From b5544b2f471ce4c93b08d19919ab062725545ce8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gae=CC=88tan=20Muller?= Date: Sat, 3 Jan 2015 11:39:29 +0100 Subject: [ticket/13450] Type-hint return value of $phpbb_container->get() PHPBB3-13450 --- phpBB/phpbb/session.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'phpBB/phpbb/session.php') diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index 0a6a18ffbe..5b9fb6d835 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -409,6 +409,7 @@ class session $session_expired = false; // Check whether the session is still valid if we have one + /* @var $provider_collection \phpbb\auth\provider_collection */ $provider_collection = $phpbb_container->get('auth.provider_collection'); $provider = $provider_collection->get_provider(); @@ -578,6 +579,7 @@ class session } } + /* @var $provider_collection \phpbb\auth\provider_collection */ $provider_collection = $phpbb_container->get('auth.provider_collection'); $provider = $provider_collection->get_provider(); $this->data = $provider->autologin(); @@ -910,6 +912,7 @@ class session $db->sql_query($sql); // Allow connecting logout with external auth method logout + /* @var $provider_collection \phpbb\auth\provider_collection */ $provider_collection = $phpbb_container->get('auth.provider_collection'); $provider = $provider_collection->get_provider(); $provider->logout($this->data, $new_session); @@ -1036,6 +1039,7 @@ class session } // only called from CRON; should be a safe workaround until the infrastructure gets going + /* @var $captcha_factory \phpbb\captcha\factory */ $captcha_factory = $phpbb_container->get('captcha.factory'); $captcha_factory->garbage_collect($config['captcha_plugin']); -- cgit v1.2.1 From 7fc586080bf5e7b6e90dcf44526200d7c9356d57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gae=CC=88tan=20Muller?= Date: Mon, 5 Jan 2015 22:21:31 +0100 Subject: [ticket/13468] Update calls to `add_log()` PHPBB3-13468 --- phpBB/phpbb/session.php | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'phpBB/phpbb/session.php') diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index 5b9fb6d835..114912b2aa 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -215,7 +215,7 @@ class session function session_begin($update_session_page = true) { global $phpEx, $SID, $_SID, $_EXTRA_URL, $db, $config, $phpbb_root_path; - global $request, $phpbb_container; + global $request, $phpbb_container, $user, $phpbb_log; // Give us some basic information $this->time_now = time(); @@ -490,11 +490,18 @@ class session { if ($referer_valid) { - add_log('critical', 'LOG_IP_BROWSER_FORWARDED_CHECK', $u_ip, $s_ip, $u_browser, $s_browser, htmlspecialchars($u_forwarded_for), htmlspecialchars($s_forwarded_for)); + $phpbb_log->add('critical', $user->data['user_id'], $user->ip, 'LOG_IP_BROWSER_FORWARDED_CHECK', false, array( + $u_ip, + $s_ip, + $u_browser, + $s_browser, + htmlspecialchars($u_forwarded_for), + htmlspecialchars($s_forwarded_for) + )); } else { - add_log('critical', 'LOG_REFERER_INVALID', $this->referer); + $phpbb_log->add('critical', $user->data['user_id'], $user->ip, 'LOG_REFERER_INVALID', false, array($this->referer)); } } } -- cgit v1.2.1 From 79d4ff553844fa80be4da9286239f62a45489072 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gae=CC=88tan=20Muller?= Date: Sun, 11 Jan 2015 17:32:31 +0100 Subject: [ticket/13494] Update calls to `set_config()` PHPBB3-13494 --- phpBB/phpbb/session.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'phpBB/phpbb/session.php') diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index 114912b2aa..6f68dbf203 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -345,8 +345,8 @@ class session } else { - set_config('limit_load', '0'); - set_config('limit_search_load', '0'); + $config->set('limit_load', '0'); + $config->set('limit_search_load', '0'); } } @@ -1036,7 +1036,7 @@ class session { // Less than 10 users, update gc timer ... else we want gc // called again to delete other sessions - set_config('session_last_gc', $this->time_now, true); + $config->set('session_last_gc', $this->time_now, false); if ($config['max_autologin_time']) { -- cgit v1.2.1 From f6e06da4c68917dafb057bf7fe19f884a3e148c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gae=CC=88tan=20Muller?= Date: Sun, 4 Jan 2015 20:41:04 +0100 Subject: [ticket/13455] Update calls to `request_var()` PHPBB3-13455 --- phpBB/phpbb/session.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'phpBB/phpbb/session.php') diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index 6f68dbf203..6aeb8a91de 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -139,7 +139,7 @@ class session 'root_script_path' => str_replace(' ', '%20', htmlspecialchars($root_script_path)), 'page' => $page, - 'forum' => request_var('f', 0), + 'forum' => $request->variable('f', 0), ); return $page_array; @@ -253,23 +253,23 @@ class session if ($request->is_set($config['cookie_name'] . '_sid', \phpbb\request\request_interface::COOKIE) || $request->is_set($config['cookie_name'] . '_u', \phpbb\request\request_interface::COOKIE)) { - $this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0, false, true); - $this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', '', false, true); - $this->session_id = request_var($config['cookie_name'] . '_sid', '', false, true); + $this->cookie_data['u'] = $request->variable($config['cookie_name'] . '_u', 0, false, \phpbb\request\request_interface::COOKIE); + $this->cookie_data['k'] = $request->variable($config['cookie_name'] . '_k', '', false, \phpbb\request\request_interface::COOKIE); + $this->session_id = $request->variable($config['cookie_name'] . '_sid', '', false, \phpbb\request\request_interface::COOKIE); $SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid='; $_SID = (defined('NEED_SID')) ? $this->session_id : ''; if (empty($this->session_id)) { - $this->session_id = $_SID = request_var('sid', ''); + $this->session_id = $_SID = $request->variable('sid', ''); $SID = '?sid=' . $this->session_id; $this->cookie_data = array('u' => 0, 'k' => ''); } } else { - $this->session_id = $_SID = request_var('sid', ''); + $this->session_id = $_SID = $request->variable('sid', ''); $SID = '?sid=' . $this->session_id; } -- cgit v1.2.1 From 4bdef6fd21a5dcab455b0cd1ee2652de606929c3 Mon Sep 17 00:00:00 2001 From: MateBartus Date: Thu, 12 Mar 2015 00:25:00 +0100 Subject: [ticket/13697] Moving filesystem related functions to filesystem service * Moving filesystem service to \phpbb\filesystem namespace * Wraping Symfony's Filesystem component * Moving filesystem related functions from includes/functions.php into \phpbb\filesystem\filesystem Functions moved (and deprecated): - phpbb_chmod - phpbb_is_writable - phpbb_is_absolute - phpbb_own_realpath - phpbb_realpath * Adding interface for filesystem service PHPBB3-13697 --- phpBB/phpbb/session.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/phpbb/session.php') diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index d49f88b676..6154f384f3 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -92,8 +92,8 @@ class session } // current directory within the phpBB root (for example: adm) - $root_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($root_path))); - $page_dirs = explode('/', str_replace('\\', '/', phpbb_realpath('./'))); + $root_dirs = explode('/', str_replace('\\', '/', $phpbb_filesystem->realpath($root_path))); + $page_dirs = explode('/', str_replace('\\', '/', $phpbb_filesystem->realpath('./'))); $intersection = array_intersect_assoc($root_dirs, $page_dirs); $root_dirs = array_diff_assoc($root_dirs, $intersection); -- cgit v1.2.1 From fbd5929606169d3f780f0a59760c171b20bd906d Mon Sep 17 00:00:00 2001 From: Mate Bartus Date: Thu, 23 Jul 2015 20:50:33 +0200 Subject: [ticket/13740] Login admin when install finished PHPBB3-13740 --- phpBB/phpbb/session.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'phpBB/phpbb/session.php') diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index 6154f384f3..91b657262c 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -1076,6 +1076,12 @@ class session { global $config; + // If headers are already set, we just return + if (headers_sent()) + { + return; + } + $name_data = rawurlencode($config['cookie_name'] . '_' . $name) . '=' . rawurlencode($cookiedata); $expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime); $domain = (!$config['cookie_domain'] || $config['cookie_domain'] == '127.0.0.1' || strpos($config['cookie_domain'], '.') === false) ? '' : '; domain=' . $config['cookie_domain']; -- cgit v1.2.1 From 266576c6a4224f4b803040c678020e825a1510b5 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Fri, 4 Dec 2015 11:50:39 +0100 Subject: [ticket/13454] Remove unused variables Part 4 PHPBB3-13454 --- phpBB/phpbb/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/phpbb/session.php') diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index 5575c22846..ce51483aee 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -494,7 +494,7 @@ class session */ function session_create($user_id = false, $set_admin = false, $persist_login = false, $viewonline = true) { - global $SID, $_SID, $db, $config, $cache, $phpbb_root_path, $phpEx, $phpbb_container, $phpbb_dispatcher; + global $SID, $_SID, $db, $config, $cache, $phpbb_container, $phpbb_dispatcher; $this->data = array(); -- cgit v1.2.1 From 7a6a16e3a52128179a4f518958f22e773dd94084 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sat, 5 Dec 2015 13:45:16 +0100 Subject: [ticket/13454] Remove unused variables This is part 5 and there is more to come. PHPBB3-13454 --- phpBB/phpbb/session.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'phpBB/phpbb/session.php') diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index ce51483aee..b8784a2f42 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -883,7 +883,7 @@ class session */ function session_kill($new_session = true) { - global $SID, $_SID, $db, $config, $phpbb_root_path, $phpEx, $phpbb_container, $phpbb_dispatcher; + global $SID, $_SID, $db, $phpbb_container, $phpbb_dispatcher; $sql = 'DELETE FROM ' . SESSIONS_TABLE . " WHERE session_id = '" . $db->sql_escape($this->session_id) . "' @@ -975,7 +975,7 @@ class session */ function session_gc() { - global $db, $config, $phpbb_root_path, $phpEx, $phpbb_container, $phpbb_dispatcher; + global $db, $config, $phpbb_container, $phpbb_dispatcher; $batch_size = 10; @@ -1226,7 +1226,7 @@ class session if ($banned && !$return) { - global $template, $phpbb_root_path, $phpEx; + global $phpbb_root_path, $phpEx; // If the session is empty we need to create a valid one... if (empty($this->session_id)) -- cgit v1.2.1 From 73900d1857a9a59eff82b224537a79110466ce7e Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sat, 5 Dec 2015 16:07:14 +0100 Subject: [ticket/13454] Remove more unused variables This should be the last part. Off to checking if the changes were correct. PHPBB3-13454 --- phpBB/phpbb/session.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'phpBB/phpbb/session.php') diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index b8784a2f42..65fab3551a 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -1403,7 +1403,7 @@ class session */ function set_login_key($user_id = false, $key = false, $user_ip = false) { - global $config, $db; + global $db; $user_id = ($user_id === false) ? $this->data['user_id'] : $user_id; $user_ip = ($user_ip === false) ? $this->ip : $user_ip; @@ -1413,7 +1413,7 @@ class session $sql_ary = array( 'key_id' => (string) md5($key_id), - 'last_ip' => (string) $this->ip, + 'last_ip' => (string) $user_id, 'last_login' => (int) time() ); @@ -1450,7 +1450,7 @@ class session */ function reset_login_keys($user_id = false) { - global $config, $db; + global $db; $user_id = ($user_id === false) ? (int) $this->data['user_id'] : (int) $user_id; -- cgit v1.2.1 From 3f44f368172f744499055c482dcaccb0108660ab Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Thu, 24 Dec 2015 15:44:55 +0100 Subject: [ticket/13454] Add excessively removed code back PHPBB3-13454 --- phpBB/phpbb/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/phpbb/session.php') diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index 65fab3551a..6155745c37 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -1413,7 +1413,7 @@ class session $sql_ary = array( 'key_id' => (string) md5($key_id), - 'last_ip' => (string) $user_id, + 'last_ip' => (string) $user_ip, 'last_login' => (int) time() ); -- cgit v1.2.1 From c6746ab3cd02b4c8a05895c334a3f812a5a5c5b1 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Wed, 4 Jan 2017 21:40:46 +0100 Subject: [ticket/14946] Make sure to pass integers to max() PHPBB3-14946 --- phpBB/phpbb/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/phpbb/session.php') diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index cbe2f02851..cc200b1adc 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -838,7 +838,7 @@ class session $sql = 'SELECT COUNT(session_id) AS sessions FROM ' . SESSIONS_TABLE . ' WHERE session_user_id = ' . (int) $this->data['user_id'] . ' - AND session_time >= ' . (int) ($this->time_now - (max($config['session_length'], $config['form_token_lifetime']))); + AND session_time >= ' . (int) ($this->time_now - (max((int) $config['session_length'], (int) $config['form_token_lifetime']))); $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); -- cgit v1.2.1 From c368d170cf09d06ff63249d4405323e6108d90bb Mon Sep 17 00:00:00 2001 From: Tristan Darricau Date: Fri, 8 Sep 2017 10:45:22 +0200 Subject: [ticket/15351] Makes confirm_works in a router context (app.php) PHPBB3-15351 --- phpBB/phpbb/session.php | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'phpBB/phpbb/session.php') diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index c5b50c2b07..6b5b8f2625 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -91,9 +91,18 @@ class session $page_name .= str_replace('%2F', '/', urlencode($symfony_request_path)); } - // current directory within the phpBB root (for example: adm) - $root_dirs = explode('/', str_replace('\\', '/', $phpbb_filesystem->realpath($root_path))); - $page_dirs = explode('/', str_replace('\\', '/', $phpbb_filesystem->realpath('./'))); + if (substr($root_path, 0, 2) === './' && strpos($root_path, '..') === false) + { + $root_dirs = explode('/', str_replace('\\', '/', rtrim($root_path, '/'))); + $page_dirs = explode('/', str_replace('\\', '/', '.')); + } + else + { + // current directory within the phpBB root (for example: adm) + $root_dirs = explode('/', str_replace('\\', '/', $phpbb_filesystem->realpath($root_path))); + $page_dirs = explode('/', str_replace('\\', '/', $phpbb_filesystem->realpath('./'))); + } + $intersection = array_intersect_assoc($root_dirs, $page_dirs); $root_dirs = array_diff_assoc($root_dirs, $intersection); -- cgit v1.2.1 From 8c3808e9e7db09531154b2520cbfcc7529a5c752 Mon Sep 17 00:00:00 2001 From: rxu Date: Mon, 9 Jan 2017 00:23:08 +0700 Subject: [ticket/14972] Fix sizeof calls As of PHP 7.2, only arrays and objects implementing the Countable interface should be passed as a count() or sizeof() parameter. See https://github.com/php/php-src/blob/php-7.2.0alpha2/UPGRADING#L197-L198 Also, sizeof() seems to be sheduled for deprecation, see https://wiki.php.net/rfc/deprecations_php_7_2#suggested_deprecations PHPBB3-14972 --- phpBB/phpbb/session.php | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'phpBB/phpbb/session.php') diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index 6b5b8f2625..de9345ca85 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -108,7 +108,7 @@ class session $root_dirs = array_diff_assoc($root_dirs, $intersection); $page_dirs = array_diff_assoc($page_dirs, $intersection); - $page_dir = str_repeat('../', sizeof($root_dirs)) . implode('/', $page_dirs); + $page_dir = str_repeat('../', count($root_dirs)) . implode('/', $page_dirs); if ($page_dir && substr($page_dir, -1, 1) == '/') { @@ -127,8 +127,8 @@ class session // The script path from the webroot to the phpBB root (for example: /phpBB3/) $script_dirs = explode('/', $script_path); - array_splice($script_dirs, -sizeof($page_dirs)); - $root_script_path = implode('/', $script_dirs) . (sizeof($root_dirs) ? '/' . implode('/', $root_dirs) : ''); + array_splice($script_dirs, -count($page_dirs)); + $root_script_path = implode('/', $script_dirs) . (count($root_dirs) ? '/' . implode('/', $root_dirs) : ''); // We are on the base level (phpBB root == webroot), lets adjust the variables a bit... if (!$root_script_path) @@ -584,12 +584,12 @@ class session $provider = $provider_collection->get_provider(); $this->data = $provider->autologin(); - if ($user_id !== false && sizeof($this->data) && $this->data['user_id'] != $user_id) + if ($user_id !== false && isset($this->data['user_id']) && $this->data['user_id'] != $user_id) { $this->data = array(); } - if (sizeof($this->data)) + if (isset($this->data['user_id'])) { $this->cookie_data['k'] = ''; $this->cookie_data['u'] = $this->data['user_id']; @@ -597,7 +597,7 @@ class session // If we're presented with an autologin key we'll join against it. // Else if we've been passed a user_id we'll grab data based on that - if (isset($this->cookie_data['k']) && $this->cookie_data['k'] && $this->cookie_data['u'] && !sizeof($this->data)) + if (isset($this->cookie_data['k']) && $this->cookie_data['k'] && $this->cookie_data['u'] && empty($this->data)) { $sql = 'SELECT u.* FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k @@ -617,7 +617,7 @@ class session $db->sql_freeresult($result); } - if ($user_id !== false && !sizeof($this->data)) + if ($user_id !== false && empty($this->data)) { $this->cookie_data['k'] = ''; $this->cookie_data['u'] = $user_id; @@ -645,7 +645,7 @@ class session // User does not exist // User is inactive // User is bot - if (!sizeof($this->data) || !is_array($this->data)) + if (!is_array($this->data) || !count($this->data)) { $this->cookie_data['k'] = ''; $this->cookie_data['u'] = ($bot) ? $bot : ANONYMOUS; @@ -1022,7 +1022,7 @@ class session } $db->sql_freeresult($result); - if (sizeof($del_user_id)) + if (count($del_user_id)) { // Delete expired sessions $sql = 'DELETE FROM ' . SESSIONS_TABLE . ' @@ -1156,7 +1156,7 @@ class session $where_sql[] = $_sql; } - $sql .= (sizeof($where_sql)) ? implode(' AND ', $where_sql) : ''; + $sql .= (count($where_sql)) ? implode(' AND ', $where_sql) : ''; $result = $db->sql_query($sql, $cache_ttl); $ban_triggered_by = 'user'; -- cgit v1.2.1 From 85eceeccbee4cac37b73c6b40bac22ad6edb5bbd Mon Sep 17 00:00:00 2001 From: kasimi Date: Fri, 9 Mar 2018 23:31:57 +0100 Subject: [ticket/15583] Update session time in AJAX request only once a minute PHPBB3-15583 --- phpBB/phpbb/session.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'phpBB/phpbb/session.php') diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index de9345ca85..654d377d31 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -1614,13 +1614,15 @@ class session return; } + // Do not update the session page for ajax requests, so the view online still works as intended + $page_changed = $this->update_session_page && $this->data['session_page'] != $this->page['page'] && !$request->is_ajax(); + // Only update session DB a minute or so after last update or if page changes - if ($this->time_now - ((isset($this->data['session_time'])) ? $this->data['session_time'] : 0) > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page'])) + if ($this->time_now - ((isset($this->data['session_time'])) ? $this->data['session_time'] : 0) > 60 || $page_changed) { $sql_ary = array('session_time' => $this->time_now); - // Do not update the session page for ajax requests, so the view online still works as intended - if ($this->update_session_page && !$request->is_ajax()) + if ($page_changed) { $sql_ary['session_page'] = substr($this->page['page'], 0, 199); $sql_ary['session_forum_id'] = $this->page['forum']; -- cgit v1.2.1 From 8283f2393af3742f81daeb1c92d4ea097e8863e3 Mon Sep 17 00:00:00 2001 From: kasimi Date: Wed, 6 Jun 2018 10:40:29 +0200 Subject: [ticket/15583] Update session time in AJAX request only once a minute PHPBB3-15583 --- phpBB/phpbb/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/phpbb/session.php') diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index 654d377d31..80934dc411 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -1618,7 +1618,7 @@ class session $page_changed = $this->update_session_page && $this->data['session_page'] != $this->page['page'] && !$request->is_ajax(); // Only update session DB a minute or so after last update or if page changes - if ($this->time_now - ((isset($this->data['session_time'])) ? $this->data['session_time'] : 0) > 60 || $page_changed) + if ($this->time_now - (isset($this->data['session_time']) ? $this->data['session_time'] : 0) > 60 || $page_changed) { $sql_ary = array('session_time' => $this->time_now); -- cgit v1.2.1 From 68434e6dbc1b87f2bacb246b463d86ebc157473f Mon Sep 17 00:00:00 2001 From: mrgoldy Date: Tue, 2 Apr 2019 15:12:52 +0200 Subject: [ticket/16007] Show ban message for OAuth login PHPBB3-16007 --- phpBB/phpbb/session.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'phpBB/phpbb/session.php') diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index 80934dc411..1da00ac1af 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -1234,6 +1234,8 @@ class session $vars = array('return', 'banned', 'ban_row', 'ban_triggered_by'); extract($phpbb_dispatcher->trigger_event('core.session_set_custom_ban', compact($vars))); + $ban_row['ban_triggered_by'] = $ban_triggered_by; + if ($banned && !$return) { global $phpbb_root_path, $phpEx; @@ -1299,7 +1301,7 @@ class session trigger_error($message); } - return ($banned && $ban_row['ban_give_reason']) ? $ban_row['ban_give_reason'] : $banned; + return ($banned && $ban_row) ? $ban_row : $banned; } /** -- cgit v1.2.1 From fc625387332c50bc92253a1822ad0607594af736 Mon Sep 17 00:00:00 2001 From: mrgoldy Date: Tue, 2 Apr 2019 17:25:00 +0200 Subject: [ticket/16007] No strict comparison against "false" PHPBB3-16007 --- phpBB/phpbb/session.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'phpBB/phpbb/session.php') diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index 1da00ac1af..31f32af7c4 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -1234,8 +1234,6 @@ class session $vars = array('return', 'banned', 'ban_row', 'ban_triggered_by'); extract($phpbb_dispatcher->trigger_event('core.session_set_custom_ban', compact($vars))); - $ban_row['ban_triggered_by'] = $ban_triggered_by; - if ($banned && !$return) { global $phpbb_root_path, $phpEx; @@ -1301,6 +1299,11 @@ class session trigger_error($message); } + if (!empty($ban_row)) + { + $ban_row['ban_triggered_by'] = $ban_triggered_by; + } + return ($banned && $ban_row) ? $ban_row : $banned; } -- cgit v1.2.1 From 6b85faf7dad5a83eb28a06fdcf428102ae63bc28 Mon Sep 17 00:00:00 2001 From: Jakub Senko Date: Fri, 4 Oct 2019 14:11:37 +0200 Subject: [ticket/16174] Add core.set_cookie PHPBB3-16174 --- phpBB/phpbb/session.php | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'phpBB/phpbb/session.php') diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index 31f32af7c4..057c69b666 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -1077,7 +1077,7 @@ class session */ function set_cookie($name, $cookiedata, $cookietime, $httponly = true) { - global $config; + global $config, $phpbb_dispatcher; // If headers are already set, we just return if (headers_sent()) @@ -1085,6 +1085,22 @@ class session return; } + $disable_cookie = false; + /** + * Event to disable setting cookie + * + * @event core.set_cookie + * @var bool disable_cookie Set to true to disable setting this cookie + * @since 3.2.9-RC1 + */ + $vars = array('disable_cookie'); + extract($phpbb_dispatcher->trigger_event('core.set_cookie', compact($vars))); + + if ($disable_cookie) + { + return; + } + $name_data = rawurlencode($config['cookie_name'] . '_' . $name) . '=' . rawurlencode($cookiedata); $expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime); $domain = (!$config['cookie_domain'] || $config['cookie_domain'] == '127.0.0.1' || strpos($config['cookie_domain'], '.') === false) ? '' : '; domain=' . $config['cookie_domain']; -- cgit v1.2.1 From 367b0bc2084d53ab6c7f2b6c7a61a0aba9cf04a2 Mon Sep 17 00:00:00 2001 From: Jakub Senko Date: Mon, 7 Oct 2019 13:47:02 +0200 Subject: [ticket/16174] Add function params to the event PHPBB3-16174 --- phpBB/phpbb/session.php | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'phpBB/phpbb/session.php') diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index 057c69b666..237513e05f 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -1090,10 +1090,20 @@ class session * Event to disable setting cookie * * @event core.set_cookie - * @var bool disable_cookie Set to true to disable setting this cookie + * @var bool disable_cookie Set to true to disable setting this cookie + * @var string name Name of the cookie + * @var string cookiedata The data to hold within the cookie + * @var int cookietime The expiration time as UNIX timestamp + * @var bool httponly Use HttpOnly? * @since 3.2.9-RC1 */ - $vars = array('disable_cookie'); + $vars = array( + 'disable_cookie', + 'name', + 'cookiedata', + 'cookietime', + 'httponly', + ); extract($phpbb_dispatcher->trigger_event('core.set_cookie', compact($vars))); if ($disable_cookie) -- cgit v1.2.1 From 1aaeb2bca997282800f4cc30a6951104322ae433 Mon Sep 17 00:00:00 2001 From: Jakub Senko Date: Tue, 8 Oct 2019 09:29:22 +0200 Subject: [ticket/16174] Improve event desc PHPBB3-16174 --- phpBB/phpbb/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/phpbb/session.php') diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index 237513e05f..cc5a1b8f8f 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -1087,7 +1087,7 @@ class session $disable_cookie = false; /** - * Event to disable setting cookie + * Event to modify or disable setting cookies * * @event core.set_cookie * @var bool disable_cookie Set to true to disable setting this cookie -- cgit v1.2.1