Edit File by line

<?php

[0] Fix | Delete

[1] Fix | Delete

/**

[2] Fix | Delete

* elFinder - file manager for web.

[3] Fix | Delete

* Session Wrapper Class.

[4] Fix | Delete

[5] Fix | Delete

* @package elfinder

[6] Fix | Delete

* @author Naoki Sawada

[7] Fix | Delete

**/

[8] Fix | Delete

[9] Fix | Delete

class elFinderSession implements elFinderSessionInterface

[10] Fix | Delete

{

[11] Fix | Delete

/**

[12] Fix | Delete

* A flag of session started

[13] Fix | Delete

[14] Fix | Delete

* @var boolean

[15] Fix | Delete

[16] Fix | Delete

protected $started = false;

[17] Fix | Delete

[18] Fix | Delete

/**

[19] Fix | Delete

* To fix PHP bug that duplicate Set-Cookie header to be sent

[20] Fix | Delete

[21] Fix | Delete

* @var boolean

[22] Fix | Delete

* @see https://bugs.php.net/bug.php?id=75554

[23] Fix | Delete

[24] Fix | Delete

protected $fixCookieRegist = false;

[25] Fix | Delete

[26] Fix | Delete

/**

[27] Fix | Delete

* Array of session keys of this instance

[28] Fix | Delete

[29] Fix | Delete

* @var array

[30] Fix | Delete

[31] Fix | Delete

protected $keys = array();

[32] Fix | Delete

[33] Fix | Delete

/**

[34] Fix | Delete

* Is enabled base64encode

[35] Fix | Delete

[36] Fix | Delete

* @var boolean

[37] Fix | Delete

[38] Fix | Delete

protected $base64encode = false;

[39] Fix | Delete

[40] Fix | Delete

/**

[41] Fix | Delete

* Default options array

[42] Fix | Delete

[43] Fix | Delete

* @var array

[44] Fix | Delete

[45] Fix | Delete

protected $opts = array(

[46] Fix | Delete

'base64encode' => false,

[47] Fix | Delete

'keys' => array(

[48] Fix | Delete

'default' => 'elFinderCaches',

[49] Fix | Delete

'netvolume' => 'elFinderNetVolumes'

[50] Fix | Delete

[51] Fix | Delete

'cookieParams' => array()

[52] Fix | Delete

);

[53] Fix | Delete

[54] Fix | Delete

/**

[55] Fix | Delete

* Constractor

[56] Fix | Delete

[57] Fix | Delete

* @param array $opts The options

[58] Fix | Delete

[59] Fix | Delete

* @return self Instanse of this class

[60] Fix | Delete

[61] Fix | Delete

public function __construct($opts)

[62] Fix | Delete

{

[63] Fix | Delete

$this->opts = array_merge($this->opts, $opts);

[64] Fix | Delete

$this->base64encode = !empty($this->opts['base64encode']);

[65] Fix | Delete

$this->keys = $this->opts['keys'];

[66] Fix | Delete

if (function_exists('apache_get_version') || $this->opts['cookieParams']) {

[67] Fix | Delete

$this->fixCookieRegist = true;

[68] Fix | Delete

}

[69] Fix | Delete

}

[70] Fix | Delete

[71] Fix | Delete

/**

[72] Fix | Delete

* {@inheritdoc}

[73] Fix | Delete

[74] Fix | Delete

public function get($key, $empty = null)

[75] Fix | Delete

{

[76] Fix | Delete

$closed = false;

[77] Fix | Delete

if (!$this->started) {

[78] Fix | Delete

$closed = true;

[79] Fix | Delete

$this->start();

[80] Fix | Delete

}

[81] Fix | Delete

[82] Fix | Delete

$data = null;

[83] Fix | Delete

[84] Fix | Delete

if ($this->started) {

[85] Fix | Delete

$session =& $this->getSessionRef($key);

[86] Fix | Delete

$data = $session;

[87] Fix | Delete

if ($data && $this->base64encode) {

[88] Fix | Delete

$data = $this->decodeData($data);

[89] Fix | Delete

}

[90] Fix | Delete

}

[91] Fix | Delete

[92] Fix | Delete

$checkFn = null;

[93] Fix | Delete

if (!is_null($empty)) {

[94] Fix | Delete

if (is_string($empty)) {

[95] Fix | Delete

$checkFn = 'is_string';

[96] Fix | Delete

} elseif (is_array($empty)) {

[97] Fix | Delete

$checkFn = 'is_array';

[98] Fix | Delete

} elseif (is_object($empty)) {

[99] Fix | Delete

$checkFn = 'is_object';

[100] Fix | Delete

} elseif (is_float($empty)) {

[101] Fix | Delete

$checkFn = 'is_float';

[102] Fix | Delete

} elseif (is_int($empty)) {

[103] Fix | Delete

$checkFn = 'is_int';

[104] Fix | Delete

}

[105] Fix | Delete

}

[106] Fix | Delete

[107] Fix | Delete

if (is_null($data) || ($checkFn && !$checkFn($data))) {

[108] Fix | Delete

$session = $data = $empty;

[109] Fix | Delete

}

[110] Fix | Delete

[111] Fix | Delete

if ($closed) {

[112] Fix | Delete

$this->close();

[113] Fix | Delete

}

[114] Fix | Delete

[115] Fix | Delete

return $data;

[116] Fix | Delete

}

[117] Fix | Delete

[118] Fix | Delete

/**

[119] Fix | Delete

* {@inheritdoc}

[120] Fix | Delete

[121] Fix | Delete

public function start()

[122] Fix | Delete

{

[123] Fix | Delete

set_error_handler(array($this, 'session_start_error'), E_NOTICE | E_WARNING);

[124] Fix | Delete

[125] Fix | Delete

// apache2 SAPI has a bug of session cookie register

[126] Fix | Delete

// see https://bugs.php.net/bug.php?id=75554

[127] Fix | Delete

// see https://github.com/php/php-src/pull/3231

[128] Fix | Delete

if ($this->fixCookieRegist === true) {

[129] Fix | Delete

if ((int)ini_get('session.use_cookies') === 1) {

[130] Fix | Delete

if (ini_set('session.use_cookies', 0) === false) {

[131] Fix | Delete

$this->fixCookieRegist = false;

[132] Fix | Delete

}

[133] Fix | Delete

}

[134] Fix | Delete

}

[135] Fix | Delete

[136] Fix | Delete

if (version_compare(PHP_VERSION, '5.4.0', '>=')) {

[137] Fix | Delete

if (session_status() !== PHP_SESSION_ACTIVE) {

[138] Fix | Delete

session_start();

[139] Fix | Delete

}

[140] Fix | Delete

} else {

[141] Fix | Delete

session_start();

[142] Fix | Delete

}

[143] Fix | Delete

$this->started = session_id() ? true : false;

[144] Fix | Delete

[145] Fix | Delete

restore_error_handler();

[146] Fix | Delete

[147] Fix | Delete

return $this;

[148] Fix | Delete

}

[149] Fix | Delete

[150] Fix | Delete

/**

[151] Fix | Delete

* Get variable reference of $_SESSION

[152] Fix | Delete

[153] Fix | Delete

* @param string $key key of $_SESSION array

[154] Fix | Delete

[155] Fix | Delete

* @return mixed|null

[156] Fix | Delete

[157] Fix | Delete

protected function & getSessionRef($key)

[158] Fix | Delete

{

[159] Fix | Delete

$session = null;

[160] Fix | Delete

if ($this->started) {

[161] Fix | Delete

list($cat, $name) = array_pad(explode('.', $key, 2), 2, null);

[162] Fix | Delete

if (is_null($name)) {

[163] Fix | Delete

if (!isset($this->keys[$cat])) {

[164] Fix | Delete

$name = $cat;

[165] Fix | Delete

$cat = 'default';

[166] Fix | Delete

}

[167] Fix | Delete

}

[168] Fix | Delete

if (isset($this->keys[$cat])) {

[169] Fix | Delete

$cat = $this->keys[$cat];

[170] Fix | Delete

} else {

[171] Fix | Delete

$name = $cat . '.' . $name;

[172] Fix | Delete

$cat = $this->keys['default'];

[173] Fix | Delete

}

[174] Fix | Delete

if (is_null($name)) {

[175] Fix | Delete

if (!isset($_SESSION[$cat])) {

[176] Fix | Delete

$_SESSION[$cat] = null;

[177] Fix | Delete

}

[178] Fix | Delete

$session =& $_SESSION[$cat];

[179] Fix | Delete

} else {

[180] Fix | Delete

if (!isset($_SESSION[$cat]) || !is_array($_SESSION[$cat])) {

[181] Fix | Delete

$_SESSION[$cat] = array();

[182] Fix | Delete

}

[183] Fix | Delete

if (!isset($_SESSION[$cat][$name])) {

[184] Fix | Delete

$_SESSION[$cat][$name] = null;

[185] Fix | Delete

}

[186] Fix | Delete

$session =& $_SESSION[$cat][$name];

[187] Fix | Delete

}

[188] Fix | Delete

}

[189] Fix | Delete

return $session;

[190] Fix | Delete

}

[191] Fix | Delete

[192] Fix | Delete

/**

[193] Fix | Delete

* base64 decode of session val

[194] Fix | Delete

[195] Fix | Delete

* @param $data

[196] Fix | Delete

[197] Fix | Delete

* @return bool|mixed|string|null

[198] Fix | Delete

[199] Fix | Delete

protected function decodeData($data)

[200] Fix | Delete

{

[201] Fix | Delete

if ($this->base64encode) {

[202] Fix | Delete

if (is_string($data)) {

[203] Fix | Delete

if (($data = base64_decode($data)) !== false) {

[204] Fix | Delete

$data = unserialize($data);

[205] Fix | Delete

} else {

[206] Fix | Delete

$data = null;

[207] Fix | Delete

}

[208] Fix | Delete

} else {

[209] Fix | Delete

$data = null;

[210] Fix | Delete

}

[211] Fix | Delete

}

[212] Fix | Delete

return $data;

[213] Fix | Delete

}

[214] Fix | Delete

[215] Fix | Delete

/**

[216] Fix | Delete

* {@inheritdoc}

[217] Fix | Delete

[218] Fix | Delete

public function close()

[219] Fix | Delete

{

[220] Fix | Delete

if ($this->started) {

[221] Fix | Delete

if ($this->fixCookieRegist === true) {

[222] Fix | Delete

// regist cookie only once for apache2 SAPI

[223] Fix | Delete

$cParm = session_get_cookie_params();

[224] Fix | Delete

if ($this->opts['cookieParams'] && is_array($this->opts['cookieParams'])) {

[225] Fix | Delete

$cParm = array_merge($cParm, $this->opts['cookieParams']);

[226] Fix | Delete

}

[227] Fix | Delete

if (version_compare(PHP_VERSION, '7.3', '<')) {

[228] Fix | Delete

setcookie(session_name(), session_id(), 0, $cParm['path'] . (!empty($cParm['SameSite'])? '; SameSite=' . $cParm['SameSite'] : ''), $cParm['domain'], $cParm['secure'], $cParm['httponly']);

[229] Fix | Delete

} else {

[230] Fix | Delete

$allows = array('expires' => true, 'path' => true, 'domain' => true, 'secure' => true, 'httponly' => true, 'samesite' => true);

[231] Fix | Delete

foreach(array_keys($cParm) as $_k) {

[232] Fix | Delete

if (!isset($allows[$_k])) {

[233] Fix | Delete

unset($cParm[$_k]);

[234] Fix | Delete

}

[235] Fix | Delete

}

[236] Fix | Delete

setcookie(session_name(), session_id(), $cParm);

[237] Fix | Delete

}

[238] Fix | Delete

$this->fixCookieRegist = false;

[239] Fix | Delete

}

[240] Fix | Delete

session_write_close();

[241] Fix | Delete

}

[242] Fix | Delete

$this->started = false;

[243] Fix | Delete

[244] Fix | Delete

return $this;

[245] Fix | Delete

}

[246] Fix | Delete

[247] Fix | Delete

/**

[248] Fix | Delete

* {@inheritdoc}

[249] Fix | Delete

[250] Fix | Delete

public function set($key, $data)

[251] Fix | Delete

{

[252] Fix | Delete

$closed = false;

[253] Fix | Delete

if (!$this->started) {

[254] Fix | Delete

$closed = true;

[255] Fix | Delete

$this->start();

[256] Fix | Delete

}

[257] Fix | Delete

$session =& $this->getSessionRef($key);

[258] Fix | Delete

if ($this->base64encode) {

[259] Fix | Delete

$data = $this->encodeData($data);

[260] Fix | Delete

}

[261] Fix | Delete

$session = $data;

[262] Fix | Delete

[263] Fix | Delete

if ($closed) {

[264] Fix | Delete

$this->close();

[265] Fix | Delete

}

[266] Fix | Delete

[267] Fix | Delete

return $this;

[268] Fix | Delete

}

[269] Fix | Delete

[270] Fix | Delete

/**

[271] Fix | Delete

* base64 encode for session val

[272] Fix | Delete

[273] Fix | Delete

* @param $data

[274] Fix | Delete

[275] Fix | Delete

* @return string

[276] Fix | Delete

[277] Fix | Delete

protected function encodeData($data)

[278] Fix | Delete

{

[279] Fix | Delete

if ($this->base64encode) {

[280] Fix | Delete

$data = base64_encode(serialize($data));

[281] Fix | Delete

}

[282] Fix | Delete

return $data;

[283] Fix | Delete

}

[284] Fix | Delete

[285] Fix | Delete

/**

[286] Fix | Delete

* {@inheritdoc}

[287] Fix | Delete

[288] Fix | Delete

public function remove($key)

[289] Fix | Delete

{

[290] Fix | Delete

$closed = false;

[291] Fix | Delete

if (!$this->started) {

[292] Fix | Delete

$closed = true;

[293] Fix | Delete

$this->start();

[294] Fix | Delete

}

[295] Fix | Delete

[296] Fix | Delete

list($cat, $name) = array_pad(explode('.', $key, 2), 2, null);

[297] Fix | Delete

if (is_null($name)) {

[298] Fix | Delete

if (!isset($this->keys[$cat])) {

[299] Fix | Delete

$name = $cat;

[300] Fix | Delete

$cat = 'default';

[301] Fix | Delete

}

[302] Fix | Delete

}

[303] Fix | Delete

if (isset($this->keys[$cat])) {

[304] Fix | Delete

$cat = $this->keys[$cat];

[305] Fix | Delete

} else {

[306] Fix | Delete

$name = $cat . '.' . $name;

[307] Fix | Delete

$cat = $this->keys['default'];

[308] Fix | Delete

}

[309] Fix | Delete

if (is_null($name)) {

[310] Fix | Delete

unset($_SESSION[$cat]);

[311] Fix | Delete

} else {

[312] Fix | Delete

if (isset($_SESSION[$cat]) && is_array($_SESSION[$cat])) {

[313] Fix | Delete

unset($_SESSION[$cat][$name]);

[314] Fix | Delete

}

[315] Fix | Delete

}

[316] Fix | Delete

[317] Fix | Delete

if ($closed) {

[318] Fix | Delete

$this->close();

[319] Fix | Delete

}

[320] Fix | Delete

[321] Fix | Delete

return $this;

[322] Fix | Delete

}

[323] Fix | Delete

[324] Fix | Delete

/**

[325] Fix | Delete

* sessioin error handler (Only for suppression of error at session start)

[326] Fix | Delete

[327] Fix | Delete

* @param $errno

[328] Fix | Delete

* @param $errstr

[329] Fix | Delete

[330] Fix | Delete

protected function session_start_error($errno, $errstr)

[331] Fix | Delete

{

[332] Fix | Delete

}

[333] Fix | Delete

}

[334] Fix | Delete

[335] Fix | Delete