fixing a few more PHP5.3 problems, caused by PHP5.3 behavior to NOT

register cookies in $_REQUEST any more by default (there's now a php.ini
variable 'request_order' to controll that, but we want to work with a
default configuraltion):
- session restore was not working, as only $_REQUEST[sessionid] was
  checked
- multi domain installs not working, as domain cookie was not checked
- encrypted session were not working, because kp3 cookie was not checked
--> there's now a static method egw_session::get_request($name), which
checks $_REQUEST[$name], $_COOKIE[$name] and for that Safari bug also
$_COOKIE[ucfirst($name)]
This commit is contained in:
Ralf Becker 2009-08-22 19:41:08 +00:00
parent f1f2b4f956
commit 22b8623913
3 changed files with 32 additions and 21 deletions

View File

@ -21,8 +21,8 @@ $GLOBALS['egw_info'] = array(
); );
include('./header.inc.php'); include('./header.inc.php');
$GLOBALS['sessionid'] = get_var('sessionid',array('GET','COOKIE')); $GLOBALS['sessionid'] = egw_session::get_sessionid('sessionid');
$GLOBALS['kp3'] = get_var('kp3',array('GET','COOKIE')); $GLOBALS['kp3'] = egw_session::get_request('kp3');
$verified = $GLOBALS['egw']->session->verify(); $verified = $GLOBALS['egw']->session->verify();

View File

@ -163,7 +163,7 @@ class egw_session
$this->required_files = $_SESSION[self::EGW_REQUIRED_FILES]; $this->required_files = $_SESSION[self::EGW_REQUIRED_FILES];
$this->sessionid = self::get_sessionid(); $this->sessionid = self::get_sessionid();
$this->kp3 = $_REQUEST['kp3']; $this->kp3 = self::get_request('kp3');
$this->egw_domains = $domain_names; $this->egw_domains = $domain_names;
@ -336,7 +336,7 @@ class egw_session
*/ */
static function decrypt() static function decrypt()
{ {
if ($_SESSION[self::EGW_SESSION_ENCRYPTED] && self::init_crypt($_REQUEST['kp3'])) if ($_SESSION[self::EGW_SESSION_ENCRYPTED] && self::init_crypt(self::get_request('kp3')))
{ {
foreach(self::$egw_session_vars as $name) foreach(self::$egw_session_vars as $name)
{ {
@ -753,6 +753,23 @@ class egw_session
return $sessionid; return $sessionid;
} }
/**
* Get request or cookie variable with higher precedence to $_REQUEST then $_COOKIE
*
* In php < 5.3 that's identical to $_REQUEST[$name], but php5.3+ does no longer register cookied in $_REQUEST by default
*
* As a workaround for a bug in Safari Version 3.2.1 (5525.27.1), where cookie first letter get's upcased, we check that too.
*
* @param string $name eg. 'kp3' or domain
* @return mixed null if it's neither set in $_REQUEST or $_COOKIE
*/
static function get_request($name)
{
return isset($_REQUEST[$name]) ? $_REQUEST[$name] :
(isset($_COOKIE[$name]) ? $_COOKIE[$name] :
(isset($_COOKIE[$name=ucfirst($name)]) ? $_COOKIE[$name] : null));
}
/** /**
* Check to see if a session is still current and valid * Check to see if a session is still current and valid
* *
@ -769,7 +786,7 @@ class egw_session
if(!$sessionid) if(!$sessionid)
{ {
$sessionid = self::get_sessionid(); $sessionid = self::get_sessionid();
$kp3 = $_REQUEST['kp3']; $kp3 = self::get_request('kp3');
} }
$this->sessionid = $sessionid; $this->sessionid = $sessionid;
@ -778,7 +795,7 @@ class egw_session
if (!$this->sessionid) if (!$this->sessionid)
{ {
if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."('$sessionid')_REQUEST[sessionid]='$_REQUEST[sessionid]' No session ID"); if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."('$sessionid') get_sessionid()='".self::get_sessionid()."' No session ID");
return false; return false;
} }
@ -1237,7 +1254,7 @@ class egw_session
* Search the instance matching the request * Search the instance matching the request
* *
* @param string $login on login $_POST['login'], $_SERVER['PHP_AUTH_USER'] or $_SERVER['REMOTE_USER'] * @param string $login on login $_POST['login'], $_SERVER['PHP_AUTH_USER'] or $_SERVER['REMOTE_USER']
* @param string $domain_requested usually $_REQUEST['domain'] * @param string $domain_requested usually self::get_request('domain')
* @param string &$default_domain usually $default_domain get's set eg. by sitemgr * @param string &$default_domain usually $default_domain get's set eg. by sitemgr
* @param string $server_name usually $_SERVER['SERVER_NAME'] * @param string $server_name usually $_SERVER['SERVER_NAME']
* @param array $domains=null defaults to $GLOBALS['egw_domain'] from the header * @param array $domains=null defaults to $GLOBALS['egw_domain'] from the header
@ -1431,14 +1448,14 @@ class egw_session
if (($sessionid = self::get_sessionid())) if (($sessionid = self::get_sessionid()))
{ {
session_id($sessionid); session_id($sessionid);
session_start(); $ok = session_start();
self::decrypt(); self::decrypt();
if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."() sessionid=$sessionid, _SESSION[".self::EGW_SESSION_VAR.']='.array2string($_SESSION[self::EGW_SESSION_VAR])); if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."() sessionid=$sessionid, _SESSION[".self::EGW_SESSION_VAR.']='.array2string($_SESSION[self::EGW_SESSION_VAR]));
return $ok;
} }
else
{
if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."() no active session!"); if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."() no active session!");
}
return false;
} }
/** /**

View File

@ -52,11 +52,8 @@ if (!isset($GLOBALS['egw_info']['flags']['currentapp']))
require_once(EGW_API_INC.'/common_functions.inc.php'); require_once(EGW_API_INC.'/common_functions.inc.php');
// init eGW's sessions-handler // init eGW's sessions-handler and check if we can restore the eGW enviroment from the php-session
egw_session::init_handler(); if (egw_session::init_handler())
// check if we can restore the eGW enviroment from the php-session
if ($_REQUEST[egw_session::EGW_SESSION_NAME])
{ {
if ($GLOBALS['egw_info']['flags']['currentapp'] != 'login' && $GLOBALS['egw_info']['flags']['currentapp'] != 'logout') if ($GLOBALS['egw_info']['flags']['currentapp'] != 'login' && $GLOBALS['egw_info']['flags']['currentapp'] != 'logout')
{ {
@ -109,12 +106,9 @@ print_debug('sane environment','messageonly','api');
* Multi-Domain support * * Multi-Domain support *
\****************************************************************************/ \****************************************************************************/
// Work around bug in Safari Version 3.2.1 (5525.27.1) where cookie named domain is called Domain
if($_REQUEST['Domain']) $_REQUEST['domain'] = $_REQUEST['Domain'];
$GLOBALS['egw_info']['user']['domain'] = egw_session::search_instance( $GLOBALS['egw_info']['user']['domain'] = egw_session::search_instance(
isset($_POST['login']) ? $_POST['login'] : (isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : $_SERVER['REMOTE_USER']), isset($_POST['login']) ? $_POST['login'] : (isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : $_SERVER['REMOTE_USER']),
$_REQUEST['domain'],$GLOBALS['egw_info']['server']['default_domain'],$_SERVER['SERVER_NAME'],$GLOBALS['egw_domain']); egw_session::get_request('domain'),$GLOBALS['egw_info']['server']['default_domain'],$_SERVER['SERVER_NAME'],$GLOBALS['egw_domain']);
$GLOBALS['egw_info']['server']['db_host'] = $GLOBALS['egw_domain'][$GLOBALS['egw_info']['user']['domain']]['db_host']; $GLOBALS['egw_info']['server']['db_host'] = $GLOBALS['egw_domain'][$GLOBALS['egw_info']['user']['domain']]['db_host'];
$GLOBALS['egw_info']['server']['db_port'] = $GLOBALS['egw_domain'][$GLOBALS['egw_info']['user']['domain']]['db_port']; $GLOBALS['egw_info']['server']['db_port'] = $GLOBALS['egw_domain'][$GLOBALS['egw_info']['user']['domain']]['db_port'];