Cameron 
							
						 
					 
					
						
						
							
						
						412b0b2efe 
					 
					
						
						
							
							Reducing e_SECURITY_LEVEL to 3 with disable ValidateRemoteAddr.  
						
						
						
						
					 
					
						2022-04-04 14:47:53 -07:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						55980a29a8 
					 
					
						
						
							
							Generated PHPDoc for all classes in e107_handlers where one was missing. toNumber() updated to always return int or float.  
						
						
						
						
					 
					
						2022-04-04 10:54:24 -07:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						fd42d2325f 
					 
					
						
						
							
							Issue  #4657  - Improved handling to prevent multiple sessions running on the same user account.  
						
						
						
						
					 
					
						2022-01-13 11:18:31 -08:00 
						 
				 
			
				
					
						
							
							
								Nick Liu 
							
						 
					 
					
						
						
							
						
						20882920a0 
					 
					
						
						
							
							Fix all PHP 8.1 test failures  
						
						... 
						
						
						
						* `strftime()` has been replaced with a polyfill based on `DateTime`.
* Explicit type casts/assertions added where required by PHP 8.1
* `filter_var(…, FILTER_SANITIZE_STRING)` replaced with `strip_tags()`
  or HTML entity encoding of quotation marks, depending on a guess of
  what the intended "sanitization" was
* `http_build_query()` usage type mismatches fixed
* Removed usages of the `FILE_TEXT` constant
* To avoid breaking PHP 5.6 compatibility (function return types),
  `e_session_db` no longer implements `SessionHandlerInterface`.
  Instead, the alternative non-OOP invocation of
  `session_set_save_handler()` is used instead to apply the session
  handler.
* The shim for `strptime()` still calls the native function if available
  but now suppresses the deprecation warning.
* `e_db_pdo` explicitly asks for `PDO::ATTR_STRINGIFY_FETCHES` to
  maintain consistent behavior with past versions of PHP.
* `e_db_mysql` explicitly sets `mysqli_report(MYSQLI_REPORT_OFF)` to
  maintain consistent behavior with past versions of PHP.
* Removed pointless random number generator seed from `banner` plugin
* Workaround for `COUNT(*)` SQL query in
  `validatorClass::dbValidateArray()` without a proper API for avoiding
  SQL injection 
						
						
					 
					
						2021-09-04 15:06:19 +02:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						d8f9a96dea 
					 
					
						
						
							
							Issue  #4520  Possible fix for session duration. (testing needed)  
						
						
						
						
					 
					
						2021-06-18 09:44:26 -07:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						aee77a102f 
					 
					
						
						
							
							Set profanity list limit to 1000. (Could reduce performance)  
						
						... 
						
						
						
						Fix for comment template. Prevent secureImage from buffering too many keys. 
						
						
					 
					
						2021-02-14 07:02:09 -08:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						72c54371cc 
					 
					
						
						
							
							e107::getSession()->set will now accept multi-dimensional key format. Test added. Form-handler PHP8 fix.  
						
						
						
						
					 
					
						2021-02-08 11:59:04 -08:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						2337b075a8 
					 
					
						
						
							
							Fixes   #4346  - TinyMce parser issue. Hide side-panel help icon on legacy admin theme.  
						
						
						
						
					 
					
						2021-02-05 18:31:54 -08:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						7279e0273e 
					 
					
						
						
							
							Valid login event added. Session conflict fix. Session test added. Featurebox tree() fix.  
						
						
						
						
					 
					
						2021-01-14 10:31:51 -08:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						7dfac0dcfa 
					 
					
						
						
							
							Issue  #4299  - PHP8 compatibility fixes.  
						
						
						
						
					 
					
						2020-12-25 10:23:56 -08:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						3f8e043998 
					 
					
						
						
							
							Replaced e107::getAdminLog() with e107::getLog(). e107::getAdminLog() will continue as a deprecated alias.  
						
						
						
						
					 
					
						2020-12-22 09:36:02 -08:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						f5153bf640 
					 
					
						
						
							
							Updating of deprecated method usage. Removal of old files. Log tests added.  
						
						
						
						
					 
					
						2020-12-18 09:39:02 -08:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						7439d599f8 
					 
					
						
						
							
							Issue  #4176  - Incremental introduction of database sessions - Experimental (work in progress)  
						
						
						
						
					 
					
						2020-06-02 13:43:21 -07:00 
						 
				 
			
				
					
						
							
							
								Nick Liu 
							
						 
					 
					
						
						
							
						
						5d982561c3 
					 
					
						
						
							
							Fixes   #4113  - Enable session file garbage collection  
						
						
						
						
					 
					
						2020-04-18 14:10:02 -05:00 
						 
				 
			
				
					
						
							
							
								Nick Liu 
							
						 
					 
					
						
						
							
						
						4441d6e666 
					 
					
						
						
							
							Guard e_session::setDefaultSystemConfig() to dedent function  
						
						
						
						
					 
					
						2020-04-18 14:05:16 -05:00 
						 
				 
			
				
					
						
							
							
								Nick Liu 
							
						 
					 
					
						
						
							
						
						4321c1b944 
					 
					
						
						
							
							Null coalescing for $_SERVER keys in session_handler.php  
						
						... 
						
						
						
						Resolves CLI-invoked E_NOTICE in:
* e_session::getValidateData()
* e_core_session::challenge() 
						
						
					 
					
						2020-01-17 15:54:12 +01:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						fa6852ea8e 
					 
					
						
						
							
							Revert session handler change.  
						
						
						
						
					 
					
						2019-06-16 13:44:03 -07:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						6b73f6d198 
					 
					
						
						
							
							Fix for session issue.  
						
						
						
						
					 
					
						2019-06-16 12:44:00 -07:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						d4134c7f89 
					 
					
						
						
							
							PHP 7.3 fixes.  
						
						
						
						
					 
					
						2019-02-07 17:12:23 -08:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						9726a70d2d 
					 
					
						
						
							
							Issue  #3076   - session handler.  
						
						
						
						
					 
					
						2018-03-19 11:20:35 -07:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						968965e561 
					 
					
						
						
							
							Removed session debug info  
						
						
						
						
					 
					
						2018-03-10 19:23:06 -08:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						15345afb89 
					 
					
						
						
							
							#1517  Tracing of the 'unauthorized access' issue.  
						
						
						
						
					 
					
						2018-03-09 17:52:14 -08:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						f05a0fd777 
					 
					
						
						
							
							Set secure cookie when SSL active.  
						
						
						
						
					 
					
						2018-01-13 12:38:32 -08:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						e35259afe9 
					 
					
						
						
							
							Multisite navigation support (when multisite plugin installed)  
						
						
						
						
					 
					
						2017-10-11 18:57:32 -07:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						775060b94f 
					 
					
						
						
							
							Remove debug info  
						
						
						
						
					 
					
						2017-01-12 12:15:08 -08:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						e2bc81f654 
					 
					
						
						
							
							Issue  #1245 ,  #1523  Possible fix for servers using memcache as a session handler.  
						
						
						
						
					 
					
						2017-01-12 12:06:25 -08:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						8af3a0780a 
					 
					
						
						
							
							Pref for session time added. Modification of PRFLAN_60 and PRFLAN_61  
						
						
						
						
					 
					
						2016-12-28 15:03:06 -08:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						465a1309af 
					 
					
						
						
							
							Session clear() with no key will now reset data array. Fix for nav-bar avatar alignment  
						
						
						
						
					 
					
						2016-12-10 10:47:14 -08:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						17382b25ac 
					 
					
						
						
							
							Input filter fixes.  
						
						
						
						
					 
					
						2016-08-19 16:13:38 -07:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						ad0bc1376d 
					 
					
						
						
							
							Issue  #1349  MySQL class fixes and install.php corrections.  
						
						
						
						
					 
					
						2016-02-11 20:57:30 -08:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						84c4c8607d 
					 
					
						
						
							
							Issues  #1254   #1208   #1211   #1245  Option to define the session.save_path (relative to e107's root directory) in e107_config.php: define('SESSION_SAVE_PATH','relative-path-to-folder');  
						
						... 
						
						
						
						example: define('SESSION_SAVE_PATH','../_sessions/');
Use the PHPInfo page in the admin area to check it has worked. Will only work if the path to the folder exists. session.hash_function is now set to sha512 by default when the security level is BALANCED or higher. 
						
						
					 
					
						2015-11-30 14:30:37 -08:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						e576370e57 
					 
					
						
						
							
							Remove some references to deprecated functions/methods.  
						
						
						
						
					 
					
						2015-02-14 23:34:15 -08:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						8c7e7f77de 
					 
					
						
						
							
							Admin-UI: Improved styling options for inline editing on boolean elements.  
						
						
						
						
					 
					
						2015-01-20 20:57:20 -08:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						c4bfa03be1 
					 
					
						
						
							
							Fixes   #495 ,  #485 ,  #486 ,  #487  - Browser cache issues.  
						
						
						
						
					 
					
						2014-05-24 20:40:51 -07:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						67f48571f4 
					 
					
						
						
							
							Fix for session value-loss issue.  
						
						
						
						
					 
					
						2013-11-05 14:15:12 -08:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						29f74508c2 
					 
					
						
						
							
							Forum quick-reply fix.  
						
						
						
						
					 
					
						2013-06-19 19:54:29 -07:00 
						 
				 
			
				
					
						
							
							
								SteveD 
							
						 
					 
					
						
						
							
						
						865adaa99f 
					 
					
						
						
							
							Issue  #343  partial fix - needs JS sorting properly, but should now be possible to log in using CHAP. CHAP didn't work at all for admin login. Also need to change challenge value on every page reload without losing track.  
						
						
						
						
					 
					
						2013-06-09 20:53:44 +01:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						73e095f14f 
					 
					
						
						
							
							May help session subdomain issues.  
						
						
						
						
					 
					
						2013-06-06 12:50:43 -07:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						5af8208c7e 
					 
					
						
						
							
							Enable logging by default.  
						
						
						
						
					 
					
						2013-06-02 14:49:26 -07:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						693b5bea75 
					 
					
						
						
							
							Improved logging options and file-naming.  
						
						
						
						
					 
					
						2013-06-01 04:36:58 -07:00 
						 
				 
			
				
					
						
							
							
								Cameron 
							
						 
					 
					
						
						
							
						
						8d94fa8b23 
					 
					
						
						
							
							Possible fix for 'Anonymous' showing in logs, when admin is logged in.  
						
						
						
						
					 
					
						2013-05-31 18:36:43 -07:00 
						 
				 
			
				
					
						
							
							
								CaMer0n 
							
						 
					 
					
						
						
							
						
						bfb687dfd5 
					 
					
						
						
							
							Session quick fix. Image resizing etc.  
						
						
						
						
					 
					
						2012-09-03 23:02:45 +00:00 
						 
				 
			
				
					
						
							
							
								CaMer0n 
							
						 
					 
					
						
						
							
						
						c7c9bfe517 
					 
					
						
						
							
							Increased session to 24 hours (prevent being logged-out every hour).  
						
						... 
						
						
						
						Recursive chmod added to Database Tools for correcting folder and file perms. 
						
						
					 
					
						2012-08-05 10:06:01 +00:00 
						 
				 
			
				
					
						
							
							
								CaMer0n 
							
						 
					 
					
						
						
							
						
						9937a9c0e2 
					 
					
						
						
							
							Disabled session-log and IP was not being stored at signup - fixed.  
						
						
						
						
					 
					
						2012-08-01 21:03:07 +00:00 
						 
				 
			
				
					
						
							
							
								secretr 
							
						 
					 
					
						
						
							
						
						a2dd8c47fd 
					 
					
						
						
							
							more session options from site preferences (not added to the preference UI yet)  
						
						
						
						
					 
					
						2012-02-20 14:55:16 +00:00 
						 
				 
			
				
					
						
							
							
								secretr 
							
						 
					 
					
						
						
							
						
						600e3aa12f 
					 
					
						
						
							
							e-token check method returns now boolean; comments e-token check refined  
						
						
						
						
					 
					
						2011-10-24 06:30:31 +00:00 
						 
				 
			
				
					
						
							
							
								CaMer0n 
							
						 
					 
					
						
						
							
						
						5afeed3353 
					 
					
						
						
							
							Session Object/Array conflict - Quick Fix.  
						
						
						
						
					 
					
						2011-05-04 21:18:04 +00:00 
						 
				 
			
				
					
						
							
							
								secretr 
							
						 
					 
					
						
						
							
						
						0c794e2fb4 
					 
					
						
						
							
							cross-browser cache issues  
						
						
						
						
					 
					
						2011-01-14 12:19:03 +00:00 
						 
				 
			
				
					
						
							
							
								secretr 
							
						 
					 
					
						
						
							
						
						51d6cb9fac 
					 
					
						
						
							
							EONE-134 - typo, thanks Andrew  
						
						
						
						
					 
					
						2010-10-27 11:33:59 +00:00 
						 
				 
			
				
					
						
							
							
								secretr 
							
						 
					 
					
						
						
							
						
						cd49c6c850 
					 
					
						
						
							
							New sessions related improvements/fixes; extra check in Site preferences area for cookie name - session/cookie regeneration, prevent logout; varoious redirection handler improvements plus new e107 method candidates - get/set/clear Cookies based on site preferences.  
						
						
						
						
					 
					
						2010-10-27 11:31:18 +00:00