mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-04 21:57:51 +02:00
Code Issues Releases Wiki Activity

Guard e_session::setDefaultSystemConfig() to dedent function

Browse Source
This commit is contained in:
Nick Liu
2020-04-18 14:05:16 -05:00
parent 5b34bc9bf1
commit 4441d6e666
1 changed files with 43 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
e107_handlers/session_handler.php
View File

@@ -194,59 +194,58 @@ class e_session
*/ */
public function setDefaultSystemConfig() public function setDefaultSystemConfig()
{ {
if(!$this->getSessionId()) if ($this->getSessionId()) return $this;
{
$config = array(
'ValidateRemoteAddr' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_BALANCED),
'ValidateHttpVia' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_HIGH),
'ValidateHttpXForwardedFor' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_BALANCED),
'ValidateHttpUserAgent' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_HIGH),
);
$options = array(
// 'httponly' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_PARANOID),
'httponly' => true,
);
if(!defined('E107_INSTALL'))
{
$systemSaveMethod = ini_get('session.save_handler');
// e107::getDebug()->log("Save Method:".$systemSaveMethod); $config = array(
'ValidateRemoteAddr' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_BALANCED),
'ValidateHttpVia' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_HIGH),
'ValidateHttpXForwardedFor' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_BALANCED),
'ValidateHttpUserAgent' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_HIGH),
);
$saveMethod = (!empty($systemSaveMethod)) ? $systemSaveMethod : 'files'; $options = array(
// 'httponly' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_PARANOID),
'httponly' => true,
);
$config['SavePath'] = e107::getPref('session_save_path', false); // FIXME - new pref if (!defined('E107_INSTALL'))
$config['SaveMethod'] = e107::getPref('session_save_method', $saveMethod); // FIXME - new pref {
$options['lifetime'] = (integer) e107::getPref('session_lifetime', 86400); // $systemSaveMethod = ini_get('session.save_handler');
$options['path'] = e107::getPref('session_cookie_path', ''); // FIXME - new pref
$options['secure'] = e107::getPref('ssl_enabled', false); //
if(!empty($options['secure'])) // e107::getDebug()->log("Save Method:".$systemSaveMethod);
{
ini_set('session.cookie_secure', 1);
}
}
if(defined('SESSION_SAVE_PATH')) // safer than a pref. $saveMethod = (!empty($systemSaveMethod)) ? $systemSaveMethod : 'files';
{
$config['SavePath'] = e_BASE. SESSION_SAVE_PATH;
}
$hashes = hash_algos(); $config['SavePath'] = e107::getPref('session_save_path', false); // FIXME - new pref
$config['SaveMethod'] = e107::getPref('session_save_method', $saveMethod); // FIXME - new pref
$options['lifetime'] = (integer)e107::getPref('session_lifetime', 86400); //
$options['path'] = e107::getPref('session_cookie_path', ''); // FIXME - new pref
$options['secure'] = e107::getPref('ssl_enabled', false); //
if((e_SECURITY_LEVEL >= self::SECURITY_LEVEL_BALANCED) && in_array('sha512',$hashes)) if (!empty($options['secure']))
{ {
ini_set('session.hash_function', 'sha512'); ini_set('session.cookie_secure', 1);
ini_set('session.hash_bits_per_character', 5); }
} }
if (defined('SESSION_SAVE_PATH')) // safer than a pref.
$this->setConfig($config) {
->setOptions($options); $config['SavePath'] = e_BASE . SESSION_SAVE_PATH;
} }
return $this; $hashes = hash_algos();
if ((e_SECURITY_LEVEL >= self::SECURITY_LEVEL_BALANCED) && in_array('sha512', $hashes))
{
ini_set('session.hash_function', 'sha512');
ini_set('session.hash_bits_per_character', 5);
}
$this->setConfig($config)
->setOptions($options);
return $this;
} }
/** /**