From bf712c89b0a99cecac8067964fd16ccaabbeb785 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Sat, 22 Aug 2009 19:38:45 +0000 Subject: [PATCH] fixing a few more PHP5.3 problems, caused by PHP5.3 behavior to NOT register cookies in $_REQUEST any more by default (there's now a php.ini variable 'request_order' to controll that, but we want to work with a default configuraltion): - session restore was not working, as only $_REQUEST[sessionid] was checked - multi domain installs not working, as domain cookie was not checked - encrypted session were not working, because kp3 cookie was not checked --> there's now a static method egw_session::get_request($name), which checks $_REQUEST[$name], $_COOKIE[$name] and for that Safari bug also $_COOKIE[ucfirst($name)] --- logout.php | 4 +-- phpgwapi/inc/class.egw_session.inc.php | 37 +++++++++++++++++++------- phpgwapi/inc/functions.inc.php | 10 +++---- 3 files changed, 33 insertions(+), 18 deletions(-) diff --git a/logout.php b/logout.php index 423425023d..ae59097fb8 100755 --- a/logout.php +++ b/logout.php @@ -21,8 +21,8 @@ $GLOBALS['egw_info'] = array( ); include('./header.inc.php'); -$GLOBALS['sessionid'] = get_var('sessionid',array('GET','COOKIE')); -$GLOBALS['kp3'] = get_var('kp3',array('GET','COOKIE')); +$GLOBALS['sessionid'] = egw_session::get_sessionid('sessionid'); +$GLOBALS['kp3'] = egw_session::get_request('kp3'); $verified = $GLOBALS['egw']->session->verify(); diff --git a/phpgwapi/inc/class.egw_session.inc.php b/phpgwapi/inc/class.egw_session.inc.php index 4bcba2e251..ff8b1fa18f 100644 --- a/phpgwapi/inc/class.egw_session.inc.php +++ b/phpgwapi/inc/class.egw_session.inc.php @@ -173,7 +173,7 @@ class egw_session $this->required_files = $_SESSION[self::EGW_REQUIRED_FILES]; $this->sessionid = self::get_sessionid(); - $this->kp3 = $_REQUEST['kp3']; + $this->kp3 = self::get_request('kp3'); $this->egw_domains = $domain_names; @@ -346,7 +346,7 @@ class egw_session */ static function decrypt() { - if ($_SESSION[self::EGW_SESSION_ENCRYPTED] && self::init_crypt($_REQUEST['kp3'])) + if ($_SESSION[self::EGW_SESSION_ENCRYPTED] && self::init_crypt(self::get_request('kp3'))) { foreach(self::$egw_session_vars as $name) { @@ -758,6 +758,23 @@ class egw_session return $sessionid; } + /** + * Get request or cookie variable with higher precedence to $_REQUEST then $_COOKIE + * + * In php < 5.3 that's identical to $_REQUEST[$name], but php5.3+ does no longer register cookied in $_REQUEST by default + * + * As a workaround for a bug in Safari Version 3.2.1 (5525.27.1), where cookie first letter get's upcased, we check that too. + * + * @param string $name eg. 'kp3' or domain + * @return mixed null if it's neither set in $_REQUEST or $_COOKIE + */ + static function get_request($name) + { + return isset($_REQUEST[$name]) ? $_REQUEST[$name] : + (isset($_COOKIE[$name]) ? $_COOKIE[$name] : + (isset($_COOKIE[$name=ucfirst($name)]) ? $_COOKIE[$name] : null)); + } + /** * Check to see if a session is still current and valid * @@ -774,7 +791,7 @@ class egw_session if(!$sessionid) { $sessionid = self::get_sessionid(); - $kp3 = $_REQUEST['kp3']; + $kp3 = self::get_request('kp3'); } $this->sessionid = $sessionid; @@ -783,7 +800,7 @@ class egw_session if (!$this->sessionid) { - if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."('$sessionid')_REQUEST[sessionid]='$_REQUEST[sessionid]' No session ID"); + if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."('$sessionid') get_sessionid()='".self::get_sessionid()."' No session ID"); return false; } @@ -1242,7 +1259,7 @@ class egw_session * Search the instance matching the request * * @param string $login on login $_POST['login'], $_SERVER['PHP_AUTH_USER'] or $_SERVER['REMOTE_USER'] - * @param string $domain_requested usually $_REQUEST['domain'] + * @param string $domain_requested usually self::get_request('domain') * @param string &$default_domain usually $default_domain get's set eg. by sitemgr * @param string $server_name usually $_SERVER['SERVER_NAME'] * @param array $domains=null defaults to $GLOBALS['egw_domain'] from the header @@ -1436,14 +1453,14 @@ class egw_session if (($sessionid = self::get_sessionid())) { session_id($sessionid); - session_start(); + $ok = session_start(); self::decrypt(); if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."() sessionid=$sessionid, _SESSION[".self::EGW_SESSION_VAR.']='.array2string($_SESSION[self::EGW_SESSION_VAR])); + return $ok; } - else - { - if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."() no active session!"); - } + if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."() no active session!"); + + return false; } /** diff --git a/phpgwapi/inc/functions.inc.php b/phpgwapi/inc/functions.inc.php index 42bd864983..30a51935f7 100644 --- a/phpgwapi/inc/functions.inc.php +++ b/phpgwapi/inc/functions.inc.php @@ -52,11 +52,8 @@ if (!isset($GLOBALS['egw_info']['flags']['currentapp'])) require_once(EGW_API_INC.'/common_functions.inc.php'); -// init eGW's sessions-handler -egw_session::init_handler(); - -// check if we can restore the eGW enviroment from the php-session -if ($_REQUEST[egw_session::EGW_SESSION_NAME]) +// init eGW's sessions-handler and check if we can restore the eGW enviroment from the php-session +if (egw_session::init_handler()) { if ($GLOBALS['egw_info']['flags']['currentapp'] != 'login' && $GLOBALS['egw_info']['flags']['currentapp'] != 'logout') { @@ -108,9 +105,10 @@ print_debug('sane environment','messageonly','api'); /****************************************************************************\ * Multi-Domain support * \****************************************************************************/ + $GLOBALS['egw_info']['user']['domain'] = egw_session::search_instance( isset($_POST['login']) ? $_POST['login'] : (isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : $_SERVER['REMOTE_USER']), - $_REQUEST['domain'],$GLOBALS['egw_info']['server']['default_domain'],$_SERVER['SERVER_NAME'],$GLOBALS['egw_domain']); + egw_session::get_request('domain'),$GLOBALS['egw_info']['server']['default_domain'],$_SERVER['SERVER_NAME'],$GLOBALS['egw_domain']); $GLOBALS['egw_info']['server']['db_host'] = $GLOBALS['egw_domain'][$GLOBALS['egw_info']['user']['domain']]['db_host']; $GLOBALS['egw_info']['server']['db_port'] = $GLOBALS['egw_domain'][$GLOBALS['egw_info']['user']['domain']]['db_port'];