Db
1 year ago
Session
1 year ago
Config.php
2 years ago
Db.php
2 years ago
Exception.php
1 year ago
LICENSE.txt
6 years ago
Registry.php
2 years ago
Session.php
1 year ago
Version.php
2 years ago
Session.php
761 lines
| 1 | <?php |
| 2 | |
| 3 | namespace { |
| 4 | /** |
| 5 | * Zend Framework |
| 6 | * |
| 7 | * LICENSE |
| 8 | * |
| 9 | * This source file is subject to the new BSD license that is bundled |
| 10 | * with this package in the file LICENSE.txt. |
| 11 | * It is also available through the world-wide-web at this URL: |
| 12 | * http://framework.zend.com/license/new-bsd |
| 13 | * If you did not receive a copy of the license and are unable to |
| 14 | * obtain it through the world-wide-web, please send an email |
| 15 | * to license@zend.com so we can send you a copy immediately. |
| 16 | * |
| 17 | * @category Zend |
| 18 | * @package Zend_Session |
| 19 | * @copyright Copyright (c) 2005-2011 Zend Technologies USA Inc. (http://www.zend.com) |
| 20 | * @license http://framework.zend.com/license/new-bsd New BSD License |
| 21 | * @version $Id: Session.php 24196 2011-07-05 15:58:11Z matthew $ |
| 22 | * @since Preview Release 0.2 |
| 23 | */ |
| 24 | /** |
| 25 | * @see Zend_Session_Abstract |
| 26 | */ |
| 27 | // require_once 'Zend/Session/Abstract.php'; |
| 28 | /** |
| 29 | * @see Zend_Session_Namespace |
| 30 | */ |
| 31 | // require_once 'Zend/Session/Namespace.php'; |
| 32 | /** |
| 33 | * Zend_Session |
| 34 | * |
| 35 | * @category Zend |
| 36 | * @package Zend_Session |
| 37 | * @copyright Copyright (c) 2005-2011 Zend Technologies USA Inc. (http://www.zend.com) |
| 38 | * @license http://framework.zend.com/license/new-bsd New BSD License |
| 39 | */ |
| 40 | class Zend_Session extends \Zend_Session_Abstract |
| 41 | { |
| 42 | /** |
| 43 | * Whether or not Zend_Session is being used with unit tests |
| 44 | * |
| 45 | * @internal |
| 46 | * @var bool |
| 47 | */ |
| 48 | public static $_unitTestEnabled = \false; |
| 49 | /** |
| 50 | * $_throwStartupException |
| 51 | * |
| 52 | * @var bool|bitset This could also be a combiniation of error codes to catch |
| 53 | */ |
| 54 | protected static $_throwStartupExceptions = \true; |
| 55 | /** |
| 56 | * Check whether or not the session was started |
| 57 | * |
| 58 | * @var bool |
| 59 | */ |
| 60 | private static $_sessionStarted = \false; |
| 61 | /** |
| 62 | * Whether or not the session id has been regenerated this request. |
| 63 | * |
| 64 | * Id regeneration state |
| 65 | * <0 - regenerate requested when session is started |
| 66 | * 0 - do nothing |
| 67 | * >0 - already called session_regenerate_id() |
| 68 | * |
| 69 | * @var int |
| 70 | */ |
| 71 | private static $_regenerateIdState = 0; |
| 72 | /** |
| 73 | * Private list of php's ini values for ext/session |
| 74 | * null values will default to the php.ini value, otherwise |
| 75 | * the value below will overwrite the default ini value, unless |
| 76 | * the user has set an option explicity with setOptions() |
| 77 | * |
| 78 | * @var array |
| 79 | */ |
| 80 | private static $_defaultOptions = array( |
| 81 | 'save_path' => null, |
| 82 | 'name' => null, |
| 83 | /* this should be set to a unique value for each application */ |
| 84 | 'save_handler' => null, |
| 85 | //'auto_start' => null, /* intentionally excluded (see manual) */ |
| 86 | 'gc_probability' => null, |
| 87 | 'gc_divisor' => null, |
| 88 | 'gc_maxlifetime' => null, |
| 89 | 'serialize_handler' => null, |
| 90 | 'cookie_lifetime' => null, |
| 91 | 'cookie_path' => null, |
| 92 | 'cookie_domain' => null, |
| 93 | 'cookie_secure' => null, |
| 94 | 'cookie_httponly' => null, |
| 95 | 'use_cookies' => null, |
| 96 | 'use_only_cookies' => 'on', |
| 97 | 'referer_check' => null, |
| 98 | 'entropy_file' => null, |
| 99 | 'entropy_length' => null, |
| 100 | 'cache_limiter' => null, |
| 101 | 'cache_expire' => null, |
| 102 | 'use_trans_sid' => null, |
| 103 | 'bug_compat_42' => null, |
| 104 | 'bug_compat_warn' => null, |
| 105 | 'hash_function' => null, |
| 106 | 'hash_bits_per_character' => null, |
| 107 | ); |
| 108 | /** |
| 109 | * List of options pertaining to Zend_Session that can be set by developers |
| 110 | * using Zend_Session::setOptions(). This list intentionally duplicates |
| 111 | * the individual declaration of static "class" variables by the same names. |
| 112 | * |
| 113 | * @var array |
| 114 | */ |
| 115 | private static $_localOptions = array('strict' => '_strict', 'remember_me_seconds' => '_rememberMeSeconds', 'throw_startup_exceptions' => '_throwStartupExceptions'); |
| 116 | /** |
| 117 | * Whether or not write close has been performed. |
| 118 | * |
| 119 | * @var bool |
| 120 | */ |
| 121 | private static $_writeClosed = \false; |
| 122 | /** |
| 123 | * Whether or not session id cookie has been deleted |
| 124 | * |
| 125 | * @var bool |
| 126 | */ |
| 127 | private static $_sessionCookieDeleted = \false; |
| 128 | /** |
| 129 | * Whether or not session has been destroyed via session_destroy() |
| 130 | * |
| 131 | * @var bool |
| 132 | */ |
| 133 | private static $_destroyed = \false; |
| 134 | /** |
| 135 | * Whether or not session must be initiated before usage |
| 136 | * |
| 137 | * @var bool |
| 138 | */ |
| 139 | private static $_strict = \false; |
| 140 | /** |
| 141 | * Default number of seconds the session will be remembered for when asked to be remembered |
| 142 | * |
| 143 | * @var int |
| 144 | */ |
| 145 | private static $_rememberMeSeconds = 1209600; |
| 146 | // 2 weeks |
| 147 | /** |
| 148 | * Whether the default options listed in Zend_Session::$_localOptions have been set |
| 149 | * |
| 150 | * @var bool |
| 151 | */ |
| 152 | private static $_defaultOptionsSet = \false; |
| 153 | /** |
| 154 | * A reference to the set session save handler |
| 155 | * |
| 156 | * @var \SessionHandlerInterface |
| 157 | */ |
| 158 | private static $_saveHandler = null; |
| 159 | /** |
| 160 | * Constructor overriding - make sure that a developer cannot instantiate |
| 161 | */ |
| 162 | protected function __construct() |
| 163 | { |
| 164 | } |
| 165 | /** |
| 166 | * setOptions - set both the class specified |
| 167 | * |
| 168 | * @param array $userOptions - pass-by-keyword style array of <option name, option value> pairs |
| 169 | * @throws Zend_Session_Exception |
| 170 | * @return void |
| 171 | */ |
| 172 | public static function setOptions(array $userOptions = array()) |
| 173 | { |
| 174 | // set default options on first run only (before applying user settings) |
| 175 | if (!self::$_defaultOptionsSet) { |
| 176 | foreach (self::$_defaultOptions as $defaultOptionName => $defaultOptionValue) { |
| 177 | if (isset(self::$_defaultOptions[$defaultOptionName])) { |
| 178 | @\ini_set("session.{$defaultOptionName}", $defaultOptionValue); |
| 179 | } |
| 180 | } |
| 181 | self::$_defaultOptionsSet = \true; |
| 182 | } |
| 183 | // set the options the user has requested to set |
| 184 | foreach ($userOptions as $userOptionName => $userOptionValue) { |
| 185 | $userOptionName = \strtolower($userOptionName); |
| 186 | // set the ini based values |
| 187 | if (\array_key_exists($userOptionName, self::$_defaultOptions)) { |
| 188 | @\ini_set("session.{$userOptionName}", $userOptionValue); |
| 189 | } elseif (isset(self::$_localOptions[$userOptionName])) { |
| 190 | self::${self::$_localOptions[$userOptionName]} = $userOptionValue; |
| 191 | } else { |
| 192 | /** @see Zend_Session_Exception */ |
| 193 | // require_once 'Zend/Session/Exception.php'; |
| 194 | throw new \Zend_Session_Exception("Unknown option: {$userOptionName} = {$userOptionValue}"); |
| 195 | } |
| 196 | } |
| 197 | } |
| 198 | /** |
| 199 | * getOptions() |
| 200 | * |
| 201 | * @param string $optionName OPTIONAL |
| 202 | * @return array|string |
| 203 | */ |
| 204 | public static function getOptions($optionName = null) |
| 205 | { |
| 206 | $options = array(); |
| 207 | foreach (\ini_get_all('session') as $sysOptionName => $sysOptionValues) { |
| 208 | $options[\substr($sysOptionName, 8)] = $sysOptionValues['local_value']; |
| 209 | } |
| 210 | foreach (self::$_localOptions as $localOptionName => $localOptionMemberName) { |
| 211 | $options[$localOptionName] = self::${$localOptionMemberName}; |
| 212 | } |
| 213 | if ($optionName) { |
| 214 | if (\array_key_exists($optionName, $options)) { |
| 215 | return $options[$optionName]; |
| 216 | } |
| 217 | return null; |
| 218 | } |
| 219 | return $options; |
| 220 | } |
| 221 | /** |
| 222 | * setSaveHandler() - Session Save Handler assignment |
| 223 | * |
| 224 | * @param \SessionHandlerInterface $interface |
| 225 | * @return void |
| 226 | */ |
| 227 | public static function setSaveHandler(\SessionHandlerInterface $saveHandler) |
| 228 | { |
| 229 | self::$_saveHandler = $saveHandler; |
| 230 | if (self::$_unitTestEnabled) { |
| 231 | return; |
| 232 | } |
| 233 | \session_set_save_handler($saveHandler, \false); |
| 234 | } |
| 235 | /** |
| 236 | * getSaveHandler() - Get the session Save Handler |
| 237 | * |
| 238 | * @return \SessionHandlerInterface |
| 239 | */ |
| 240 | public static function getSaveHandler() |
| 241 | { |
| 242 | return self::$_saveHandler; |
| 243 | } |
| 244 | /** |
| 245 | * regenerateId() - Regenerate the session id. Best practice is to call this after |
| 246 | * session is started. If called prior to session starting, session id will be regenerated |
| 247 | * at start time. |
| 248 | * |
| 249 | * @throws Zend_Session_Exception |
| 250 | * @return void |
| 251 | */ |
| 252 | public static function regenerateId() |
| 253 | { |
| 254 | if (!self::$_unitTestEnabled && \headers_sent($filename, $linenum)) { |
| 255 | /** @see Zend_Session_Exception */ |
| 256 | // require_once 'Zend/Session/Exception.php'; |
| 257 | throw new \Zend_Session_Exception("You must call " . __CLASS__ . '::' . __FUNCTION__ . "() before any output has been sent to the browser; output started in {$filename}/{$linenum}"); |
| 258 | } |
| 259 | if (!self::$_sessionStarted) { |
| 260 | self::$_regenerateIdState = -1; |
| 261 | } else { |
| 262 | if (!self::$_unitTestEnabled) { |
| 263 | \session_regenerate_id(\true); |
| 264 | self::rewriteSessionCookieWithSameSiteDirective(); |
| 265 | } |
| 266 | self::$_regenerateIdState = 1; |
| 267 | } |
| 268 | } |
| 269 | /** |
| 270 | * Check if there is a Set-Cookie header present - if so, overwrite it with |
| 271 | * a similar header which also includes a SameSite directive. This workaround |
| 272 | * is needed because the SameSite property on the session cookie is not supported |
| 273 | * by PHP until 7.3. |
| 274 | */ |
| 275 | private static function rewriteSessionCookieWithSameSiteDirective() |
| 276 | { |
| 277 | $headers = \headers_list(); |
| 278 | $cookieHeader = ''; |
| 279 | foreach ($headers as $header) { |
| 280 | if (\strpos($header, 'Set-Cookie: ' . \Piwik\Session::SESSION_NAME) === 0) { |
| 281 | $cookieHeader = $header; |
| 282 | break; |
| 283 | } |
| 284 | } |
| 285 | if (!$cookieHeader) { |
| 286 | return; |
| 287 | } |
| 288 | if (\stripos($cookieHeader, 'SameSite') === \false) { |
| 289 | $cookieHeader .= '; SameSite=' . \Piwik\Session::getSameSiteCookieValue(); |
| 290 | \header($cookieHeader); |
| 291 | } |
| 292 | } |
| 293 | /** |
| 294 | * rememberMe() - Write a persistent cookie that expires after a number of seconds in the future. If no number of |
| 295 | * seconds is specified, then this defaults to self::$_rememberMeSeconds. Due to clock errors on end users' systems, |
| 296 | * large values are recommended to avoid undesirable expiration of session cookies. |
| 297 | * |
| 298 | * @param int $seconds OPTIONAL specifies TTL for cookie in seconds from present time |
| 299 | * @return void |
| 300 | */ |
| 301 | public static function rememberMe($seconds = null) |
| 302 | { |
| 303 | $seconds = (int) $seconds; |
| 304 | $seconds = $seconds > 0 ? $seconds : self::$_rememberMeSeconds; |
| 305 | self::rememberUntil($seconds); |
| 306 | } |
| 307 | /** |
| 308 | * forgetMe() - Write a volatile session cookie, removing any persistent cookie that may have existed. The session |
| 309 | * would end upon, for example, termination of a web browser program. |
| 310 | * |
| 311 | * @return void |
| 312 | */ |
| 313 | public static function forgetMe() |
| 314 | { |
| 315 | self::rememberUntil(0); |
| 316 | } |
| 317 | /** |
| 318 | * rememberUntil() - This method does the work of changing the state of the session cookie and making |
| 319 | * sure that it gets resent to the browser via regenerateId() |
| 320 | * |
| 321 | * @param int $seconds |
| 322 | * @return void |
| 323 | */ |
| 324 | public static function rememberUntil($seconds = 0) |
| 325 | { |
| 326 | if (self::$_unitTestEnabled) { |
| 327 | self::regenerateId(); |
| 328 | return; |
| 329 | } |
| 330 | $cookieParams = \session_get_cookie_params(); |
| 331 | \session_set_cookie_params($seconds, $cookieParams['path'], $cookieParams['domain'], $cookieParams['secure']); |
| 332 | // normally "rememberMe()" represents a security context change, so should use new session id |
| 333 | self::regenerateId(); |
| 334 | } |
| 335 | /** |
| 336 | * sessionExists() - whether or not a session exists for the current request |
| 337 | * |
| 338 | * @return bool |
| 339 | */ |
| 340 | public static function sessionExists() |
| 341 | { |
| 342 | if (\ini_get('session.use_cookies') == '1' && isset($_COOKIE[\session_name()])) { |
| 343 | return \true; |
| 344 | } elseif (!empty($_REQUEST[\session_name()])) { |
| 345 | return \true; |
| 346 | } elseif (self::$_unitTestEnabled) { |
| 347 | return \true; |
| 348 | } |
| 349 | return \false; |
| 350 | } |
| 351 | /** |
| 352 | * Whether or not session has been destroyed via session_destroy() |
| 353 | * |
| 354 | * @return bool |
| 355 | */ |
| 356 | public static function isDestroyed() |
| 357 | { |
| 358 | return self::$_destroyed; |
| 359 | } |
| 360 | /** |
| 361 | * start() - Start the session. |
| 362 | * |
| 363 | * @param bool|array $options OPTIONAL Either user supplied options, or flag indicating if start initiated automatically |
| 364 | * @throws Zend_Session_Exception |
| 365 | * @return void |
| 366 | */ |
| 367 | public static function start($options = \false) |
| 368 | { |
| 369 | if (self::$_sessionStarted && self::$_destroyed) { |
| 370 | // require_once 'Zend/Session/Exception.php'; |
| 371 | throw new \Zend_Session_Exception('The session was explicitly destroyed during this request, attempting to re-start is not allowed.'); |
| 372 | } |
| 373 | if (self::$_sessionStarted) { |
| 374 | return; |
| 375 | // already started |
| 376 | } |
| 377 | if (\session_status() === \PHP_SESSION_ACTIVE) { |
| 378 | parent::$_readable = \true; |
| 379 | parent::$_writable = \true; |
| 380 | self::$_sessionStarted = \true; |
| 381 | return; |
| 382 | } |
| 383 | // make sure our default options (at the least) have been set |
| 384 | if (!self::$_defaultOptionsSet) { |
| 385 | self::setOptions(\is_array($options) ? $options : array()); |
| 386 | } |
| 387 | // In strict mode, do not allow auto-starting Zend_Session, such as via "new Zend_Session_Namespace()" |
| 388 | if (self::$_strict && $options === \true) { |
| 389 | /** @see Zend_Session_Exception */ |
| 390 | // require_once 'Zend/Session/Exception.php'; |
| 391 | throw new \Zend_Session_Exception('You must explicitly start the session with Zend_Session::start() when session options are set to strict.'); |
| 392 | } |
| 393 | $filename = $linenum = null; |
| 394 | if (!self::$_unitTestEnabled && \headers_sent($filename, $linenum)) { |
| 395 | /** @see Zend_Session_Exception */ |
| 396 | // require_once 'Zend/Session/Exception.php'; |
| 397 | throw new \Zend_Session_Exception("Session must be started before any output has been sent to the browser;" . " output started in {$filename}/{$linenum}"); |
| 398 | } |
| 399 | /** |
| 400 | * Hack to throw exceptions on start instead of php errors |
| 401 | * @see http://framework.zend.com/issues/browse/ZF-1325 |
| 402 | */ |
| 403 | $errorLevel = \is_int(self::$_throwStartupExceptions) ? self::$_throwStartupExceptions : \E_ALL; |
| 404 | /** @see Zend_Session_Exception */ |
| 405 | if (!self::$_unitTestEnabled) { |
| 406 | if (self::$_throwStartupExceptions) { |
| 407 | // require_once 'Zend/Session/Exception.php'; |
| 408 | \set_error_handler(array('Zend_Session_Exception', 'handleSessionStartError'), $errorLevel); |
| 409 | } |
| 410 | $startedCleanly = \session_start(); |
| 411 | if (self::$_throwStartupExceptions) { |
| 412 | \restore_error_handler(); |
| 413 | } |
| 414 | if (!$startedCleanly || !empty(\Zend_Session_Exception::$sessionStartError)) { |
| 415 | if (self::$_throwStartupExceptions) { |
| 416 | \set_error_handler(array('Zend_Session_Exception', 'handleSilentWriteClose'), $errorLevel); |
| 417 | } |
| 418 | \session_write_close(); |
| 419 | if (self::$_throwStartupExceptions) { |
| 420 | \restore_error_handler(); |
| 421 | throw new \Zend_Session_Exception(__CLASS__ . '::' . __FUNCTION__ . '() - ' . \Zend_Session_Exception::$sessionStartError . ' Warnings: ' . \Zend_Session_Exception::$sessionStartWarning); |
| 422 | } |
| 423 | } |
| 424 | } |
| 425 | parent::$_readable = \true; |
| 426 | parent::$_writable = \true; |
| 427 | self::$_sessionStarted = \true; |
| 428 | if (self::$_regenerateIdState === -1) { |
| 429 | self::regenerateId(); |
| 430 | } else { |
| 431 | self::rewriteSessionCookieWithSameSiteDirective(); |
| 432 | } |
| 433 | if (isset($_SESSION['data']) && \is_string($_SESSION['data'])) { |
| 434 | $_SESSION = \Piwik\Common::safe_unserialize(\base64_decode($_SESSION['data']), [\Piwik\Notification::class]); |
| 435 | } |
| 436 | // run validators if they exist |
| 437 | if (isset($_SESSION['__ZF']['VALID'])) { |
| 438 | self::_processValidators(); |
| 439 | } |
| 440 | self::_processStartupMetadataGlobal(); |
| 441 | } |
| 442 | /** |
| 443 | * _processGlobalMetadata() - this method initizes the sessions GLOBAL |
| 444 | * metadata, mostly global data expiration calculations. |
| 445 | * |
| 446 | * @return void |
| 447 | */ |
| 448 | private static function _processStartupMetadataGlobal() |
| 449 | { |
| 450 | // process global metadata |
| 451 | if (isset($_SESSION['__ZF'])) { |
| 452 | // expire globally expired values |
| 453 | foreach ($_SESSION['__ZF'] as $namespace => $namespace_metadata) { |
| 454 | // Expire Namespace by Time (ENT) |
| 455 | if (isset($namespace_metadata['ENT']) && $namespace_metadata['ENT'] > 0 && \time() > $namespace_metadata['ENT']) { |
| 456 | unset($_SESSION[$namespace]); |
| 457 | unset($_SESSION['__ZF'][$namespace]); |
| 458 | } |
| 459 | // Expire Namespace by Global Hop (ENGH) if it wasnt expired above |
| 460 | if (isset($_SESSION['__ZF'][$namespace]) && isset($namespace_metadata['ENGH']) && $namespace_metadata['ENGH'] >= 1) { |
| 461 | $_SESSION['__ZF'][$namespace]['ENGH']--; |
| 462 | if ($_SESSION['__ZF'][$namespace]['ENGH'] === 0) { |
| 463 | if (isset($_SESSION[$namespace])) { |
| 464 | parent::$_expiringData[$namespace] = $_SESSION[$namespace]; |
| 465 | unset($_SESSION[$namespace]); |
| 466 | } |
| 467 | unset($_SESSION['__ZF'][$namespace]); |
| 468 | } |
| 469 | } |
| 470 | // Expire Namespace Variables by Time (ENVT) |
| 471 | if (isset($namespace_metadata['ENVT'])) { |
| 472 | foreach ($namespace_metadata['ENVT'] as $variable => $time) { |
| 473 | if (\time() > $time) { |
| 474 | unset($_SESSION[$namespace][$variable]); |
| 475 | unset($_SESSION['__ZF'][$namespace]['ENVT'][$variable]); |
| 476 | } |
| 477 | } |
| 478 | if (empty($_SESSION['__ZF'][$namespace]['ENVT'])) { |
| 479 | unset($_SESSION['__ZF'][$namespace]['ENVT']); |
| 480 | } |
| 481 | } |
| 482 | // Expire Namespace Variables by Global Hop (ENVGH) |
| 483 | if (isset($namespace_metadata['ENVGH'])) { |
| 484 | foreach ($namespace_metadata['ENVGH'] as $variable => $hops) { |
| 485 | $_SESSION['__ZF'][$namespace]['ENVGH'][$variable]--; |
| 486 | if ($_SESSION['__ZF'][$namespace]['ENVGH'][$variable] === 0) { |
| 487 | if (isset($_SESSION[$namespace][$variable])) { |
| 488 | parent::$_expiringData[$namespace][$variable] = $_SESSION[$namespace][$variable]; |
| 489 | unset($_SESSION[$namespace][$variable]); |
| 490 | } |
| 491 | unset($_SESSION['__ZF'][$namespace]['ENVGH'][$variable]); |
| 492 | } |
| 493 | } |
| 494 | if (empty($_SESSION['__ZF'][$namespace]['ENVGH'])) { |
| 495 | unset($_SESSION['__ZF'][$namespace]['ENVGH']); |
| 496 | } |
| 497 | } |
| 498 | if (isset($namespace) && empty($_SESSION['__ZF'][$namespace])) { |
| 499 | unset($_SESSION['__ZF'][$namespace]); |
| 500 | } |
| 501 | } |
| 502 | } |
| 503 | if (isset($_SESSION['__ZF']) && empty($_SESSION['__ZF'])) { |
| 504 | unset($_SESSION['__ZF']); |
| 505 | } |
| 506 | } |
| 507 | /** |
| 508 | * isStarted() - convenience method to determine if the session is already started. |
| 509 | * |
| 510 | * @return bool |
| 511 | */ |
| 512 | public static function isStarted() |
| 513 | { |
| 514 | return self::$_sessionStarted; |
| 515 | } |
| 516 | /** |
| 517 | * isRegenerated() - convenience method to determine if session_regenerate_id() |
| 518 | * has been called during this request by Zend_Session. |
| 519 | * |
| 520 | * @return bool |
| 521 | */ |
| 522 | public static function isRegenerated() |
| 523 | { |
| 524 | return self::$_regenerateIdState > 0 ? \true : \false; |
| 525 | } |
| 526 | /** |
| 527 | * getId() - get the current session id |
| 528 | * |
| 529 | * @return string |
| 530 | */ |
| 531 | public static function getId() |
| 532 | { |
| 533 | return \session_id(); |
| 534 | } |
| 535 | /** |
| 536 | * setId() - set an id to a user specified id |
| 537 | * |
| 538 | * @throws Zend_Session_Exception |
| 539 | * @param string $id |
| 540 | * @return void |
| 541 | */ |
| 542 | public static function setId($id) |
| 543 | { |
| 544 | if (!self::$_unitTestEnabled && \defined('SID')) { |
| 545 | /** @see Zend_Session_Exception */ |
| 546 | // require_once 'Zend/Session/Exception.php'; |
| 547 | throw new \Zend_Session_Exception('The session has already been started. The session id must be set first.'); |
| 548 | } |
| 549 | if (!self::$_unitTestEnabled && \headers_sent($filename, $linenum)) { |
| 550 | /** @see Zend_Session_Exception */ |
| 551 | // require_once 'Zend/Session/Exception.php'; |
| 552 | throw new \Zend_Session_Exception("You must call " . __CLASS__ . '::' . __FUNCTION__ . "() before any output has been sent to the browser; output started in {$filename}/{$linenum}"); |
| 553 | } |
| 554 | if (!\is_string($id) || $id === '') { |
| 555 | /** @see Zend_Session_Exception */ |
| 556 | // require_once 'Zend/Session/Exception.php'; |
| 557 | throw new \Zend_Session_Exception('You must provide a non-empty string as a session identifier.'); |
| 558 | } |
| 559 | \session_id($id); |
| 560 | } |
| 561 | /** |
| 562 | * registerValidator() - register a validator that will attempt to validate this session for |
| 563 | * every future request |
| 564 | * |
| 565 | * @param Zend_Session_Validator_Interface $validator |
| 566 | * @return void |
| 567 | */ |
| 568 | public static function registerValidator(\Zend_Session_Validator_Interface $validator) |
| 569 | { |
| 570 | $validator->setup(); |
| 571 | } |
| 572 | /** |
| 573 | * stop() - Disable write access. Optionally disable read (not implemented). |
| 574 | * |
| 575 | * @return void |
| 576 | */ |
| 577 | public static function stop() |
| 578 | { |
| 579 | parent::$_writable = \false; |
| 580 | } |
| 581 | /** |
| 582 | * writeClose() - Shutdown the sesssion, close writing and detach $_SESSION from the back-end storage mechanism. |
| 583 | * This will complete the internal data transformation on this request. |
| 584 | * |
| 585 | * @param bool $readonly - OPTIONAL remove write access (i.e. throw error if Zend_Session's attempt writes) |
| 586 | * @return void |
| 587 | */ |
| 588 | public static function writeClose($readonly = \true) |
| 589 | { |
| 590 | if (self::$_unitTestEnabled) { |
| 591 | return; |
| 592 | } |
| 593 | if (self::$_writeClosed) { |
| 594 | return; |
| 595 | } |
| 596 | if ($readonly) { |
| 597 | parent::$_writable = \false; |
| 598 | } |
| 599 | if (isset($_SESSION)) { |
| 600 | $sessionBkp = $_SESSION; |
| 601 | $_SESSION = array('data' => \base64_encode(\serialize($_SESSION))); |
| 602 | } |
| 603 | \session_write_close(); |
| 604 | self::$_writeClosed = \true; |
| 605 | if (isset($sessionBkp)) { |
| 606 | $_SESSION = $sessionBkp; |
| 607 | } |
| 608 | } |
| 609 | /** |
| 610 | * destroy() - This is used to destroy session data, and optionally, the session cookie itself |
| 611 | * |
| 612 | * @param bool $remove_cookie - OPTIONAL remove session id cookie, defaults to true (remove cookie) |
| 613 | * @param bool $readonly - OPTIONAL remove write access (i.e. throw error if Zend_Session's attempt writes) |
| 614 | * @return void |
| 615 | */ |
| 616 | public static function destroy($remove_cookie = \true, $readonly = \true) |
| 617 | { |
| 618 | if (self::$_unitTestEnabled) { |
| 619 | return; |
| 620 | } |
| 621 | if (self::$_destroyed) { |
| 622 | return; |
| 623 | } |
| 624 | if ($readonly) { |
| 625 | parent::$_writable = \false; |
| 626 | } |
| 627 | \session_destroy(); |
| 628 | self::$_destroyed = \true; |
| 629 | if ($remove_cookie) { |
| 630 | self::expireSessionCookie(); |
| 631 | } |
| 632 | } |
| 633 | /** |
| 634 | * expireSessionCookie() - Sends an expired session id cookie, causing the client to delete the session cookie |
| 635 | * |
| 636 | * @return void |
| 637 | */ |
| 638 | public static function expireSessionCookie() |
| 639 | { |
| 640 | if (self::$_unitTestEnabled) { |
| 641 | return; |
| 642 | } |
| 643 | if (self::$_sessionCookieDeleted) { |
| 644 | return; |
| 645 | } |
| 646 | self::$_sessionCookieDeleted = \true; |
| 647 | if (isset($_COOKIE[\session_name()])) { |
| 648 | $cookie_params = \session_get_cookie_params(); |
| 649 | \Piwik\Session::writeCookie( |
| 650 | \session_name(), |
| 651 | \false, |
| 652 | 315554400, |
| 653 | // strtotime('1980-01-01'), |
| 654 | $cookie_params['path'], |
| 655 | $cookie_params['domain'], |
| 656 | $cookie_params['secure'], |
| 657 | \false, |
| 658 | \Piwik\Session::getSameSiteCookieValue() |
| 659 | ); |
| 660 | } |
| 661 | } |
| 662 | /** |
| 663 | * _processValidator() - internal function that is called in the existence of VALID metadata |
| 664 | * |
| 665 | * @throws Zend_Session_Exception |
| 666 | * @return void |
| 667 | */ |
| 668 | private static function _processValidators() |
| 669 | { |
| 670 | foreach ($_SESSION['__ZF']['VALID'] as $validator_name => $valid_data) { |
| 671 | if (!\class_exists($validator_name)) { |
| 672 | // require_once 'Zend/Loader.php'; |
| 673 | \Zend_Loader::loadClass($validator_name); |
| 674 | } |
| 675 | $validator = new $validator_name(); |
| 676 | if ($validator->validate() === \false) { |
| 677 | /** @see Zend_Session_Exception */ |
| 678 | // require_once 'Zend/Session/Exception.php'; |
| 679 | throw new \Zend_Session_Exception("This session is not valid according to {$validator_name}."); |
| 680 | } |
| 681 | } |
| 682 | } |
| 683 | /** |
| 684 | * namespaceIsset() - check to see if a namespace is set |
| 685 | * |
| 686 | * @param string $namespace |
| 687 | * @return bool |
| 688 | */ |
| 689 | public static function namespaceIsset($namespace) |
| 690 | { |
| 691 | return parent::_namespaceIsset($namespace); |
| 692 | } |
| 693 | /** |
| 694 | * namespaceUnset() - unset a namespace or a variable within a namespace |
| 695 | * |
| 696 | * @param string $namespace |
| 697 | * @throws Zend_Session_Exception |
| 698 | * @return void |
| 699 | */ |
| 700 | public static function namespaceUnset($namespace) |
| 701 | { |
| 702 | parent::_namespaceUnset($namespace); |
| 703 | \Zend_Session_Namespace::resetSingleInstance($namespace); |
| 704 | } |
| 705 | /** |
| 706 | * namespaceGet() - get all variables in a namespace |
| 707 | * Deprecated: Use getIterator() in Zend_Session_Namespace. |
| 708 | * |
| 709 | * @param string $namespace |
| 710 | * @return array |
| 711 | */ |
| 712 | public static function namespaceGet($namespace) |
| 713 | { |
| 714 | return parent::_namespaceGetAll($namespace); |
| 715 | } |
| 716 | /** |
| 717 | * getIterator() - return an iteratable object for use in foreach and the like, |
| 718 | * this completes the IteratorAggregate interface |
| 719 | * |
| 720 | * @throws Zend_Session_Exception |
| 721 | * @return ArrayObject |
| 722 | */ |
| 723 | public static function getIterator() |
| 724 | { |
| 725 | if (parent::$_readable === \false) { |
| 726 | /** @see Zend_Session_Exception */ |
| 727 | // require_once 'Zend/Session/Exception.php'; |
| 728 | throw new \Zend_Session_Exception(parent::_THROW_NOT_READABLE_MSG); |
| 729 | } |
| 730 | $spaces = array(); |
| 731 | if (isset($_SESSION)) { |
| 732 | $spaces = \array_keys($_SESSION); |
| 733 | foreach ($spaces as $key => $space) { |
| 734 | if (!\strncmp($space, '__', 2) || !\is_array($_SESSION[$space])) { |
| 735 | unset($spaces[$key]); |
| 736 | } |
| 737 | } |
| 738 | } |
| 739 | return new \ArrayObject(\array_merge($spaces, \array_keys(parent::$_expiringData))); |
| 740 | } |
| 741 | /** |
| 742 | * isWritable() - returns a boolean indicating if namespaces can write (use setters) |
| 743 | * |
| 744 | * @return bool |
| 745 | */ |
| 746 | public static function isWritable() |
| 747 | { |
| 748 | return parent::$_writable; |
| 749 | } |
| 750 | /** |
| 751 | * isReadable() - returns a boolean indicating if namespaces can write (use setters) |
| 752 | * |
| 753 | * @return bool |
| 754 | */ |
| 755 | public static function isReadable() |
| 756 | { |
| 757 | return parent::$_readable; |
| 758 | } |
| 759 | } |
| 760 | } |
| 761 |