forked from extern/egroupware
fixing a few more PHP5.3 problems, caused by PHP5.3 behavior to NOT
register cookies in $_REQUEST any more by default (there's now a php.ini variable 'request_order' to controll that, but we want to work with a default configuraltion): - session restore was not working, as only $_REQUEST[sessionid] was checked - multi domain installs not working, as domain cookie was not checked - encrypted session were not working, because kp3 cookie was not checked --> there's now a static method egw_session::get_request($name), which checks $_REQUEST[$name], $_COOKIE[$name] and for that Safari bug also $_COOKIE[ucfirst($name)]
This commit is contained in:
Ralf Becker
parent
6d78b5ce58
commit
cdd5103888
@ -314,7 +314,7 @@ else
|
||||
|
||||
if(!$GLOBALS['egw_info']['server']['disable_autoload_langfiles'])
|
||||
{
|
||||
$GLOBALS['egw']->translation->autoload_changed_langfiles();
|
||||
translation::autoload_changed_langfiles();
|
||||
}
|
||||
$forward = isset($_GET['phpgw_forward']) ? urldecode($_GET['phpgw_forward']) : @$_POST['phpgw_forward'];
|
||||
if (!$forward)
|
||||
|
||||
@ -21,8 +21,8 @@ $GLOBALS['egw_info'] = array(
|
||||
);
|
||||
include('./header.inc.php');
|
||||
|
||||
$GLOBALS['sessionid'] = get_var('sessionid',array('GET','COOKIE'));
|
||||
$GLOBALS['kp3'] = get_var('kp3',array('GET','COOKIE'));
|
||||
$GLOBALS['sessionid'] = egw_session::get_sessionid('sessionid');
|
||||
$GLOBALS['kp3'] = egw_session::get_request('kp3');
|
||||
|
||||
$verified = $GLOBALS['egw']->session->verify();
|
||||
|
||||
|
||||
@ -163,7 +163,7 @@ class egw_session
|
||||
$this->required_files = $_SESSION[self::EGW_REQUIRED_FILES];
|
||||
|
||||
$this->sessionid = self::get_sessionid();
|
||||
$this->kp3 = $_REQUEST['kp3'];
|
||||
$this->kp3 = self::get_request('kp3');
|
||||
|
||||
$this->egw_domains = $domain_names;
|
||||
|
||||
@ -336,7 +336,7 @@ class egw_session
|
||||
*/
|
||||
static function decrypt()
|
||||
{
|
||||
if ($_SESSION[self::EGW_SESSION_ENCRYPTED] && self::init_crypt($_REQUEST['kp3']))
|
||||
if ($_SESSION[self::EGW_SESSION_ENCRYPTED] && self::init_crypt(self::get_request('kp3')))
|
||||
{
|
||||
foreach(self::$egw_session_vars as $name)
|
||||
{
|
||||
@ -753,6 +753,23 @@ class egw_session
|
||||
return $sessionid;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get request or cookie variable with higher precedence to $_REQUEST then $_COOKIE
|
||||
*
|
||||
* In php < 5.3 that's identical to $_REQUEST[$name], but php5.3+ does no longer register cookied in $_REQUEST by default
|
||||
*
|
||||
* As a workaround for a bug in Safari Version 3.2.1 (5525.27.1), where cookie first letter get's upcased, we check that too.
|
||||
*
|
||||
* @param string $name eg. 'kp3' or domain
|
||||
* @return mixed null if it's neither set in $_REQUEST or $_COOKIE
|
||||
*/
|
||||
static function get_request($name)
|
||||
{
|
||||
return isset($_REQUEST[$name]) ? $_REQUEST[$name] :
|
||||
(isset($_COOKIE[$name]) ? $_COOKIE[$name] :
|
||||
(isset($_COOKIE[$name=ucfirst($name)]) ? $_COOKIE[$name] : null));
|
||||
}
|
||||
|
||||
/**
|
||||
* Check to see if a session is still current and valid
|
||||
*
|
||||
@ -769,7 +786,7 @@ class egw_session
|
||||
if(!$sessionid)
|
||||
{
|
||||
$sessionid = self::get_sessionid();
|
||||
$kp3 = $_REQUEST['kp3'];
|
||||
$kp3 = self::get_request('kp3');
|
||||
}
|
||||
|
||||
$this->sessionid = $sessionid;
|
||||
@ -778,7 +795,7 @@ class egw_session
|
||||
|
||||
if (!$this->sessionid)
|
||||
{
|
||||
if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."('$sessionid')_REQUEST[sessionid]='$_REQUEST[sessionid]' No session ID");
|
||||
if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."('$sessionid') get_sessionid()='".self::get_sessionid()."' No session ID");
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -1237,7 +1254,7 @@ class egw_session
|
||||
* Search the instance matching the request
|
||||
*
|
||||
* @param string $login on login $_POST['login'], $_SERVER['PHP_AUTH_USER'] or $_SERVER['REMOTE_USER']
|
||||
* @param string $domain_requested usually $_REQUEST['domain']
|
||||
* @param string $domain_requested usually self::get_request('domain')
|
||||
* @param string &$default_domain usually $default_domain get's set eg. by sitemgr
|
||||
* @param string $server_name usually $_SERVER['SERVER_NAME']
|
||||
* @param array $domains=null defaults to $GLOBALS['egw_domain'] from the header
|
||||
@ -1431,14 +1448,14 @@ class egw_session
|
||||
if (($sessionid = self::get_sessionid()))
|
||||
{
|
||||
session_id($sessionid);
|
||||
session_start();
|
||||
$ok = session_start();
|
||||
self::decrypt();
|
||||
if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."() sessionid=$sessionid, _SESSION[".self::EGW_SESSION_VAR.']='.array2string($_SESSION[self::EGW_SESSION_VAR]));
|
||||
return $ok;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."() no active session!");
|
||||
}
|
||||
if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."() no active session!");
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -51,10 +51,8 @@ function array2string($var)
|
||||
case 'NULL':
|
||||
return 'NULL';
|
||||
case 'object':
|
||||
$type = get_class($var);
|
||||
// fall-through
|
||||
case 'array':
|
||||
return $type.str_replace(array("\n",' ','Array'),'',print_r($var,true));
|
||||
return str_replace(array("\n",' '/*,'Array'*/),'',print_r($var,true));
|
||||
}
|
||||
return 'UNKNOWN TYPE!';
|
||||
}
|
||||
|
||||
@ -55,11 +55,8 @@ if (!isset($GLOBALS['egw_info']['flags']['currentapp']))
|
||||
|
||||
require_once(EGW_API_INC.'/common_functions.inc.php');
|
||||
|
||||
// init eGW's sessions-handler
|
||||
egw_session::init_handler();
|
||||
|
||||
// check if we can restore the eGW enviroment from the php-session
|
||||
if ($_REQUEST[egw_session::EGW_SESSION_NAME])
|
||||
// init eGW's sessions-handler and check if we can restore the eGW enviroment from the php-session
|
||||
if (egw_session::init_handler())
|
||||
{
|
||||
if ($GLOBALS['egw_info']['flags']['currentapp'] != 'login' && $GLOBALS['egw_info']['flags']['currentapp'] != 'logout')
|
||||
{
|
||||
@ -112,12 +109,9 @@ print_debug('sane environment','messageonly','api');
|
||||
* Multi-Domain support *
|
||||
\****************************************************************************/
|
||||
|
||||
// Work around bug in Safari Version 3.2.1 (5525.27.1) where cookie named domain is called Domain
|
||||
if($_REQUEST['Domain']) $_REQUEST['domain'] = $_REQUEST['Domain'];
|
||||
|
||||
$GLOBALS['egw_info']['user']['domain'] = egw_session::search_instance(
|
||||
isset($_POST['login']) ? $_POST['login'] : (isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : $_SERVER['REMOTE_USER']),
|
||||
$_REQUEST['domain'],$GLOBALS['egw_info']['server']['default_domain'],$_SERVER['SERVER_NAME'],$GLOBALS['egw_domain']);
|
||||
egw_session::get_request('domain'),$GLOBALS['egw_info']['server']['default_domain'],$_SERVER['SERVER_NAME'],$GLOBALS['egw_domain']);
|
||||
|
||||
$GLOBALS['egw_info']['server']['db_host'] = $GLOBALS['egw_domain'][$GLOBALS['egw_info']['user']['domain']]['db_host'];
|
||||
$GLOBALS['egw_info']['server']['db_port'] = $GLOBALS['egw_domain'][$GLOBALS['egw_info']['user']['domain']]['db_port'];
|
||||
|
||||
Loading…
Reference in New Issue
Block a user