editors
9 months ago
libs
9 months ago
plugins
9 months ago
resources
9 months ago
MySQLStorage.sql
9 months ago
autoload.php
9 months ago
elFinder.class.php
9 months ago
elFinderConnector.class.php
9 months ago
elFinderFlysystemGoogleDriveNetmount.php
9 months ago
elFinderPlugin.php
9 months ago
elFinderSession.php
9 months ago
elFinderSessionInterface.php
9 months ago
elFinderVolumeBox.class.php
9 months ago
elFinderVolumeDriver.class.php
9 months ago
elFinderVolumeDropbox.class.php
9 months ago
elFinderVolumeDropbox2.class.php
9 months ago
elFinderVolumeFTP.class.php
9 months ago
elFinderVolumeGoogleDrive.class.php
9 months ago
elFinderVolumeGroup.class.php
9 months ago
elFinderVolumeLocalFileSystem.class.php
9 months ago
elFinderVolumeMySQL.class.php
9 months ago
elFinderVolumeOneDrive.class.php
9 months ago
elFinderVolumeSFTPphpseclib.class.php
9 months ago
elFinderVolumeTrash.class.php
9 months ago
elFinderVolumeTrashMySQL.class.php
9 months ago
mime.types
9 months ago
elFinderSession.php
336 lines
| 1 | <?php |
| 2 | |
| 3 | /** |
| 4 | * elFinder - file manager for web. |
| 5 | * Session Wrapper Class. |
| 6 | * |
| 7 | * @package elfinder |
| 8 | * @author Naoki Sawada |
| 9 | **/ |
| 10 | |
| 11 | class elFinderSession implements elFinderSessionInterface |
| 12 | { |
| 13 | /** |
| 14 | * A flag of session started |
| 15 | * |
| 16 | * @var boolean |
| 17 | */ |
| 18 | protected $started = false; |
| 19 | |
| 20 | /** |
| 21 | * To fix PHP bug that duplicate Set-Cookie header to be sent |
| 22 | * |
| 23 | * @var boolean |
| 24 | * @see https://bugs.php.net/bug.php?id=75554 |
| 25 | */ |
| 26 | protected $fixCookieRegist = false; |
| 27 | |
| 28 | /** |
| 29 | * Array of session keys of this instance |
| 30 | * |
| 31 | * @var array |
| 32 | */ |
| 33 | protected $keys = array(); |
| 34 | |
| 35 | /** |
| 36 | * Is enabled base64encode |
| 37 | * |
| 38 | * @var boolean |
| 39 | */ |
| 40 | protected $base64encode = false; |
| 41 | |
| 42 | /** |
| 43 | * Default options array |
| 44 | * |
| 45 | * @var array |
| 46 | */ |
| 47 | protected $opts = array( |
| 48 | 'base64encode' => false, |
| 49 | 'keys' => array( |
| 50 | 'default' => 'elFinderCaches', |
| 51 | 'netvolume' => 'elFinderNetVolumes' |
| 52 | ), |
| 53 | 'cookieParams' => array() |
| 54 | ); |
| 55 | |
| 56 | /** |
| 57 | * Constractor |
| 58 | * |
| 59 | * @param array $opts The options |
| 60 | * |
| 61 | * @return self Instanse of this class |
| 62 | */ |
| 63 | public function __construct($opts) |
| 64 | { |
| 65 | $this->opts = array_merge($this->opts, $opts); |
| 66 | $this->base64encode = !empty($this->opts['base64encode']); |
| 67 | $this->keys = $this->opts['keys']; |
| 68 | if (function_exists('apache_get_version') || $this->opts['cookieParams']) { |
| 69 | $this->fixCookieRegist = true; |
| 70 | } |
| 71 | } |
| 72 | |
| 73 | /** |
| 74 | * {@inheritdoc} |
| 75 | */ |
| 76 | public function get($key, $empty = null) |
| 77 | { |
| 78 | $closed = false; |
| 79 | if (!$this->started) { |
| 80 | $closed = true; |
| 81 | $this->start(); |
| 82 | } |
| 83 | |
| 84 | $data = null; |
| 85 | |
| 86 | if ($this->started) { |
| 87 | $session =& $this->getSessionRef($key); |
| 88 | $data = $session; |
| 89 | if ($data && $this->base64encode) { |
| 90 | $data = $this->decodeData($data); |
| 91 | } |
| 92 | } |
| 93 | |
| 94 | $checkFn = null; |
| 95 | if (!is_null($empty)) { |
| 96 | if (is_string($empty)) { |
| 97 | $checkFn = 'is_string'; |
| 98 | } elseif (is_array($empty)) { |
| 99 | $checkFn = 'is_array'; |
| 100 | } elseif (is_object($empty)) { |
| 101 | $checkFn = 'is_object'; |
| 102 | } elseif (is_float($empty)) { |
| 103 | $checkFn = 'is_float'; |
| 104 | } elseif (is_int($empty)) { |
| 105 | $checkFn = 'is_int'; |
| 106 | } |
| 107 | } |
| 108 | |
| 109 | if (is_null($data) || ($checkFn && !$checkFn($data))) { |
| 110 | $session = $data = $empty; |
| 111 | } |
| 112 | |
| 113 | if ($closed) { |
| 114 | $this->close(); |
| 115 | } |
| 116 | |
| 117 | return $data; |
| 118 | } |
| 119 | |
| 120 | /** |
| 121 | * {@inheritdoc} |
| 122 | */ |
| 123 | public function start() |
| 124 | { |
| 125 | set_error_handler(array($this, 'session_start_error'), E_NOTICE | E_WARNING); |
| 126 | |
| 127 | // apache2 SAPI has a bug of session cookie register |
| 128 | // see https://bugs.php.net/bug.php?id=75554 |
| 129 | // see https://github.com/php/php-src/pull/3231 |
| 130 | if ($this->fixCookieRegist === true) { |
| 131 | if ((int)ini_get('session.use_cookies') === 1) { |
| 132 | if (ini_set('session.use_cookies', 0) === false) { |
| 133 | $this->fixCookieRegist = false; |
| 134 | } |
| 135 | } |
| 136 | } |
| 137 | |
| 138 | if (version_compare(PHP_VERSION, '5.4.0', '>=')) { |
| 139 | if (session_status() !== PHP_SESSION_ACTIVE) { |
| 140 | session_start(); |
| 141 | } |
| 142 | } else { |
| 143 | session_start(); |
| 144 | } |
| 145 | $this->started = session_id() ? true : false; |
| 146 | |
| 147 | restore_error_handler(); |
| 148 | |
| 149 | return $this; |
| 150 | } |
| 151 | |
| 152 | /** |
| 153 | * Get variable reference of $_SESSION |
| 154 | * |
| 155 | * @param string $key key of $_SESSION array |
| 156 | * |
| 157 | * @return mixed|null |
| 158 | */ |
| 159 | protected function & getSessionRef($key) |
| 160 | { |
| 161 | $session = null; |
| 162 | if ($this->started) { |
| 163 | list($cat, $name) = array_pad(explode('.', $key, 2), 2, null); |
| 164 | if (is_null($name)) { |
| 165 | if (!isset($this->keys[$cat])) { |
| 166 | $name = $cat; |
| 167 | $cat = 'default'; |
| 168 | } |
| 169 | } |
| 170 | if (isset($this->keys[$cat])) { |
| 171 | $cat = $this->keys[$cat]; |
| 172 | } else { |
| 173 | $name = $cat . '.' . $name; |
| 174 | $cat = $this->keys['default']; |
| 175 | } |
| 176 | if (is_null($name)) { |
| 177 | if (!isset($_SESSION[$cat])) { |
| 178 | $_SESSION[$cat] = null; |
| 179 | } |
| 180 | $session =& $_SESSION[$cat]; |
| 181 | } else { |
| 182 | if (!isset($_SESSION[$cat]) || !is_array($_SESSION[$cat])) { |
| 183 | $_SESSION[$cat] = array(); |
| 184 | } |
| 185 | if (!isset($_SESSION[$cat][$name])) { |
| 186 | $_SESSION[$cat][$name] = null; |
| 187 | } |
| 188 | $session =& $_SESSION[$cat][$name]; |
| 189 | } |
| 190 | } |
| 191 | return $session; |
| 192 | } |
| 193 | |
| 194 | /** |
| 195 | * base64 decode of session val |
| 196 | * |
| 197 | * @param $data |
| 198 | * |
| 199 | * @return bool|mixed|string|null |
| 200 | */ |
| 201 | protected function decodeData($data) |
| 202 | { |
| 203 | if ($this->base64encode) { |
| 204 | if (is_string($data)) { |
| 205 | if (($data = base64_decode($data)) !== false) { |
| 206 | $data = unserialize($data); |
| 207 | } else { |
| 208 | $data = null; |
| 209 | } |
| 210 | } else { |
| 211 | $data = null; |
| 212 | } |
| 213 | } |
| 214 | return $data; |
| 215 | } |
| 216 | |
| 217 | /** |
| 218 | * {@inheritdoc} |
| 219 | */ |
| 220 | public function close() |
| 221 | { |
| 222 | if ($this->started) { |
| 223 | if ($this->fixCookieRegist === true) { |
| 224 | // regist cookie only once for apache2 SAPI |
| 225 | $cParm = session_get_cookie_params(); |
| 226 | if ($this->opts['cookieParams'] && is_array($this->opts['cookieParams'])) { |
| 227 | $cParm = array_merge($cParm, $this->opts['cookieParams']); |
| 228 | } |
| 229 | if (version_compare(PHP_VERSION, '7.3', '<')) { |
| 230 | setcookie(session_name(), session_id(), 0, $cParm['path'] . (!empty($cParm['SameSite'])? '; SameSite=' . $cParm['SameSite'] : ''), $cParm['domain'], $cParm['secure'], $cParm['httponly']); |
| 231 | } else { |
| 232 | $allows = array('expires' => true, 'path' => true, 'domain' => true, 'secure' => true, 'httponly' => true, 'samesite' => true); |
| 233 | foreach(array_keys($cParm) as $_k) { |
| 234 | if (!isset($allows[$_k])) { |
| 235 | unset($cParm[$_k]); |
| 236 | } |
| 237 | } |
| 238 | setcookie(session_name(), session_id(), $cParm); |
| 239 | } |
| 240 | $this->fixCookieRegist = false; |
| 241 | } |
| 242 | session_write_close(); |
| 243 | } |
| 244 | $this->started = false; |
| 245 | |
| 246 | return $this; |
| 247 | } |
| 248 | |
| 249 | /** |
| 250 | * {@inheritdoc} |
| 251 | */ |
| 252 | public function set($key, $data) |
| 253 | { |
| 254 | $closed = false; |
| 255 | if (!$this->started) { |
| 256 | $closed = true; |
| 257 | $this->start(); |
| 258 | } |
| 259 | $session =& $this->getSessionRef($key); |
| 260 | if ($this->base64encode) { |
| 261 | $data = $this->encodeData($data); |
| 262 | } |
| 263 | $session = $data; |
| 264 | |
| 265 | if ($closed) { |
| 266 | $this->close(); |
| 267 | } |
| 268 | |
| 269 | return $this; |
| 270 | } |
| 271 | |
| 272 | /** |
| 273 | * base64 encode for session val |
| 274 | * |
| 275 | * @param $data |
| 276 | * |
| 277 | * @return string |
| 278 | */ |
| 279 | protected function encodeData($data) |
| 280 | { |
| 281 | if ($this->base64encode) { |
| 282 | $data = base64_encode(serialize($data)); |
| 283 | } |
| 284 | return $data; |
| 285 | } |
| 286 | |
| 287 | /** |
| 288 | * {@inheritdoc} |
| 289 | */ |
| 290 | public function remove($key) |
| 291 | { |
| 292 | $closed = false; |
| 293 | if (!$this->started) { |
| 294 | $closed = true; |
| 295 | $this->start(); |
| 296 | } |
| 297 | |
| 298 | list($cat, $name) = array_pad(explode('.', $key, 2), 2, null); |
| 299 | if (is_null($name)) { |
| 300 | if (!isset($this->keys[$cat])) { |
| 301 | $name = $cat; |
| 302 | $cat = 'default'; |
| 303 | } |
| 304 | } |
| 305 | if (isset($this->keys[$cat])) { |
| 306 | $cat = $this->keys[$cat]; |
| 307 | } else { |
| 308 | $name = $cat . '.' . $name; |
| 309 | $cat = $this->keys['default']; |
| 310 | } |
| 311 | if (is_null($name)) { |
| 312 | unset($_SESSION[$cat]); |
| 313 | } else { |
| 314 | if (isset($_SESSION[$cat]) && is_array($_SESSION[$cat])) { |
| 315 | unset($_SESSION[$cat][$name]); |
| 316 | } |
| 317 | } |
| 318 | |
| 319 | if ($closed) { |
| 320 | $this->close(); |
| 321 | } |
| 322 | |
| 323 | return $this; |
| 324 | } |
| 325 | |
| 326 | /** |
| 327 | * sessioin error handler (Only for suppression of error at session start) |
| 328 | * |
| 329 | * @param $errno |
| 330 | * @param $errstr |
| 331 | */ |
| 332 | protected function session_start_error($errno, $errstr) |
| 333 | { |
| 334 | } |
| 335 | } |
| 336 |