From aee77a102fd071d80dc7f7e379469d04e558f728 Mon Sep 17 00:00:00 2001 From: Cameron Date: Sun, 14 Feb 2021 07:02:09 -0800 Subject: [PATCH] Set profanity list limit to 1000. (Could reduce performance) Fix for comment template. Prevent secureImage from buffering too many keys. --- e107_admin/prefs.php | 2 +- e107_core/templates/comment_template.php | 2 +- e107_handlers/secure_img_handler.php | 34 ++++++++++++++++++++---- e107_handlers/session_handler.php | 24 ++++++++++++++++- e107_tests/tests/unit/e_sessionTest.php | 20 ++++++++++++++ 5 files changed, 74 insertions(+), 8 deletions(-) diff --git a/e107_admin/prefs.php b/e107_admin/prefs.php index bb9064875..af088b413 100644 --- a/e107_admin/prefs.php +++ b/e107_admin/prefs.php @@ -1230,7 +1230,7 @@ if ($savePrefs) $core_pref->setPref($pref)->save(false, true); ".$frm->help(PRFLAN_44)." - ".$frm->tags('profanity_words', $pref['profanity_words'], 250, array('maxItems'=>40))." + ".$frm->tags('profanity_words', $pref['profanity_words'], 250, array('maxItems'=>1000))." diff --git a/e107_core/templates/comment_template.php b/e107_core/templates/comment_template.php index c039a9771..656f4ea9a 100644 --- a/e107_core/templates/comment_template.php +++ b/e107_core/templates/comment_template.php @@ -56,7 +56,7 @@ $COMMENT_TEMPLATE['item'] = '
{COMMENT_AVATAR: shape=circle}
-
+
{USERNAME}
diff --git a/e107_handlers/secure_img_handler.php b/e107_handlers/secure_img_handler.php index 326a30650..a0a954a6c 100644 --- a/e107_handlers/secure_img_handler.php +++ b/e107_handlers/secure_img_handler.php @@ -67,7 +67,30 @@ class secure_image $this->secret = e107::getUserSession()->generateRandomString('*****'); - e107::getSession('secureImage')->set($this->random_number, $this->secret); + $secImg = e107::getSession('secureImage'); + + $list = $secImg->get('secret'); + + $maxCache = 6; + + if(!empty($list) && count($list) > $maxCache) + { + $total = count($list) - $maxCache; + $c = 1; + foreach($list as $key=>$v) + { + if($c > $total) + { + continue; + } + + $secImg->clear('secret/'.$key); + $c++; + } + } + + + $secImg->set('secret/'.$this->random_number, $this->secret); return $this->random_number; } @@ -96,7 +119,8 @@ class secure_image return call_user_func($user_func,$recnum,$checkstr); } - $secret = e107::getSession('secureImage')->get($recnum); + $tmp = e107::getSession('secureImage')->get('secret'); + $secret = varset($tmp[$recnum]); if(!empty($secret) && ($secret === $checkstr)) { @@ -269,10 +293,10 @@ class secure_image // $code = intval($row['tmp_info']); // new value - - if($tmp = e107::getSession('secureImage')->get($recnum)) + $tmp = e107::getSession('secureImage')->get('secret'); + if(isset($tmp[$recnum])) { - $code = $tmp; + $code = $tmp[$recnum]; } else { diff --git a/e107_handlers/session_handler.php b/e107_handlers/session_handler.php index fe17759b2..528c7cce3 100644 --- a/e107_handlers/session_handler.php +++ b/e107_handlers/session_handler.php @@ -397,7 +397,29 @@ class e_session $this->_data = array(); // must be set to array() not unset. } - unset($this->_data[$key]); + if(strpos($key,'/') !== false) // multi-dimensional + { + $keyArr = explode('/',$key); + $count = count($keyArr); + + if($count === 2) + { + list($k1, $k2) = $keyArr; + unset($this->_data[$k1][$k2]); + } + elseif($count === 3) + { + list($k1, $k2, $k3) = $keyArr; + unset($this->_data[$k1][$k2][$k3]); + } + + } + else + { + unset($this->_data[$key]); + } + + return $this; } diff --git a/e107_tests/tests/unit/e_sessionTest.php b/e107_tests/tests/unit/e_sessionTest.php index c5fb32a22..666976c4c 100644 --- a/e107_tests/tests/unit/e_sessionTest.php +++ b/e107_tests/tests/unit/e_sessionTest.php @@ -49,6 +49,26 @@ } + public function testClear() + { + $this->sess->set('clear/one', 'Test 1'); + $this->sess->set('clear/two', 'Test 2'); + $this->sess->set('clear/three', 'Test 3'); + + $this->sess->clear('clear/two'); + + $expected = array ( + 'one' => 'Test 1', + 'three' => 'Test 3', + ); + + $result = $this->sess->get('clear'); + $this->assertSame($expected, $result); + + } + + + public function testSetGet() { $expected = '123456';