extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2025-01-13 09:28:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

"hopefully last fix for session encryption:

Browse Source 
- flag in session if it is encrypted to prevent calling the encryption more then once, which stalls the session-content
- egw_session::session_comit() method calls now encrypt() too, as it closes the session, before the destructor is called
- hack to fix PHP Fatal error: Cannot use string offset as an array, which happens sometime in felamimail under php5.2
- some more docu"
This commit is contained in:
Ralf Becker 2008-10-09 11:55:09 +00:00
parent d7f5835422
commit d9c93f845d
1 changed files with 45 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
phpgwapi/inc/class.egw_session.inc.php
View File

@ -226,11 +226,19 @@ class egw_session
ini_set('session.gc_maxlifetime', $GLOBALS['egw_info']['server']['sessions_timeout']); ini_set('session.gc_maxlifetime', $GLOBALS['egw_info']['server']['sessions_timeout']);
} }
/**
* Magic function called when this class get's restored from the session
*
*/
function __wakeup() function __wakeup()
{ {
ini_set('session.gc_maxlifetime', $GLOBALS['egw_info']['server']['sessions_timeout']); ini_set('session.gc_maxlifetime', $GLOBALS['egw_info']['server']['sessions_timeout']);
} }
/**
* Destructor
*
*/
function __destruct() function __destruct()
{ {
/* foreach($GLOBALS['egw'] as $name => &$value) /* foreach($GLOBALS['egw'] as $name => &$value)
@ -251,6 +259,19 @@ class egw_session
self::encrypt($this->kp3); self::encrypt($this->kp3);
} }
/**
* commit the sessiondata to storage
*
* It's necessary to use this function instead of session_write_close() direct, as otherwise the session is not encrypted!
*/
function commit_session()
{
error_log(__METHOD__);
self::encrypt($this->kp3);
session_write_close();
}
/** /**
* Keys of session variables which get encrypted * Keys of session variables which get encrypted
* *
@ -265,6 +286,11 @@ class egw_session
static $mcrypt; static $mcrypt;
/**
* Name of flag in session to signal it is encrypted or not
*/
const EGW_SESSION_ENCRYPTED = 'egw_session_encrypted';
/** /**
* Encrypt the variables in the session * Encrypt the variables in the session
* *
@ -272,7 +298,7 @@ class egw_session
*/ */
static function encrypt($kp3) static function encrypt($kp3)
{ {
if (self::init_crypt($kp3)) if (!isset($_SESSION[self::EGW_SESSION_ENCRYPTED]) && self::init_crypt($kp3))
{ {
foreach(self::$egw_session_vars as $name) foreach(self::$egw_session_vars as $name)
{ {
@ -282,6 +308,8 @@ class egw_session
//error_log(__METHOD__."() 'encrypting' session var: $name, len=".strlen($_SESSION[$name])); //error_log(__METHOD__."() 'encrypting' session var: $name, len=".strlen($_SESSION[$name]));
} }
} }
$_SESSION[self::EGW_SESSION_ENCRYPTED] = true; // flag session as encrypted
mcrypt_generic_deinit(self::$mcrypt); mcrypt_generic_deinit(self::$mcrypt);
self::$mcrypt = null; self::$mcrypt = null;
} }
@ -295,16 +323,17 @@ class egw_session
*/ */
static function decrypt() static function decrypt()
{ {
if (self::init_crypt($_REQUEST['kp3'])) if ($_SESSION[self::EGW_SESSION_ENCRYPTED] && self::init_crypt($_REQUEST['kp3']))
{ {
foreach(self::$egw_session_vars as $name) foreach(self::$egw_session_vars as $name)
{ {
if (isset($_SESSION[$name]) && $_SESSION[$name]) if (isset($_SESSION[$name]))
{ {
$_SESSION[$name] = unserialize($s = trim(mdecrypt_generic(self::$mcrypt,$_SESSION[$name]))); $_SESSION[$name] = unserialize(trim(mdecrypt_generic(self::$mcrypt,$_SESSION[$name])));
//error_log(__METHOD__."() 'decrypting' session var: gettype(_SESSION[$name]) = ".gettype($_SESSION[$name])); //error_log(__METHOD__."() 'decrypting' session var $name: gettype($name) = ".gettype($_SESSION[$name]));
} }
} }
unset($_SESSION[self::EGW_SESSION_ENCRYPTED]); // delete encryption flag
} }
} }
@ -1028,6 +1057,17 @@ class egw_session
} }
else else
{ {
// check if the app-session is set to something else then an array, if that's the case set it to an empty array
// otherwise you get a PHP Fatal error: Cannot use string offset as an array (happens sometimes in felamimail)
if (isset($_SESSION[self::EGW_APPSESSION_VAR][$appname]) && !is_array($_SESSION[self::EGW_APPSESSION_VAR][$appname]))
{
error_log(__METHOD__."($location,$appname,$data) gettype(_SESSION[self::EGW_APPSESSION_VAR][$appname])=".gettype($_SESSION[self::EGW_APPSESSION_VAR][$appname]).' --> set to array()!');
if (isset($_SESSION[self::EGW_APPSESSION_VAR]) && !is_array($_SESSION[self::EGW_APPSESSION_VAR]))
{
$_SESSION[self::EGW_APPSESSION_VAR] = array();
}
$_SESSION[self::EGW_APPSESSION_VAR][$appname] = array();
}
$_SESSION[self::EGW_APPSESSION_VAR][$appname][$location] =& $data; $_SESSION[self::EGW_APPSESSION_VAR][$appname][$location] =& $data;
$ret =& $_SESSION[self::EGW_APPSESSION_VAR][$appname][$location]; $ret =& $_SESSION[self::EGW_APPSESSION_VAR][$appname][$location];
} }
@ -1334,16 +1374,6 @@ class egw_session
* depricated functions, to be removed after 1.6 * depricated functions, to be removed after 1.6
*/ */
/**
* commit the sessiondata to storage
*
* @deprecated call session_write_close() direct, as we only support php sessions
*/
function commit_session()
{
session_write_close();
}
/** /**
* Delete all data from the session cache for a user * Delete all data from the session cache for a user
* *