forked from extern/egroupware
fixing a few more PHP5.3 problems, caused by PHP5.3 behavior to NOT
register cookies in $_REQUEST any more by default (there's now a php.ini variable 'request_order' to controll that, but we want to work with a default configuraltion): - session restore was not working, as only $_REQUEST[sessionid] was checked - multi domain installs not working, as domain cookie was not checked - encrypted session were not working, because kp3 cookie was not checked --> there's now a static method egw_session::get_request($name), which checks $_REQUEST[$name], $_COOKIE[$name] and for that Safari bug also $_COOKIE[ucfirst($name)]
This commit is contained in:
Ralf Becker
parent
6d78b5ce58
commit
cdd5103888
@ -314,7 +314,7 @@ else
|
|||||||
|
|
||||||
if(!$GLOBALS['egw_info']['server']['disable_autoload_langfiles'])
|
if(!$GLOBALS['egw_info']['server']['disable_autoload_langfiles'])
|
||||||
{
|
{
|
||||||
$GLOBALS['egw']->translation->autoload_changed_langfiles();
|
translation::autoload_changed_langfiles();
|
||||||
}
|
}
|
||||||
$forward = isset($_GET['phpgw_forward']) ? urldecode($_GET['phpgw_forward']) : @$_POST['phpgw_forward'];
|
$forward = isset($_GET['phpgw_forward']) ? urldecode($_GET['phpgw_forward']) : @$_POST['phpgw_forward'];
|
||||||
if (!$forward)
|
if (!$forward)
|
||||||
|
|||||||
@ -21,8 +21,8 @@ $GLOBALS['egw_info'] = array(
|
|||||||
);
|
);
|
||||||
include('./header.inc.php');
|
include('./header.inc.php');
|
||||||
|
|
||||||
$GLOBALS['sessionid'] = get_var('sessionid',array('GET','COOKIE'));
|
$GLOBALS['sessionid'] = egw_session::get_sessionid('sessionid');
|
||||||
$GLOBALS['kp3'] = get_var('kp3',array('GET','COOKIE'));
|
$GLOBALS['kp3'] = egw_session::get_request('kp3');
|
||||||
|
|
||||||
$verified = $GLOBALS['egw']->session->verify();
|
$verified = $GLOBALS['egw']->session->verify();
|
||||||
|
|
||||||
|
|||||||
@ -163,7 +163,7 @@ class egw_session
|
|||||||
$this->required_files = $_SESSION[self::EGW_REQUIRED_FILES];
|
$this->required_files = $_SESSION[self::EGW_REQUIRED_FILES];
|
||||||
|
|
||||||
$this->sessionid = self::get_sessionid();
|
$this->sessionid = self::get_sessionid();
|
||||||
$this->kp3 = $_REQUEST['kp3'];
|
$this->kp3 = self::get_request('kp3');
|
||||||
|
|
||||||
$this->egw_domains = $domain_names;
|
$this->egw_domains = $domain_names;
|
||||||
|
|
||||||
@ -336,7 +336,7 @@ class egw_session
|
|||||||
*/
|
*/
|
||||||
static function decrypt()
|
static function decrypt()
|
||||||
{
|
{
|
||||||
if ($_SESSION[self::EGW_SESSION_ENCRYPTED] && self::init_crypt($_REQUEST['kp3']))
|
if ($_SESSION[self::EGW_SESSION_ENCRYPTED] && self::init_crypt(self::get_request('kp3')))
|
||||||
{
|
{
|
||||||
foreach(self::$egw_session_vars as $name)
|
foreach(self::$egw_session_vars as $name)
|
||||||
{
|
{
|
||||||
@ -753,6 +753,23 @@ class egw_session
|
|||||||
return $sessionid;
|
return $sessionid;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get request or cookie variable with higher precedence to $_REQUEST then $_COOKIE
|
||||||
|
*
|
||||||
|
* In php < 5.3 that's identical to $_REQUEST[$name], but php5.3+ does no longer register cookied in $_REQUEST by default
|
||||||
|
*
|
||||||
|
* As a workaround for a bug in Safari Version 3.2.1 (5525.27.1), where cookie first letter get's upcased, we check that too.
|
||||||
|
*
|
||||||
|
* @param string $name eg. 'kp3' or domain
|
||||||
|
* @return mixed null if it's neither set in $_REQUEST or $_COOKIE
|
||||||
|
*/
|
||||||
|
static function get_request($name)
|
||||||
|
{
|
||||||
|
return isset($_REQUEST[$name]) ? $_REQUEST[$name] :
|
||||||
|
(isset($_COOKIE[$name]) ? $_COOKIE[$name] :
|
||||||
|
(isset($_COOKIE[$name=ucfirst($name)]) ? $_COOKIE[$name] : null));
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check to see if a session is still current and valid
|
* Check to see if a session is still current and valid
|
||||||
*
|
*
|
||||||
@ -769,7 +786,7 @@ class egw_session
|
|||||||
if(!$sessionid)
|
if(!$sessionid)
|
||||||
{
|
{
|
||||||
$sessionid = self::get_sessionid();
|
$sessionid = self::get_sessionid();
|
||||||
$kp3 = $_REQUEST['kp3'];
|
$kp3 = self::get_request('kp3');
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->sessionid = $sessionid;
|
$this->sessionid = $sessionid;
|
||||||
@ -778,7 +795,7 @@ class egw_session
|
|||||||
|
|
||||||
if (!$this->sessionid)
|
if (!$this->sessionid)
|
||||||
{
|
{
|
||||||
if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."('$sessionid')_REQUEST[sessionid]='$_REQUEST[sessionid]' No session ID");
|
if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."('$sessionid') get_sessionid()='".self::get_sessionid()."' No session ID");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1237,7 +1254,7 @@ class egw_session
|
|||||||
* Search the instance matching the request
|
* Search the instance matching the request
|
||||||
*
|
*
|
||||||
* @param string $login on login $_POST['login'], $_SERVER['PHP_AUTH_USER'] or $_SERVER['REMOTE_USER']
|
* @param string $login on login $_POST['login'], $_SERVER['PHP_AUTH_USER'] or $_SERVER['REMOTE_USER']
|
||||||
* @param string $domain_requested usually $_REQUEST['domain']
|
* @param string $domain_requested usually self::get_request('domain')
|
||||||
* @param string &$default_domain usually $default_domain get's set eg. by sitemgr
|
* @param string &$default_domain usually $default_domain get's set eg. by sitemgr
|
||||||
* @param string $server_name usually $_SERVER['SERVER_NAME']
|
* @param string $server_name usually $_SERVER['SERVER_NAME']
|
||||||
* @param array $domains=null defaults to $GLOBALS['egw_domain'] from the header
|
* @param array $domains=null defaults to $GLOBALS['egw_domain'] from the header
|
||||||
@ -1431,14 +1448,14 @@ class egw_session
|
|||||||
if (($sessionid = self::get_sessionid()))
|
if (($sessionid = self::get_sessionid()))
|
||||||
{
|
{
|
||||||
session_id($sessionid);
|
session_id($sessionid);
|
||||||
session_start();
|
$ok = session_start();
|
||||||
self::decrypt();
|
self::decrypt();
|
||||||
if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."() sessionid=$sessionid, _SESSION[".self::EGW_SESSION_VAR.']='.array2string($_SESSION[self::EGW_SESSION_VAR]));
|
if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."() sessionid=$sessionid, _SESSION[".self::EGW_SESSION_VAR.']='.array2string($_SESSION[self::EGW_SESSION_VAR]));
|
||||||
|
return $ok;
|
||||||
}
|
}
|
||||||
else
|
if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."() no active session!");
|
||||||
{
|
|
||||||
if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."() no active session!");
|
return false;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@ -51,10 +51,8 @@ function array2string($var)
|
|||||||
case 'NULL':
|
case 'NULL':
|
||||||
return 'NULL';
|
return 'NULL';
|
||||||
case 'object':
|
case 'object':
|
||||||
$type = get_class($var);
|
|
||||||
// fall-through
|
|
||||||
case 'array':
|
case 'array':
|
||||||
return $type.str_replace(array("\n",' ','Array'),'',print_r($var,true));
|
return str_replace(array("\n",' '/*,'Array'*/),'',print_r($var,true));
|
||||||
}
|
}
|
||||||
return 'UNKNOWN TYPE!';
|
return 'UNKNOWN TYPE!';
|
||||||
}
|
}
|
||||||
|
|||||||
@ -55,11 +55,8 @@ if (!isset($GLOBALS['egw_info']['flags']['currentapp']))
|
|||||||
|
|
||||||
require_once(EGW_API_INC.'/common_functions.inc.php');
|
require_once(EGW_API_INC.'/common_functions.inc.php');
|
||||||
|
|
||||||
// init eGW's sessions-handler
|
// init eGW's sessions-handler and check if we can restore the eGW enviroment from the php-session
|
||||||
egw_session::init_handler();
|
if (egw_session::init_handler())
|
||||||
|
|
||||||
// check if we can restore the eGW enviroment from the php-session
|
|
||||||
if ($_REQUEST[egw_session::EGW_SESSION_NAME])
|
|
||||||
{
|
{
|
||||||
if ($GLOBALS['egw_info']['flags']['currentapp'] != 'login' && $GLOBALS['egw_info']['flags']['currentapp'] != 'logout')
|
if ($GLOBALS['egw_info']['flags']['currentapp'] != 'login' && $GLOBALS['egw_info']['flags']['currentapp'] != 'logout')
|
||||||
{
|
{
|
||||||
@ -112,12 +109,9 @@ print_debug('sane environment','messageonly','api');
|
|||||||
* Multi-Domain support *
|
* Multi-Domain support *
|
||||||
\****************************************************************************/
|
\****************************************************************************/
|
||||||
|
|
||||||
// Work around bug in Safari Version 3.2.1 (5525.27.1) where cookie named domain is called Domain
|
|
||||||
if($_REQUEST['Domain']) $_REQUEST['domain'] = $_REQUEST['Domain'];
|
|
||||||
|
|
||||||
$GLOBALS['egw_info']['user']['domain'] = egw_session::search_instance(
|
$GLOBALS['egw_info']['user']['domain'] = egw_session::search_instance(
|
||||||
isset($_POST['login']) ? $_POST['login'] : (isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : $_SERVER['REMOTE_USER']),
|
isset($_POST['login']) ? $_POST['login'] : (isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : $_SERVER['REMOTE_USER']),
|
||||||
$_REQUEST['domain'],$GLOBALS['egw_info']['server']['default_domain'],$_SERVER['SERVER_NAME'],$GLOBALS['egw_domain']);
|
egw_session::get_request('domain'),$GLOBALS['egw_info']['server']['default_domain'],$_SERVER['SERVER_NAME'],$GLOBALS['egw_domain']);
|
||||||
|
|
||||||
$GLOBALS['egw_info']['server']['db_host'] = $GLOBALS['egw_domain'][$GLOBALS['egw_info']['user']['domain']]['db_host'];
|
$GLOBALS['egw_info']['server']['db_host'] = $GLOBALS['egw_domain'][$GLOBALS['egw_info']['user']['domain']]['db_host'];
|
||||||
$GLOBALS['egw_info']['server']['db_port'] = $GLOBALS['egw_domain'][$GLOBALS['egw_info']['user']['domain']]['db_port'];
|
$GLOBALS['egw_info']['server']['db_port'] = $GLOBALS['egw_domain'][$GLOBALS['egw_info']['user']['domain']]['db_port'];
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user