mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-14 04:52:36 +02:00
Code Issues Projects Releases Wiki Activity

MDL-14992 refactored use of session_write_close()

Browse Source
This commit is contained in:
skodak 2009-01-17 15:25:08 +00:00
parent ef159e5f99
commit 56949c17de
15 changed files with 81 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
admin/cron.php
View File

@ -37,7 +37,7 @@
}
/// extra safety
@session_write_close();
@session_get_instance()->write_close();
/// check if execution allowed
if (isset($_SERVER['REMOTE_ADDR'])) { // if the script is accessed via the web.

4
admin/dbtransfer/lib.php
View File

@ -24,7 +24,7 @@ require_once($CFG->libdir.'/dtllib.php');
function dbtransfer_export_xml_database($description, $mdb) {
@set_time_limit(0);
session_write_close(); // release session
session_get_instance()->write_close(); // release session
header('Content-Type: application/xhtml+xml');
header('Content-Disposition: attachment; filename=database.xml');
@ -45,7 +45,7 @@ function dbtransfer_export_xml_database($description, $mdb) {
function dbtransfer_transfer_database($sourcedb, $targetdb) {
@set_time_limit(0);
session_write_close(); // release session
session_get_instance()->write_close(); // release session
$var = new database_mover($sourcedb, $targetdb);
$var->export_database(null);

2
course/report/log/index.php
View File

@ -56,7 +56,7 @@
$stradministration = get_string('administration');
$strreports = get_string('reports');
session_write_close();
session_get_instance()->write_close();
$navlinks = array();

2
course/report/log/live.php
View File

@ -18,7 +18,7 @@
add_to_log($course->id, "course", "report live", "report/log/live.php?id=$course->id", $course->id);
session_write_close();
session_get_instance()->write_close();
// we override the default framename so header/footer
// links open in a new window

2
draftfile.php
View File

@ -62,5 +62,5 @@
// ========================================
// finally send the file
// ========================================
session_write_close(); // unlock session during fileserving
session_get_instance()->write_close(); // unlock session during fileserving
send_stored_file($file, 0, false, true); // force download - security first!

2
file.php
View File

@ -93,7 +93,7 @@
// ========================================
// finally send the file
// ========================================
session_write_close(); // unlock session during fileserving
session_get_instance()->write_close(); // unlock session during fileserving
send_stored_file($file, $lifetime, $CFG->filteruploadedfiles, $forcedownload);

2
lib/dml/moodle_database.php
View File

@ -246,7 +246,7 @@ abstract class moodle_database {
public function dispose() {
if ($this->used_for_db_sessions) {
// this is needed because we need to save session to db before closing it
session_write_close();
session_get_instance()->write_close();
$this->used_for_db_sessions = false;
}
if ($this->database_manager) {

6
lib/filelib.php
View File

@ -787,7 +787,7 @@ function send_temp_file($path, $filename, $pathisstring=false) {
global $CFG;
// close session - not needed anymore
@session_write_close();
@session_get_instance()->write_close();
if (!$pathisstring) {
if (!file_exists($path)) {
@ -874,7 +874,7 @@ function send_file($path, $filename, $lifetime = 'default' , $filter=0, $pathiss
}
}
session_write_close(); // unlock session during fileserving
session_get_instance()->write_close(); // unlock session during fileserving
// Use given MIME type if specified, otherwise guess it using mimeinfo.
// IE, Konqueror and Opera open html file directly in browser from web even when directed to save it to disk :-O
@ -1078,7 +1078,7 @@ function send_stored_file($stored_file, $lifetime=86400 , $filter=0, $forcedownl
ignore_user_abort(true);
}
session_write_close(); // unlock session during fileserving
session_get_instance()->write_close(); // unlock session during fileserving
// Use given MIME type if specified, otherwise guess it using mimeinfo.
// IE, Konqueror and Opera open html file directly in browser from web even when directed to save it to disk :-O

2
lib/moodlelib.php
View File

@ -2182,7 +2182,7 @@ function require_logout() {
}
}
session_get_instance()->terminate();
session_get_instance()->terminate_current();
}
/**

92
lib/sessionlib.php
View File

@ -33,7 +33,19 @@ function session_get_instance() {
}
interface moodle_session {
public function terminate();
/**
* Terminate current session
* @return void
*/
public function terminate_current();
/**
* No more changes in session expected.
* Unblocks the sesions, other scripts may start executing in parallel.
* @return void
*/
public function write_close();
}
/**
@ -87,6 +99,52 @@ abstract class session_stub implements moodle_session {
$this->check_security();
}
/**
* Terminates active moodle session
*/
public function terminate_current() {
global $CFG, $SESSION, $USER;
if (NO_MOODLE_COOKIES) {
return;
}
$_SESSION = array();
$SESSION = new object();
$USER = new object();
$USER->id = 0;
if (isset($CFG->mnet_localhost_id)) {
$USER->mnethostid = $CFG->mnet_localhost_id;
}
// Initialize variable to pass-by-reference to headers_sent(&$file, &$line)
$file = null;
$line = null;
if (headers_sent($file, $line)) {
error_log('Can not terminate session properly - headers were already sent in file: '.$file.' on line '.$line);
}
// now let's try to get a new session id and destroy the old one
@session_regenerate_id(true);
// close the session
@session_write_close();
}
/**
* No more changes in session expected.
* Unblocks the sesions, other scripts may start executing in parallel.
* @return void
*/
public function write_close() {
if (NO_MOODLE_COOKIES) {
return;
}
session_write_close();
}
/**
* Initialise $USER object, handles google access.
*
@ -158,41 +216,12 @@ abstract class session_stub implements moodle_session {
if ($_SESSION['USER']->sessionip != $remoteaddr) {
// this is a security feature - terminate the session in case of any doubt
$this->terminate();
$this->terminate_current();
print_error('sessionipnomatch2', 'error');
}
}
}
/**
* Terminates active moodle session
*/
public function terminate() {
global $CFG, $SESSION, $USER;
$_SESSION = array();
$SESSION = new object();
$USER = new object();
$USER->id = 0;
if (isset($CFG->mnet_localhost_id)) {
$USER->mnethostid = $CFG->mnet_localhost_id;
}
// Initialize variable to pass-by-reference to headers_sent(&$file, &$line)
$file = null;
$line = null;
if (headers_sent($file, $line)) {
error_log('Can not terminate session properly - headers were already sent in file: '.$file.' on line '.$line);
}
// now let's try to get a new session id and destroy the old one
@session_regenerate_id(true);
// close the session
@session_write_close();
}
/**
* Prepare cookies and varions system settings
*/
@ -268,6 +297,7 @@ class legacy_file_session extends session_stub {
}
ini_set('session.save_path', $CFG->dataroot .'/sessions');
}
}
/**

2
mod/chat/gui_ajax/post.php
View File

@ -29,7 +29,7 @@ if (!$cm = get_coursemodule_from_instance('chat', $chat->id, $course->id)) {
if (isguest()) {
chat_print_error('ERROR', get_string('notlogged','chat'));
}
session_write_close();
session_get_instance()->write_close();
chat_delete_old_users();
$chat_message = clean_text($chat_message, FORMAT_MOODLE);

2
mod/chat/gui_header_js/insert.php
View File

@ -28,7 +28,7 @@
print_error('noguests');
}
session_write_close();
session_get_instance()->write_close();
/// Delete old users now

8
pluginfile.php
View File

@ -103,7 +103,7 @@
send_file_not_found();
}
session_write_close(); // unlock session during fileserving
session_get_instance()->write_close(); // unlock session during fileserving
send_stored_file($file, 60*60, 0, $forcedownload);
@ -123,7 +123,7 @@
send_file_not_found();
}
session_write_close(); // unlock session during fileserving
session_get_instance()->write_close(); // unlock session during fileserving
send_stored_file($file, 0, 0, true);
} else if ($filearea === 'course_intro') {
@ -138,7 +138,7 @@
send_file_not_found();
}
session_write_close(); // unlock session during fileserving
session_get_instance()->write_close(); // unlock session during fileserving
send_stored_file($file, 60*60, 0, false); // TODO: change timeout?
} else if ($filearea === 'user_profile') {
@ -175,7 +175,7 @@
send_file_not_found();
}
session_write_close(); // unlock session during fileserving
session_get_instance()->write_close(); // unlock session during fileserving
send_stored_file($file, 0, 0, true); // must force download - security!
} else {

2
question/file.php
View File

@ -71,7 +71,7 @@
}
// send the file
session_write_close(); // unlock session during fileserving
session_get_instance()->write_close(); // unlock session during fileserving
$filename = $args[count($args)-1];
send_file($pathname, $filename, $lifetime, $CFG->filteruploadedfiles, false, $forcedownload);
} else {

2
userfile.php
View File

@ -83,5 +83,5 @@
// ========================================
// finally send the file
// ========================================
session_write_close(); // unlock session during fileserving
session_get_instance()->write_close(); // unlock session during fileserving
send_stored_file($file, 0, false, $forcedownload);