mirror of
https://github.com/moodle/moodle.git
synced 2025-04-13 20:42:22 +02:00
MDL-28280 remove obsolete unmaintained $CFG->usesid
This commit is contained in:
Petr Skoda
parent
f6f6138379
commit
98eaf27e3c
@ -889,8 +889,6 @@ class auth_plugin_mnet extends auth_plugin_base {
|
||||
global $CFG, $DB;
|
||||
$remoteclient = get_mnet_remote_client();
|
||||
|
||||
$CFG->usesid = true;
|
||||
|
||||
// We don't want to output anything to the client machine
|
||||
$start = ob_start();
|
||||
|
||||
|
||||
@ -30,6 +30,14 @@
|
||||
|
||||
defined('MOODLE_INTERNAL') || die();
|
||||
|
||||
/**
|
||||
* Unsupported session id rewriting.
|
||||
* @deprecated
|
||||
* @param string $buffer
|
||||
*/
|
||||
function sid_ob_rewrite($buffer) {
|
||||
throw new coding_exception('$CFG->usesid support was removed completely and can not be used.');
|
||||
}
|
||||
|
||||
/**
|
||||
* Insert or update log display entry. Entry may already exist.
|
||||
|
||||
@ -915,10 +915,10 @@ function format_postdata_for_curlcall($postdata) {
|
||||
* @param int $connecttimeout timeout for connection to server; this is the timeout that
|
||||
* usually happens if the remote server is completely down (default 20 seconds);
|
||||
* may not work when using proxy
|
||||
* @param bool $skipcertverify If true, the peer's SSL certificate will not be checked.
|
||||
* @param bool $skipcertverify If true, the peer's SSL certificate will not be checked.
|
||||
* Only use this when already in a trusted location.
|
||||
* @param string $tofile store the downloaded content to file instead of returning it.
|
||||
* @param bool $calctimeout false by default, true enables an extra head request to try and determine
|
||||
* @param bool $calctimeout false by default, true enables an extra head request to try and determine
|
||||
* filesize and appropriately larger timeout based on $CFG->curltimeoutkbitrate
|
||||
* @return mixed false if request failed or content of the file as string if ok. True if file downloaded into $tofile successfully.
|
||||
*/
|
||||
@ -1788,14 +1788,7 @@ function send_file($path, $filename, $lifetime = 'default' , $filter=0, $pathiss
|
||||
}
|
||||
|
||||
if (empty($filter)) {
|
||||
if ($mimetype == 'text/html' && !empty($CFG->usesid)) {
|
||||
//cookieless mode - rewrite links
|
||||
header('Content-Type: text/html');
|
||||
$path = $pathisstring ? $path : implode('', file($path));
|
||||
$path = sid_ob_rewrite($path);
|
||||
$filesize = strlen($path);
|
||||
$pathisstring = true;
|
||||
} else if ($mimetype == 'text/plain') {
|
||||
if ($mimetype == 'text/plain') {
|
||||
header('Content-Type: Text/plain; charset=utf-8'); //add encoding
|
||||
} else {
|
||||
header('Content-Type: '.$mimetype);
|
||||
@ -1822,10 +1815,6 @@ function send_file($path, $filename, $lifetime = 'default' , $filter=0, $pathiss
|
||||
|
||||
$text = file_modify_html_header($text);
|
||||
$output = format_text($text, FORMAT_HTML, $options, $COURSE->id);
|
||||
if (!empty($CFG->usesid)) {
|
||||
//cookieless mode - rewrite links
|
||||
$output = sid_ob_rewrite($output);
|
||||
}
|
||||
|
||||
header('Content-Length: '.strlen($output));
|
||||
header('Content-Type: text/html');
|
||||
@ -1843,10 +1832,6 @@ function send_file($path, $filename, $lifetime = 'default' , $filter=0, $pathiss
|
||||
$options->noclean = true;
|
||||
$text = htmlentities($pathisstring ? $path : implode('', file($path)));
|
||||
$output = '<pre>'. format_text($text, FORMAT_MOODLE, $options, $COURSE->id) .'</pre>';
|
||||
if (!empty($CFG->usesid)) {
|
||||
//cookieless mode - rewrite links
|
||||
$output = sid_ob_rewrite($output);
|
||||
}
|
||||
|
||||
header('Content-Length: '.strlen($output));
|
||||
header('Content-Type: text/html; charset=utf-8'); //add encoding
|
||||
@ -2004,14 +1989,7 @@ function send_stored_file($stored_file, $lifetime=86400 , $filter=0, $forcedownl
|
||||
|
||||
if (empty($filter)) {
|
||||
$filtered = false;
|
||||
if ($mimetype == 'text/html' && !empty($CFG->usesid)) {
|
||||
//cookieless mode - rewrite links
|
||||
header('Content-Type: text/html');
|
||||
$text = $stored_file->get_content();
|
||||
$text = sid_ob_rewrite($text);
|
||||
$filesize = strlen($text);
|
||||
$filtered = true;
|
||||
} else if ($mimetype == 'text/plain') {
|
||||
if ($mimetype == 'text/plain') {
|
||||
header('Content-Type: Text/plain; charset=utf-8'); //add encoding
|
||||
} else {
|
||||
header('Content-Type: '.$mimetype);
|
||||
@ -2037,10 +2015,6 @@ function send_stored_file($stored_file, $lifetime=86400 , $filter=0, $forcedownl
|
||||
$text = $stored_file->get_content();
|
||||
$text = file_modify_html_header($text);
|
||||
$output = format_text($text, FORMAT_HTML, $options, $COURSE->id);
|
||||
if (!empty($CFG->usesid)) {
|
||||
//cookieless mode - rewrite links
|
||||
$output = sid_ob_rewrite($output);
|
||||
}
|
||||
|
||||
header('Content-Length: '.strlen($output));
|
||||
header('Content-Type: text/html');
|
||||
@ -2059,10 +2033,6 @@ function send_stored_file($stored_file, $lifetime=86400 , $filter=0, $forcedownl
|
||||
$options->noclean = true;
|
||||
$text = $stored_file->get_content();
|
||||
$output = '<pre>'. format_text($text, FORMAT_MOODLE, $options, $COURSE->id) .'</pre>';
|
||||
if (!empty($CFG->usesid)) {
|
||||
//cookieless mode - rewrite links
|
||||
$output = sid_ob_rewrite($output);
|
||||
}
|
||||
|
||||
header('Content-Length: '.strlen($output));
|
||||
header('Content-Type: text/html; charset=utf-8'); //add encoding
|
||||
|
||||
@ -106,8 +106,6 @@ abstract class session_stub implements moodle_session {
|
||||
|
||||
if (NO_MOODLE_COOKIES) {
|
||||
// session not used at all
|
||||
$CFG->usesid = 0;
|
||||
|
||||
$_SESSION = array();
|
||||
$_SESSION['SESSION'] = new stdClass();
|
||||
$_SESSION['USER'] = new stdClass();
|
||||
@ -118,12 +116,7 @@ abstract class session_stub implements moodle_session {
|
||||
|
||||
$newsession = empty($_COOKIE['MoodleSession'.$CFG->sessioncookie]);
|
||||
|
||||
if (!empty($CFG->usesid) && $newsession) {
|
||||
sid_start_ob();
|
||||
} else {
|
||||
$CFG->usesid = 0;
|
||||
ini_set('session.use_trans_sid', '0');
|
||||
}
|
||||
ini_set('session.use_trans_sid', '0');
|
||||
|
||||
session_name('MoodleSession'.$CFG->sessioncookie);
|
||||
session_set_cookie_params(0, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure, $CFG->cookiehttponly);
|
||||
@ -294,13 +287,12 @@ abstract class session_stub implements moodle_session {
|
||||
}
|
||||
|
||||
//discard session ID from POST, GET and globals to tighten security,
|
||||
//this session fixation prevention can not be used in cookieless mode
|
||||
if (empty($CFG->usesid)) {
|
||||
unset(${'MoodleSession'.$CFG->sessioncookie});
|
||||
unset($_GET['MoodleSession'.$CFG->sessioncookie]);
|
||||
unset($_POST['MoodleSession'.$CFG->sessioncookie]);
|
||||
unset($_REQUEST['MoodleSession'.$CFG->sessioncookie]);
|
||||
}
|
||||
//this is session fixation prevention
|
||||
unset(${'MoodleSession'.$CFG->sessioncookie});
|
||||
unset($_GET['MoodleSession'.$CFG->sessioncookie]);
|
||||
unset($_POST['MoodleSession'.$CFG->sessioncookie]);
|
||||
unset($_REQUEST['MoodleSession'.$CFG->sessioncookie]);
|
||||
|
||||
//compatibility hack for Moodle Cron, cookies not deleted, but set to "deleted" - should not be needed with NO_MOODLE_COOKIES in cron.php now
|
||||
if (!empty($_COOKIE['MoodleSession'.$CFG->sessioncookie]) && $_COOKIE['MoodleSession'.$CFG->sessioncookie] == "deleted") {
|
||||
unset($_COOKIE['MoodleSession'.$CFG->sessioncookie]);
|
||||
@ -973,141 +965,3 @@ function cron_setup_user($user = NULL, $course = NULL) {
|
||||
// TODO: it should be possible to improve perf by caching some limited number of users here ;-)
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Enable cookieless sessions by including $CFG->usesid=true;
|
||||
* in config.php.
|
||||
* Based on code from php manual by Richard at postamble.co.uk
|
||||
* Attempts to use cookies if cookies not present then uses session ids attached to all urls and forms to pass session id from page to page.
|
||||
* If site is open to google, google is given guest access as usual and there are no sessions. No session ids will be attached to urls for googlebot.
|
||||
* This doesn't require trans_sid to be turned on but this is recommended for better performance
|
||||
* you should put :
|
||||
* session.use_trans_sid = 1
|
||||
* in your php.ini file and make sure that you don't have a line like this in your php.ini
|
||||
* session.use_only_cookies = 1
|
||||
* @author Richard at postamble.co.uk and Jamie Pratt
|
||||
* @license http://www.gnu.org/copyleft/gpl.html GNU Public License
|
||||
*/
|
||||
/**
|
||||
* You won't call this function directly. This function is used to process
|
||||
* text buffered by php in an output buffer. All output is run through this function
|
||||
* before it is ouput.
|
||||
* @param string $buffer is the output sent from php
|
||||
* @return string the output sent to the browser
|
||||
*/
|
||||
function sid_ob_rewrite($buffer){
|
||||
$replacements = array(
|
||||
'/(<\s*(a|link|script|frame|area)\s[^>]*(href|src)\s*=\s*")([^"]*)(")/i',
|
||||
'/(<\s*(a|link|script|frame|area)\s[^>]*(href|src)\s*=\s*\')([^\']*)(\')/i');
|
||||
|
||||
$buffer = preg_replace_callback($replacements, 'sid_rewrite_link_tag', $buffer);
|
||||
$buffer = preg_replace('/<form\s[^>]*>/i',
|
||||
'\0<input type="hidden" name="' . session_name() . '" value="' . session_id() . '"/>', $buffer);
|
||||
|
||||
return $buffer;
|
||||
}
|
||||
/**
|
||||
* You won't call this function directly. This function is used to process
|
||||
* text buffered by php in an output buffer. All output is run through this function
|
||||
* before it is ouput.
|
||||
* This function only processes absolute urls, it is used when we decide that
|
||||
* php is processing other urls itself but needs some help with internal absolute urls still.
|
||||
* @param string $buffer is the output sent from php
|
||||
* @return string the output sent to the browser
|
||||
*/
|
||||
function sid_ob_rewrite_absolute($buffer){
|
||||
$replacements = array(
|
||||
'/(<\s*(a|link|script|frame|area)\s[^>]*(href|src)\s*=\s*")((?:http|https)[^"]*)(")/i',
|
||||
'/(<\s*(a|link|script|frame|area)\s[^>]*(href|src)\s*=\s*\')((?:http|https)[^\']*)(\')/i');
|
||||
|
||||
$buffer = preg_replace_callback($replacements, 'sid_rewrite_link_tag', $buffer);
|
||||
$buffer = preg_replace('/<form\s[^>]*>/i',
|
||||
'\0<input type="hidden" name="' . session_name() . '" value="' . session_id() . '"/>', $buffer);
|
||||
return $buffer;
|
||||
}
|
||||
|
||||
/**
|
||||
* A function to process link, a and script tags found
|
||||
* by preg_replace_callback in {@link sid_ob_rewrite($buffer)}.
|
||||
*/
|
||||
function sid_rewrite_link_tag($matches){
|
||||
$url = $matches[4];
|
||||
$url = sid_process_url($url);
|
||||
return $matches[1].$url.$matches[5];
|
||||
}
|
||||
|
||||
/**
|
||||
* You can call this function directly. This function is used to process
|
||||
* urls to add a moodle session id to the url for internal links.
|
||||
* @param string $url is a url
|
||||
* @return string the processed url
|
||||
*/
|
||||
function sid_process_url($url) {
|
||||
global $CFG;
|
||||
|
||||
if ((preg_match('/^(http|https):/i', $url)) // absolute url
|
||||
&& ((stripos($url, $CFG->wwwroot)!==0) && stripos($url, $CFG->httpswwwroot)!==0)) { // and not local one
|
||||
return $url; //don't attach sessid to non local urls
|
||||
}
|
||||
if ($url[0]=='#' || (stripos($url, 'javascript:')===0)) {
|
||||
return $url; //don't attach sessid to anchors
|
||||
}
|
||||
if (strpos($url, session_name())!==FALSE) {
|
||||
return $url; //don't attach sessid to url that already has one sessid
|
||||
}
|
||||
if (strpos($url, "?")===FALSE) {
|
||||
$append = "?".strip_tags(session_name() . '=' . session_id());
|
||||
} else {
|
||||
$append = "&".strip_tags(session_name() . '=' . session_id());
|
||||
}
|
||||
//put sessid before any anchor
|
||||
$p = strpos($url, "#");
|
||||
if ($p!==FALSE){
|
||||
$anch = substr($url, $p);
|
||||
$url = substr($url, 0, $p).$append.$anch ;
|
||||
} else {
|
||||
$url .= $append ;
|
||||
}
|
||||
return $url;
|
||||
}
|
||||
|
||||
/**
|
||||
* Call this function before there has been any output to the browser to
|
||||
* buffer output and add session ids to all internal links.
|
||||
*/
|
||||
function sid_start_ob(){
|
||||
global $CFG;
|
||||
//don't attach sess id for bots
|
||||
|
||||
if (!empty($_SERVER['HTTP_USER_AGENT'])) {
|
||||
if (!empty($CFG->opentogoogle)) {
|
||||
if (strpos($_SERVER['HTTP_USER_AGENT'], 'Googlebot') !== false) {
|
||||
@ini_set('session.use_trans_sid', '0'); // try and turn off trans_sid
|
||||
$CFG->usesid=false;
|
||||
return;
|
||||
}
|
||||
if (strpos($_SERVER['HTTP_USER_AGENT'], 'google.com') !== false) {
|
||||
@ini_set('session.use_trans_sid', '0'); // try and turn off trans_sid
|
||||
$CFG->usesid=false;
|
||||
return;
|
||||
}
|
||||
}
|
||||
if (strpos($_SERVER['HTTP_USER_AGENT'], 'W3C_Validator') !== false) {
|
||||
@ini_set('session.use_trans_sid', '0'); // try and turn off trans_sid
|
||||
$CFG->usesid=false;
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
@ini_set('session.use_trans_sid', '1'); // try and turn on trans_sid
|
||||
|
||||
if (ini_get('session.use_trans_sid') != 0) {
|
||||
// use trans sid as its available
|
||||
ini_set('url_rewriter.tags', 'a=href,area=href,script=src,link=href,frame=src,form=fakeentry');
|
||||
ob_start('sid_ob_rewrite_absolute');
|
||||
} else {
|
||||
//rewrite all links ourselves
|
||||
ob_start('sid_ob_rewrite');
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -2395,10 +2395,6 @@ function redirect($url, $message='', $delay=-1) {
|
||||
$url = $url->out(false);
|
||||
}
|
||||
|
||||
if (!empty($CFG->usesid) && !isset($_COOKIE[session_name()])) {
|
||||
$url = $SESSION->sid_process_url($url);
|
||||
}
|
||||
|
||||
$debugdisableredirect = false;
|
||||
do {
|
||||
if (defined('DEBUGGING_PRINTED')) {
|
||||
|
||||
@ -17,11 +17,9 @@ if ($show_instructions) {
|
||||
<div class="desc">
|
||||
<?php
|
||||
print_string("loginusing");
|
||||
if (empty($CFG->usesid)) {
|
||||
echo '<br/>';
|
||||
echo '('.get_string("cookiesenabled").')';
|
||||
echo $OUTPUT->help_icon('cookiesenabled');
|
||||
}
|
||||
echo '<br/>';
|
||||
echo '('.get_string("cookiesenabled").')';
|
||||
echo $OUTPUT->help_icon('cookiesenabled');
|
||||
?>
|
||||
</div>
|
||||
<?php
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user