mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-04 21:57:51 +02:00
Code Issues Releases Wiki Activity

Guard e_session::setDefaultSystemConfig() to dedent function

Browse Source
This commit is contained in:
Nick Liu
2020-04-18 14:05:16 -05:00
parent 5b34bc9bf1
commit 4441d6e666
1 changed files with 43 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
e107_handlers/session_handler.php
View File

@@ -194,8 +194,8 @@ class e_session
*/ */
public function setDefaultSystemConfig() public function setDefaultSystemConfig()
{ {
if(!$this->getSessionId()) if ($this->getSessionId()) return $this;
{
$config = array( $config = array(
'ValidateRemoteAddr' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_BALANCED), 'ValidateRemoteAddr' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_BALANCED),
'ValidateHttpVia' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_HIGH), 'ValidateHttpVia' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_HIGH),
@@ -208,7 +208,7 @@ class e_session
'httponly' => true, 'httponly' => true,
); );
if(!defined('E107_INSTALL')) if (!defined('E107_INSTALL'))
{ {
$systemSaveMethod = ini_get('session.save_handler'); $systemSaveMethod = ini_get('session.save_handler');
@@ -218,24 +218,24 @@ class e_session
$config['SavePath'] = e107::getPref('session_save_path', false); // FIXME - new pref $config['SavePath'] = e107::getPref('session_save_path', false); // FIXME - new pref
$config['SaveMethod'] = e107::getPref('session_save_method', $saveMethod); // FIXME - new pref $config['SaveMethod'] = e107::getPref('session_save_method', $saveMethod); // FIXME - new pref
$options['lifetime'] = (integer) e107::getPref('session_lifetime', 86400); // $options['lifetime'] = (integer)e107::getPref('session_lifetime', 86400); //
$options['path'] = e107::getPref('session_cookie_path', ''); // FIXME - new pref $options['path'] = e107::getPref('session_cookie_path', ''); // FIXME - new pref
$options['secure'] = e107::getPref('ssl_enabled', false); // $options['secure'] = e107::getPref('ssl_enabled', false); //
if(!empty($options['secure'])) if (!empty($options['secure']))
{ {
ini_set('session.cookie_secure', 1); ini_set('session.cookie_secure', 1);
} }
} }
if(defined('SESSION_SAVE_PATH')) // safer than a pref. if (defined('SESSION_SAVE_PATH')) // safer than a pref.
{ {
$config['SavePath'] = e_BASE. SESSION_SAVE_PATH; $config['SavePath'] = e_BASE . SESSION_SAVE_PATH;
} }
$hashes = hash_algos(); $hashes = hash_algos();
if((e_SECURITY_LEVEL >= self::SECURITY_LEVEL_BALANCED) && in_array('sha512',$hashes)) if ((e_SECURITY_LEVEL >= self::SECURITY_LEVEL_BALANCED) && in_array('sha512', $hashes))
{ {
ini_set('session.hash_function', 'sha512'); ini_set('session.hash_function', 'sha512');
ini_set('session.hash_bits_per_character', 5); ini_set('session.hash_bits_per_character', 5);
@@ -244,7 +244,6 @@ class e_session
$this->setConfig($config) $this->setConfig($config)
->setOptions($options); ->setOptions($options);
}
return $this; return $this;
} }