mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-04 13:47:31 +02:00
Code Issues Releases Wiki Activity

Guard e_session::setDefaultSystemConfig() to dedent function

Browse Source
This commit is contained in:
Nick Liu
2020-04-18 14:05:16 -05:00
parent 5b34bc9bf1
commit 4441d6e666
1 changed files with 43 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
e107_handlers/session_handler.php
View File

@@ -194,59 +194,58 @@ class e_session
*/
public function setDefaultSystemConfig()
{
if(!$this->getSessionId())
{
$config = array(
'ValidateRemoteAddr' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_BALANCED),
'ValidateHttpVia' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_HIGH),
'ValidateHttpXForwardedFor' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_BALANCED),
'ValidateHttpUserAgent' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_HIGH),
);
if ($this->getSessionId()) return $this;
$options = array(
// 'httponly' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_PARANOID),
'httponly' => true,
);
$config = array(
'ValidateRemoteAddr' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_BALANCED),
'ValidateHttpVia' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_HIGH),
'ValidateHttpXForwardedFor' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_BALANCED),
'ValidateHttpUserAgent' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_HIGH),
);
if(!defined('E107_INSTALL'))
{
$systemSaveMethod = ini_get('session.save_handler');
$options = array(
// 'httponly' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_PARANOID),
'httponly' => true,
);
// e107::getDebug()->log("Save Method:".$systemSaveMethod);
if (!defined('E107_INSTALL'))
{
$systemSaveMethod = ini_get('session.save_handler');
$saveMethod = (!empty($systemSaveMethod)) ? $systemSaveMethod : 'files';
// e107::getDebug()->log("Save Method:".$systemSaveMethod);
$config['SavePath'] = e107::getPref('session_save_path', false); // FIXME - new pref
$config['SaveMethod'] = e107::getPref('session_save_method', $saveMethod); // FIXME - new pref
$options['lifetime'] = (integer) e107::getPref('session_lifetime', 86400); //
$options['path'] = e107::getPref('session_cookie_path', ''); // FIXME - new pref
$options['secure'] = e107::getPref('ssl_enabled', false); //
$saveMethod = (!empty($systemSaveMethod)) ? $systemSaveMethod : 'files';
if(!empty($options['secure']))
{
ini_set('session.cookie_secure', 1);
}
}
$config['SavePath'] = e107::getPref('session_save_path', false); // FIXME - new pref
$config['SaveMethod'] = e107::getPref('session_save_method', $saveMethod); // FIXME - new pref
$options['lifetime'] = (integer)e107::getPref('session_lifetime', 86400); //
$options['path'] = e107::getPref('session_cookie_path', ''); // FIXME - new pref
$options['secure'] = e107::getPref('ssl_enabled', false); //
if(defined('SESSION_SAVE_PATH')) // safer than a pref.
{
$config['SavePath'] = e_BASE. SESSION_SAVE_PATH;
}
if (!empty($options['secure']))
{
ini_set('session.cookie_secure', 1);
}
}
$hashes = hash_algos();
if (defined('SESSION_SAVE_PATH')) // safer than a pref.
{
$config['SavePath'] = e_BASE . SESSION_SAVE_PATH;
}
if((e_SECURITY_LEVEL >= self::SECURITY_LEVEL_BALANCED) && in_array('sha512',$hashes))
{
ini_set('session.hash_function', 'sha512');
ini_set('session.hash_bits_per_character', 5);
}
$hashes = hash_algos();
if ((e_SECURITY_LEVEL >= self::SECURITY_LEVEL_BALANCED) && in_array('sha512', $hashes))
{
ini_set('session.hash_function', 'sha512');
ini_set('session.hash_bits_per_character', 5);
}
$this->setConfig($config)
->setOptions($options);
}
$this->setConfig($config)
->setOptions($options);
return $this;
return $this;
}
/**