string $key + * @return bool + */ + abstract public function exists($key); + + /** + * should not throw any errors if $key does not exist + * + * @param string $key + */ + abstract public function remove($key); + + /** + * removes all entries within the cache namespace + */ + abstract public function clear(); + + /** + * @param mixed $offset + * @return bool + */ + public function offsetExists($offset) { + return $this->exists($offset); + } + + /** + * @param mixed $offset + * @return mixed + */ + public function offsetGet($offset) { + return $this->get($offset); + } + + /** + * @param mixed $offset + * @param mixed $value + */ + public function offsetSet($offset, $value) { + $this->set($offset, $value); + } + + /** + * @param mixed $offset + */ + public function offsetUnset($offset) { + $this->remove($offset); + } +} diff --git a/lib/template.php b/lib/template.php index 2f535335648..9467dedb62a 100644 --- a/lib/template.php +++ b/lib/template.php @@ -246,14 +246,14 @@ class OC_Template{ // if the formfactor is not yet autodetected do the // autodetection now. For possible formfactors check the // detectFormfactor documentation - if(!isset($_SESSION['formfactor'])) { - $_SESSION['formfactor'] = self::detectFormfactor(); + if (!\OC::$session->exists('formfactor')) { + \OC::$session->set('formfactor', self::detectFormfactor()); } // allow manual override via GET parameter if(isset($_GET['formfactor'])) { - $_SESSION['formfactor']=$_GET['formfactor']; + \OC::$session->set('formfactor', $_GET['formfactor']); } - $formfactor=$_SESSION['formfactor']; + $formfactor = \OC::$session->get('formfactor'); if($formfactor=='default') { $fext=''; }elseif($formfactor=='mobile') { diff --git a/lib/user.php b/lib/user.php index 26fe73f8bfe..1dde87a1339 100644 --- a/lib/user.php +++ b/lib/user.php @@ -264,7 +264,7 @@ class OC_User { * @brief Sets user id for session and triggers emit */ public static function setUserId($uid) { - $_SESSION['user_id'] = $uid; + \OC::$session->set('user_id', $uid); } /** @@ -285,7 +285,7 @@ class OC_User { $result = true; } if (OC_User::getUser() === $uid) { - $_SESSION['display_name'] = $displayName; + \OC::$session->set('display_name', $displayName); } return $result; } @@ -328,10 +328,10 @@ class OC_User { * Checks if the user is logged in */ public static function isLoggedIn() { - if( isset($_SESSION['user_id']) AND $_SESSION['user_id']) { + if( \OC::$session->get('user_id')) { OC_App::loadApps(array('authentication')); self::setupBackends(); - if (self::userExists($_SESSION['user_id']) ) { + if (self::userExists(\OC::$session->get('user_id')) ) { return true; } } @@ -356,8 +356,8 @@ class OC_User { * @return string uid or false */ public static function getUser() { - if( isset($_SESSION['user_id']) AND $_SESSION['user_id'] ) { - return $_SESSION['user_id']; + if( \OC::$session->get('user_id') ) { + return \OC::$session->get('user_id'); } else{ return false; @@ -371,8 +371,8 @@ class OC_User { public static function getDisplayName($user=null) { if ( $user ) { return self::determineDisplayName($user); - } else if( isset($_SESSION['display_name']) AND $_SESSION['display_name'] ) { - return $_SESSION['display_name']; + } else if( \OC::$session->get('display_name') ) { + return \OC::$session->get('display_name'); } else{ return false; diff --git a/lib/util.php b/lib/util.php index ce68568183b..581f35bc0ac 100755 --- a/lib/util.php +++ b/lib/util.php @@ -151,10 +151,10 @@ class OC_Util { * @param bool dateOnly option to omit time from the result */ public static function formatDate( $timestamp, $dateOnly=false) { - if(isset($_SESSION['timezone'])) {//adjust to clients timezone if we know it + if(\OC::$session->exists('timezone')) {//adjust to clients timezone if we know it $systemTimeZone = intval(date('O')); $systemTimeZone=(round($systemTimeZone/100, 0)*60)+($systemTimeZone%100); - $clientTimeZone=$_SESSION['timezone']*60; + $clientTimeZone=\OC::$session->get('timezone')*60; $offset=$clientTimeZone-$systemTimeZone; $timestamp=$timestamp+$offset*60; } @@ -458,13 +458,13 @@ class OC_Util { */ public static function callRegister() { // Check if a token exists - if(!isset($_SESSION['requesttoken'])) { + if(!\OC::$session->exists('requesttoken')) { // No valid token found, generate a new one. $requestToken = self::generate_random_bytes(20); - $_SESSION['requesttoken']=$requestToken; + \OC::$session->set('requesttoken', $requestToken); } else { // Valid token already exists, send it - $requestToken = $_SESSION['requesttoken']; + $requestToken = \OC::$session->get('requesttoken'); } return($requestToken); } @@ -476,7 +476,7 @@ class OC_Util { * @see OC_Util::callRegister() */ public static function isCallRegistered() { - if(!isset($_SESSION['requesttoken'])) { + if(!\OC::$session->exists('requesttoken')) { return false; } @@ -492,7 +492,7 @@ class OC_Util { } // Check if the token is valid - if($token !== $_SESSION['requesttoken']) { + if($token !== \OC::$session->get('requesttoken')) { // Not valid return false; } else { |