PluginProbe ʕ •ᴥ•ʔ
Matomo Analytics – Powerful, Privacy-First Insights for WordPress / 5.2.0
Matomo Analytics – Powerful, Privacy-First Insights for WordPress v5.2.0
5.11.1 5.11.0 5.10.2 5.10.1 trunk 1.0.2 1.0.3 1.0.4 1.0.5 1.0.6 1.1.0 1.1.1 1.1.2 1.1.3 1.2.0 1.3.0 1.3.1 1.3.2 4.0.0 4.0.1 4.0.2 4.0.3 4.0.4 4.1.0 4.1.1 4.1.2 4.1.3 4.10.0 4.11.0 4.12.0 4.13.0 4.13.2 4.13.3 4.13.4 4.13.5 4.14.0 4.14.1 4.14.2 4.15.0 4.15.1 4.15.2 4.15.3 4.2.0 4.3.0 4.3.1 4.4.1 4.4.2 4.5.0 4.6.0 5.0.1 5.0.2 5.0.3 5.0.4 5.0.5 5.0.6 5.0.7 5.0.8 5.1.0 5.1.1 5.1.2 5.1.3 5.1.4 5.1.5 5.1.6 5.1.7 5.10.0 5.2.0 5.2.1 5.2.2 5.3.0 5.3.1 5.3.2 5.3.3 5.6.0 5.6.1 5.7.0 5.7.1 5.8.0 5.8.1 5.8.2
matomo / app / libs / Zend / Session.php
matomo / app / libs / Zend Last commit date
Db 1 year ago Session 1 year ago Config.php 2 years ago Db.php 2 years ago Exception.php 1 year ago LICENSE.txt 6 years ago Registry.php 2 years ago Session.php 1 year ago Version.php 2 years ago
Session.php
761 lines
1 <?php
2
3 namespace {
4 /**
5 * Zend Framework
6 *
7 * LICENSE
8 *
9 * This source file is subject to the new BSD license that is bundled
10 * with this package in the file LICENSE.txt.
11 * It is also available through the world-wide-web at this URL:
12 * http://framework.zend.com/license/new-bsd
13 * If you did not receive a copy of the license and are unable to
14 * obtain it through the world-wide-web, please send an email
15 * to license@zend.com so we can send you a copy immediately.
16 *
17 * @category Zend
18 * @package Zend_Session
19 * @copyright Copyright (c) 2005-2011 Zend Technologies USA Inc. (http://www.zend.com)
20 * @license http://framework.zend.com/license/new-bsd New BSD License
21 * @version $Id: Session.php 24196 2011-07-05 15:58:11Z matthew $
22 * @since Preview Release 0.2
23 */
24 /**
25 * @see Zend_Session_Abstract
26 */
27 // require_once 'Zend/Session/Abstract.php';
28 /**
29 * @see Zend_Session_Namespace
30 */
31 // require_once 'Zend/Session/Namespace.php';
32 /**
33 * Zend_Session
34 *
35 * @category Zend
36 * @package Zend_Session
37 * @copyright Copyright (c) 2005-2011 Zend Technologies USA Inc. (http://www.zend.com)
38 * @license http://framework.zend.com/license/new-bsd New BSD License
39 */
40 class Zend_Session extends \Zend_Session_Abstract
41 {
42 /**
43 * Whether or not Zend_Session is being used with unit tests
44 *
45 * @internal
46 * @var bool
47 */
48 public static $_unitTestEnabled = \false;
49 /**
50 * $_throwStartupException
51 *
52 * @var bool|bitset This could also be a combiniation of error codes to catch
53 */
54 protected static $_throwStartupExceptions = \true;
55 /**
56 * Check whether or not the session was started
57 *
58 * @var bool
59 */
60 private static $_sessionStarted = \false;
61 /**
62 * Whether or not the session id has been regenerated this request.
63 *
64 * Id regeneration state
65 * <0 - regenerate requested when session is started
66 * 0 - do nothing
67 * >0 - already called session_regenerate_id()
68 *
69 * @var int
70 */
71 private static $_regenerateIdState = 0;
72 /**
73 * Private list of php's ini values for ext/session
74 * null values will default to the php.ini value, otherwise
75 * the value below will overwrite the default ini value, unless
76 * the user has set an option explicity with setOptions()
77 *
78 * @var array
79 */
80 private static $_defaultOptions = array(
81 'save_path' => null,
82 'name' => null,
83 /* this should be set to a unique value for each application */
84 'save_handler' => null,
85 //'auto_start' => null, /* intentionally excluded (see manual) */
86 'gc_probability' => null,
87 'gc_divisor' => null,
88 'gc_maxlifetime' => null,
89 'serialize_handler' => null,
90 'cookie_lifetime' => null,
91 'cookie_path' => null,
92 'cookie_domain' => null,
93 'cookie_secure' => null,
94 'cookie_httponly' => null,
95 'use_cookies' => null,
96 'use_only_cookies' => 'on',
97 'referer_check' => null,
98 'entropy_file' => null,
99 'entropy_length' => null,
100 'cache_limiter' => null,
101 'cache_expire' => null,
102 'use_trans_sid' => null,
103 'bug_compat_42' => null,
104 'bug_compat_warn' => null,
105 'hash_function' => null,
106 'hash_bits_per_character' => null,
107 );
108 /**
109 * List of options pertaining to Zend_Session that can be set by developers
110 * using Zend_Session::setOptions(). This list intentionally duplicates
111 * the individual declaration of static "class" variables by the same names.
112 *
113 * @var array
114 */
115 private static $_localOptions = array('strict' => '_strict', 'remember_me_seconds' => '_rememberMeSeconds', 'throw_startup_exceptions' => '_throwStartupExceptions');
116 /**
117 * Whether or not write close has been performed.
118 *
119 * @var bool
120 */
121 private static $_writeClosed = \false;
122 /**
123 * Whether or not session id cookie has been deleted
124 *
125 * @var bool
126 */
127 private static $_sessionCookieDeleted = \false;
128 /**
129 * Whether or not session has been destroyed via session_destroy()
130 *
131 * @var bool
132 */
133 private static $_destroyed = \false;
134 /**
135 * Whether or not session must be initiated before usage
136 *
137 * @var bool
138 */
139 private static $_strict = \false;
140 /**
141 * Default number of seconds the session will be remembered for when asked to be remembered
142 *
143 * @var int
144 */
145 private static $_rememberMeSeconds = 1209600;
146 // 2 weeks
147 /**
148 * Whether the default options listed in Zend_Session::$_localOptions have been set
149 *
150 * @var bool
151 */
152 private static $_defaultOptionsSet = \false;
153 /**
154 * A reference to the set session save handler
155 *
156 * @var \SessionHandlerInterface
157 */
158 private static $_saveHandler = null;
159 /**
160 * Constructor overriding - make sure that a developer cannot instantiate
161 */
162 protected function __construct()
163 {
164 }
165 /**
166 * setOptions - set both the class specified
167 *
168 * @param array $userOptions - pass-by-keyword style array of <option name, option value> pairs
169 * @throws Zend_Session_Exception
170 * @return void
171 */
172 public static function setOptions(array $userOptions = array())
173 {
174 // set default options on first run only (before applying user settings)
175 if (!self::$_defaultOptionsSet) {
176 foreach (self::$_defaultOptions as $defaultOptionName => $defaultOptionValue) {
177 if (isset(self::$_defaultOptions[$defaultOptionName])) {
178 @\ini_set("session.{$defaultOptionName}", $defaultOptionValue);
179 }
180 }
181 self::$_defaultOptionsSet = \true;
182 }
183 // set the options the user has requested to set
184 foreach ($userOptions as $userOptionName => $userOptionValue) {
185 $userOptionName = \strtolower($userOptionName);
186 // set the ini based values
187 if (\array_key_exists($userOptionName, self::$_defaultOptions)) {
188 @\ini_set("session.{$userOptionName}", $userOptionValue);
189 } elseif (isset(self::$_localOptions[$userOptionName])) {
190 self::${self::$_localOptions[$userOptionName]} = $userOptionValue;
191 } else {
192 /** @see Zend_Session_Exception */
193 // require_once 'Zend/Session/Exception.php';
194 throw new \Zend_Session_Exception("Unknown option: {$userOptionName} = {$userOptionValue}");
195 }
196 }
197 }
198 /**
199 * getOptions()
200 *
201 * @param string $optionName OPTIONAL
202 * @return array|string
203 */
204 public static function getOptions($optionName = null)
205 {
206 $options = array();
207 foreach (\ini_get_all('session') as $sysOptionName => $sysOptionValues) {
208 $options[\substr($sysOptionName, 8)] = $sysOptionValues['local_value'];
209 }
210 foreach (self::$_localOptions as $localOptionName => $localOptionMemberName) {
211 $options[$localOptionName] = self::${$localOptionMemberName};
212 }
213 if ($optionName) {
214 if (\array_key_exists($optionName, $options)) {
215 return $options[$optionName];
216 }
217 return null;
218 }
219 return $options;
220 }
221 /**
222 * setSaveHandler() - Session Save Handler assignment
223 *
224 * @param \SessionHandlerInterface $interface
225 * @return void
226 */
227 public static function setSaveHandler(\SessionHandlerInterface $saveHandler)
228 {
229 self::$_saveHandler = $saveHandler;
230 if (self::$_unitTestEnabled) {
231 return;
232 }
233 \session_set_save_handler($saveHandler, \false);
234 }
235 /**
236 * getSaveHandler() - Get the session Save Handler
237 *
238 * @return \SessionHandlerInterface
239 */
240 public static function getSaveHandler()
241 {
242 return self::$_saveHandler;
243 }
244 /**
245 * regenerateId() - Regenerate the session id. Best practice is to call this after
246 * session is started. If called prior to session starting, session id will be regenerated
247 * at start time.
248 *
249 * @throws Zend_Session_Exception
250 * @return void
251 */
252 public static function regenerateId()
253 {
254 if (!self::$_unitTestEnabled && \headers_sent($filename, $linenum)) {
255 /** @see Zend_Session_Exception */
256 // require_once 'Zend/Session/Exception.php';
257 throw new \Zend_Session_Exception("You must call " . __CLASS__ . '::' . __FUNCTION__ . "() before any output has been sent to the browser; output started in {$filename}/{$linenum}");
258 }
259 if (!self::$_sessionStarted) {
260 self::$_regenerateIdState = -1;
261 } else {
262 if (!self::$_unitTestEnabled) {
263 \session_regenerate_id(\true);
264 self::rewriteSessionCookieWithSameSiteDirective();
265 }
266 self::$_regenerateIdState = 1;
267 }
268 }
269 /**
270 * Check if there is a Set-Cookie header present - if so, overwrite it with
271 * a similar header which also includes a SameSite directive. This workaround
272 * is needed because the SameSite property on the session cookie is not supported
273 * by PHP until 7.3.
274 */
275 private static function rewriteSessionCookieWithSameSiteDirective()
276 {
277 $headers = \headers_list();
278 $cookieHeader = '';
279 foreach ($headers as $header) {
280 if (\strpos($header, 'Set-Cookie: ' . \Piwik\Session::SESSION_NAME) === 0) {
281 $cookieHeader = $header;
282 break;
283 }
284 }
285 if (!$cookieHeader) {
286 return;
287 }
288 if (\stripos($cookieHeader, 'SameSite') === \false) {
289 $cookieHeader .= '; SameSite=' . \Piwik\Session::getSameSiteCookieValue();
290 \header($cookieHeader);
291 }
292 }
293 /**
294 * rememberMe() - Write a persistent cookie that expires after a number of seconds in the future. If no number of
295 * seconds is specified, then this defaults to self::$_rememberMeSeconds. Due to clock errors on end users' systems,
296 * large values are recommended to avoid undesirable expiration of session cookies.
297 *
298 * @param int $seconds OPTIONAL specifies TTL for cookie in seconds from present time
299 * @return void
300 */
301 public static function rememberMe($seconds = null)
302 {
303 $seconds = (int) $seconds;
304 $seconds = $seconds > 0 ? $seconds : self::$_rememberMeSeconds;
305 self::rememberUntil($seconds);
306 }
307 /**
308 * forgetMe() - Write a volatile session cookie, removing any persistent cookie that may have existed. The session
309 * would end upon, for example, termination of a web browser program.
310 *
311 * @return void
312 */
313 public static function forgetMe()
314 {
315 self::rememberUntil(0);
316 }
317 /**
318 * rememberUntil() - This method does the work of changing the state of the session cookie and making
319 * sure that it gets resent to the browser via regenerateId()
320 *
321 * @param int $seconds
322 * @return void
323 */
324 public static function rememberUntil($seconds = 0)
325 {
326 if (self::$_unitTestEnabled) {
327 self::regenerateId();
328 return;
329 }
330 $cookieParams = \session_get_cookie_params();
331 \session_set_cookie_params($seconds, $cookieParams['path'], $cookieParams['domain'], $cookieParams['secure']);
332 // normally "rememberMe()" represents a security context change, so should use new session id
333 self::regenerateId();
334 }
335 /**
336 * sessionExists() - whether or not a session exists for the current request
337 *
338 * @return bool
339 */
340 public static function sessionExists()
341 {
342 if (\ini_get('session.use_cookies') == '1' && isset($_COOKIE[\session_name()])) {
343 return \true;
344 } elseif (!empty($_REQUEST[\session_name()])) {
345 return \true;
346 } elseif (self::$_unitTestEnabled) {
347 return \true;
348 }
349 return \false;
350 }
351 /**
352 * Whether or not session has been destroyed via session_destroy()
353 *
354 * @return bool
355 */
356 public static function isDestroyed()
357 {
358 return self::$_destroyed;
359 }
360 /**
361 * start() - Start the session.
362 *
363 * @param bool|array $options OPTIONAL Either user supplied options, or flag indicating if start initiated automatically
364 * @throws Zend_Session_Exception
365 * @return void
366 */
367 public static function start($options = \false)
368 {
369 if (self::$_sessionStarted && self::$_destroyed) {
370 // require_once 'Zend/Session/Exception.php';
371 throw new \Zend_Session_Exception('The session was explicitly destroyed during this request, attempting to re-start is not allowed.');
372 }
373 if (self::$_sessionStarted) {
374 return;
375 // already started
376 }
377 if (\session_status() === \PHP_SESSION_ACTIVE) {
378 parent::$_readable = \true;
379 parent::$_writable = \true;
380 self::$_sessionStarted = \true;
381 return;
382 }
383 // make sure our default options (at the least) have been set
384 if (!self::$_defaultOptionsSet) {
385 self::setOptions(\is_array($options) ? $options : array());
386 }
387 // In strict mode, do not allow auto-starting Zend_Session, such as via "new Zend_Session_Namespace()"
388 if (self::$_strict && $options === \true) {
389 /** @see Zend_Session_Exception */
390 // require_once 'Zend/Session/Exception.php';
391 throw new \Zend_Session_Exception('You must explicitly start the session with Zend_Session::start() when session options are set to strict.');
392 }
393 $filename = $linenum = null;
394 if (!self::$_unitTestEnabled && \headers_sent($filename, $linenum)) {
395 /** @see Zend_Session_Exception */
396 // require_once 'Zend/Session/Exception.php';
397 throw new \Zend_Session_Exception("Session must be started before any output has been sent to the browser;" . " output started in {$filename}/{$linenum}");
398 }
399 /**
400 * Hack to throw exceptions on start instead of php errors
401 * @see http://framework.zend.com/issues/browse/ZF-1325
402 */
403 $errorLevel = \is_int(self::$_throwStartupExceptions) ? self::$_throwStartupExceptions : \E_ALL;
404 /** @see Zend_Session_Exception */
405 if (!self::$_unitTestEnabled) {
406 if (self::$_throwStartupExceptions) {
407 // require_once 'Zend/Session/Exception.php';
408 \set_error_handler(array('Zend_Session_Exception', 'handleSessionStartError'), $errorLevel);
409 }
410 $startedCleanly = \session_start();
411 if (self::$_throwStartupExceptions) {
412 \restore_error_handler();
413 }
414 if (!$startedCleanly || !empty(\Zend_Session_Exception::$sessionStartError)) {
415 if (self::$_throwStartupExceptions) {
416 \set_error_handler(array('Zend_Session_Exception', 'handleSilentWriteClose'), $errorLevel);
417 }
418 \session_write_close();
419 if (self::$_throwStartupExceptions) {
420 \restore_error_handler();
421 throw new \Zend_Session_Exception(__CLASS__ . '::' . __FUNCTION__ . '() - ' . \Zend_Session_Exception::$sessionStartError . ' Warnings: ' . \Zend_Session_Exception::$sessionStartWarning);
422 }
423 }
424 }
425 parent::$_readable = \true;
426 parent::$_writable = \true;
427 self::$_sessionStarted = \true;
428 if (self::$_regenerateIdState === -1) {
429 self::regenerateId();
430 } else {
431 self::rewriteSessionCookieWithSameSiteDirective();
432 }
433 if (isset($_SESSION['data']) && \is_string($_SESSION['data'])) {
434 $_SESSION = \Piwik\Common::safe_unserialize(\base64_decode($_SESSION['data']), [\Piwik\Notification::class]);
435 }
436 // run validators if they exist
437 if (isset($_SESSION['__ZF']['VALID'])) {
438 self::_processValidators();
439 }
440 self::_processStartupMetadataGlobal();
441 }
442 /**
443 * _processGlobalMetadata() - this method initizes the sessions GLOBAL
444 * metadata, mostly global data expiration calculations.
445 *
446 * @return void
447 */
448 private static function _processStartupMetadataGlobal()
449 {
450 // process global metadata
451 if (isset($_SESSION['__ZF'])) {
452 // expire globally expired values
453 foreach ($_SESSION['__ZF'] as $namespace => $namespace_metadata) {
454 // Expire Namespace by Time (ENT)
455 if (isset($namespace_metadata['ENT']) && $namespace_metadata['ENT'] > 0 && \time() > $namespace_metadata['ENT']) {
456 unset($_SESSION[$namespace]);
457 unset($_SESSION['__ZF'][$namespace]);
458 }
459 // Expire Namespace by Global Hop (ENGH) if it wasnt expired above
460 if (isset($_SESSION['__ZF'][$namespace]) && isset($namespace_metadata['ENGH']) && $namespace_metadata['ENGH'] >= 1) {
461 $_SESSION['__ZF'][$namespace]['ENGH']--;
462 if ($_SESSION['__ZF'][$namespace]['ENGH'] === 0) {
463 if (isset($_SESSION[$namespace])) {
464 parent::$_expiringData[$namespace] = $_SESSION[$namespace];
465 unset($_SESSION[$namespace]);
466 }
467 unset($_SESSION['__ZF'][$namespace]);
468 }
469 }
470 // Expire Namespace Variables by Time (ENVT)
471 if (isset($namespace_metadata['ENVT'])) {
472 foreach ($namespace_metadata['ENVT'] as $variable => $time) {
473 if (\time() > $time) {
474 unset($_SESSION[$namespace][$variable]);
475 unset($_SESSION['__ZF'][$namespace]['ENVT'][$variable]);
476 }
477 }
478 if (empty($_SESSION['__ZF'][$namespace]['ENVT'])) {
479 unset($_SESSION['__ZF'][$namespace]['ENVT']);
480 }
481 }
482 // Expire Namespace Variables by Global Hop (ENVGH)
483 if (isset($namespace_metadata['ENVGH'])) {
484 foreach ($namespace_metadata['ENVGH'] as $variable => $hops) {
485 $_SESSION['__ZF'][$namespace]['ENVGH'][$variable]--;
486 if ($_SESSION['__ZF'][$namespace]['ENVGH'][$variable] === 0) {
487 if (isset($_SESSION[$namespace][$variable])) {
488 parent::$_expiringData[$namespace][$variable] = $_SESSION[$namespace][$variable];
489 unset($_SESSION[$namespace][$variable]);
490 }
491 unset($_SESSION['__ZF'][$namespace]['ENVGH'][$variable]);
492 }
493 }
494 if (empty($_SESSION['__ZF'][$namespace]['ENVGH'])) {
495 unset($_SESSION['__ZF'][$namespace]['ENVGH']);
496 }
497 }
498 if (isset($namespace) && empty($_SESSION['__ZF'][$namespace])) {
499 unset($_SESSION['__ZF'][$namespace]);
500 }
501 }
502 }
503 if (isset($_SESSION['__ZF']) && empty($_SESSION['__ZF'])) {
504 unset($_SESSION['__ZF']);
505 }
506 }
507 /**
508 * isStarted() - convenience method to determine if the session is already started.
509 *
510 * @return bool
511 */
512 public static function isStarted()
513 {
514 return self::$_sessionStarted;
515 }
516 /**
517 * isRegenerated() - convenience method to determine if session_regenerate_id()
518 * has been called during this request by Zend_Session.
519 *
520 * @return bool
521 */
522 public static function isRegenerated()
523 {
524 return self::$_regenerateIdState > 0 ? \true : \false;
525 }
526 /**
527 * getId() - get the current session id
528 *
529 * @return string
530 */
531 public static function getId()
532 {
533 return \session_id();
534 }
535 /**
536 * setId() - set an id to a user specified id
537 *
538 * @throws Zend_Session_Exception
539 * @param string $id
540 * @return void
541 */
542 public static function setId($id)
543 {
544 if (!self::$_unitTestEnabled && \defined('SID')) {
545 /** @see Zend_Session_Exception */
546 // require_once 'Zend/Session/Exception.php';
547 throw new \Zend_Session_Exception('The session has already been started. The session id must be set first.');
548 }
549 if (!self::$_unitTestEnabled && \headers_sent($filename, $linenum)) {
550 /** @see Zend_Session_Exception */
551 // require_once 'Zend/Session/Exception.php';
552 throw new \Zend_Session_Exception("You must call " . __CLASS__ . '::' . __FUNCTION__ . "() before any output has been sent to the browser; output started in {$filename}/{$linenum}");
553 }
554 if (!\is_string($id) || $id === '') {
555 /** @see Zend_Session_Exception */
556 // require_once 'Zend/Session/Exception.php';
557 throw new \Zend_Session_Exception('You must provide a non-empty string as a session identifier.');
558 }
559 \session_id($id);
560 }
561 /**
562 * registerValidator() - register a validator that will attempt to validate this session for
563 * every future request
564 *
565 * @param Zend_Session_Validator_Interface $validator
566 * @return void
567 */
568 public static function registerValidator(\Zend_Session_Validator_Interface $validator)
569 {
570 $validator->setup();
571 }
572 /**
573 * stop() - Disable write access. Optionally disable read (not implemented).
574 *
575 * @return void
576 */
577 public static function stop()
578 {
579 parent::$_writable = \false;
580 }
581 /**
582 * writeClose() - Shutdown the sesssion, close writing and detach $_SESSION from the back-end storage mechanism.
583 * This will complete the internal data transformation on this request.
584 *
585 * @param bool $readonly - OPTIONAL remove write access (i.e. throw error if Zend_Session's attempt writes)
586 * @return void
587 */
588 public static function writeClose($readonly = \true)
589 {
590 if (self::$_unitTestEnabled) {
591 return;
592 }
593 if (self::$_writeClosed) {
594 return;
595 }
596 if ($readonly) {
597 parent::$_writable = \false;
598 }
599 if (isset($_SESSION)) {
600 $sessionBkp = $_SESSION;
601 $_SESSION = array('data' => \base64_encode(\serialize($_SESSION)));
602 }
603 \session_write_close();
604 self::$_writeClosed = \true;
605 if (isset($sessionBkp)) {
606 $_SESSION = $sessionBkp;
607 }
608 }
609 /**
610 * destroy() - This is used to destroy session data, and optionally, the session cookie itself
611 *
612 * @param bool $remove_cookie - OPTIONAL remove session id cookie, defaults to true (remove cookie)
613 * @param bool $readonly - OPTIONAL remove write access (i.e. throw error if Zend_Session's attempt writes)
614 * @return void
615 */
616 public static function destroy($remove_cookie = \true, $readonly = \true)
617 {
618 if (self::$_unitTestEnabled) {
619 return;
620 }
621 if (self::$_destroyed) {
622 return;
623 }
624 if ($readonly) {
625 parent::$_writable = \false;
626 }
627 \session_destroy();
628 self::$_destroyed = \true;
629 if ($remove_cookie) {
630 self::expireSessionCookie();
631 }
632 }
633 /**
634 * expireSessionCookie() - Sends an expired session id cookie, causing the client to delete the session cookie
635 *
636 * @return void
637 */
638 public static function expireSessionCookie()
639 {
640 if (self::$_unitTestEnabled) {
641 return;
642 }
643 if (self::$_sessionCookieDeleted) {
644 return;
645 }
646 self::$_sessionCookieDeleted = \true;
647 if (isset($_COOKIE[\session_name()])) {
648 $cookie_params = \session_get_cookie_params();
649 \Piwik\Session::writeCookie(
650 \session_name(),
651 \false,
652 315554400,
653 // strtotime('1980-01-01'),
654 $cookie_params['path'],
655 $cookie_params['domain'],
656 $cookie_params['secure'],
657 \false,
658 \Piwik\Session::getSameSiteCookieValue()
659 );
660 }
661 }
662 /**
663 * _processValidator() - internal function that is called in the existence of VALID metadata
664 *
665 * @throws Zend_Session_Exception
666 * @return void
667 */
668 private static function _processValidators()
669 {
670 foreach ($_SESSION['__ZF']['VALID'] as $validator_name => $valid_data) {
671 if (!\class_exists($validator_name)) {
672 // require_once 'Zend/Loader.php';
673 \Zend_Loader::loadClass($validator_name);
674 }
675 $validator = new $validator_name();
676 if ($validator->validate() === \false) {
677 /** @see Zend_Session_Exception */
678 // require_once 'Zend/Session/Exception.php';
679 throw new \Zend_Session_Exception("This session is not valid according to {$validator_name}.");
680 }
681 }
682 }
683 /**
684 * namespaceIsset() - check to see if a namespace is set
685 *
686 * @param string $namespace
687 * @return bool
688 */
689 public static function namespaceIsset($namespace)
690 {
691 return parent::_namespaceIsset($namespace);
692 }
693 /**
694 * namespaceUnset() - unset a namespace or a variable within a namespace
695 *
696 * @param string $namespace
697 * @throws Zend_Session_Exception
698 * @return void
699 */
700 public static function namespaceUnset($namespace)
701 {
702 parent::_namespaceUnset($namespace);
703 \Zend_Session_Namespace::resetSingleInstance($namespace);
704 }
705 /**
706 * namespaceGet() - get all variables in a namespace
707 * Deprecated: Use getIterator() in Zend_Session_Namespace.
708 *
709 * @param string $namespace
710 * @return array
711 */
712 public static function namespaceGet($namespace)
713 {
714 return parent::_namespaceGetAll($namespace);
715 }
716 /**
717 * getIterator() - return an iteratable object for use in foreach and the like,
718 * this completes the IteratorAggregate interface
719 *
720 * @throws Zend_Session_Exception
721 * @return ArrayObject
722 */
723 public static function getIterator()
724 {
725 if (parent::$_readable === \false) {
726 /** @see Zend_Session_Exception */
727 // require_once 'Zend/Session/Exception.php';
728 throw new \Zend_Session_Exception(parent::_THROW_NOT_READABLE_MSG);
729 }
730 $spaces = array();
731 if (isset($_SESSION)) {
732 $spaces = \array_keys($_SESSION);
733 foreach ($spaces as $key => $space) {
734 if (!\strncmp($space, '__', 2) || !\is_array($_SESSION[$space])) {
735 unset($spaces[$key]);
736 }
737 }
738 }
739 return new \ArrayObject(\array_merge($spaces, \array_keys(parent::$_expiringData)));
740 }
741 /**
742 * isWritable() - returns a boolean indicating if namespaces can write (use setters)
743 *
744 * @return bool
745 */
746 public static function isWritable()
747 {
748 return parent::$_writable;
749 }
750 /**
751 * isReadable() - returns a boolean indicating if namespaces can write (use setters)
752 *
753 * @return bool
754 */
755 public static function isReadable()
756 {
757 return parent::$_readable;
758 }
759 }
760 }
761