AdminNotices.php
5 years ago
AjaxHandler.php
5 years ago
Autologin.php
5 years ago
BuddyPressBbPress.php
5 years ago
EditUserProfile.php
5 years ago
ExtensionManager.php
5 years ago
FileUploader.php
5 years ago
FormPreviewHandler.php
5 years ago
FormRepository.php
5 years ago
FormShortcodeDefaults.php
5 years ago
GDPR.php
5 years ago
GlobalSiteAccess.php
5 years ago
ImageUploader.php
5 years ago
LoginAuth.php
5 years ago
Miscellaneous.php
5 years ago
ModifyRedirectDefaultLinks.php
5 years ago
PPRESS_Session.php
5 years ago
PROFILEPRESS_sql.php
5 years ago
PasswordReset.php
5 years ago
ProfileUrlRewrite.php
5 years ago
RegistrationAuth.php
5 years ago
SendEmail.php
5 years ago
ShortcodeThemeFactory.php
5 years ago
UserAvatar.php
5 years ago
UserSignupLocationListingPage.php
5 years ago
UsernameEmailRestrictLogin.php
5 years ago
WelcomeEmailAfterSignup.php
5 years ago
default-email-template.php
5 years ago
index.php
5 years ago
PPRESS_Session.php
301 lines
| 1 | <?php |
| 2 | |
| 3 | namespace ProfilePress\Core\Classes; |
| 4 | |
| 5 | use WP_Session; |
| 6 | |
| 7 | /** |
| 8 | * This is a wrapper class for WP_Session / PHP $_SESSION |
| 9 | * |
| 10 | * @copyright Copyright (c) 2015, Pippin Williamson |
| 11 | * @license http://opensource.org/licenses/gpl-2.0.php GNU Public License |
| 12 | */ |
| 13 | class PPRESS_Session |
| 14 | { |
| 15 | /** |
| 16 | * Holds our session data |
| 17 | * |
| 18 | * @var array |
| 19 | * @access private |
| 20 | * |
| 21 | */ |
| 22 | private $session; |
| 23 | |
| 24 | /** |
| 25 | * Whether to use PHP $_SESSION or WP_Session |
| 26 | * |
| 27 | * @var bool |
| 28 | * @access private |
| 29 | * |
| 30 | */ |
| 31 | private $use_php_sessions = false; |
| 32 | |
| 33 | /** |
| 34 | * Session index prefix |
| 35 | * |
| 36 | * @var string |
| 37 | * @access private |
| 38 | * @since 2.3 |
| 39 | */ |
| 40 | private $prefix = ''; |
| 41 | |
| 42 | /** |
| 43 | * Get things started |
| 44 | * |
| 45 | * Defines our WP_Session constants, includes the necessary libraries and |
| 46 | * retrieves the WP Session instance |
| 47 | */ |
| 48 | public function __construct() |
| 49 | { |
| 50 | $this->use_php_sessions = $this->use_php_sessions(); |
| 51 | |
| 52 | if ($this->use_php_sessions) { |
| 53 | |
| 54 | if (is_multisite()) { |
| 55 | $this->prefix = '_' . get_current_blog_id(); |
| 56 | } |
| 57 | |
| 58 | // Use PHP SESSION (must be enabled via the PPWP_USE_PHP_SESSIONS constant) |
| 59 | add_action('init', array($this, 'maybe_start_session'), -2); |
| 60 | |
| 61 | } else { |
| 62 | |
| 63 | if ( ! $this->should_start_session()) { |
| 64 | return; |
| 65 | } |
| 66 | |
| 67 | // Use WP_Session (default) |
| 68 | |
| 69 | if ( ! defined('WP_SESSION_COOKIE')) { |
| 70 | define('WP_SESSION_COOKIE', 'ppwp_wp_session'); |
| 71 | } |
| 72 | |
| 73 | if ( ! class_exists('Recursive_ArrayAccess')) { |
| 74 | require_once PROFILEPRESS_SRC . 'lib/wp_session/class-recursive-arrayaccess.php'; |
| 75 | } |
| 76 | |
| 77 | if ( ! class_exists('WP_Session')) { |
| 78 | require_once PROFILEPRESS_SRC . 'lib/wp_session/class-wp-session.php'; |
| 79 | require_once PROFILEPRESS_SRC . 'lib/wp_session/wp-session.php'; |
| 80 | } |
| 81 | } |
| 82 | |
| 83 | if (empty($this->session) && ! $this->use_php_sessions) { |
| 84 | add_action('plugins_loaded', array($this, 'init'), -1); |
| 85 | } else { |
| 86 | add_action('init', array($this, 'init'), -1); |
| 87 | } |
| 88 | } |
| 89 | |
| 90 | /** |
| 91 | * Setup the WP_Session instance |
| 92 | * |
| 93 | * |
| 94 | * @return void |
| 95 | */ |
| 96 | public function init() |
| 97 | { |
| 98 | if ($this->use_php_sessions) { |
| 99 | $this->session = isset($_SESSION['ppwp' . $this->prefix]) && is_array($_SESSION['ppwp' . $this->prefix]) ? $_SESSION['ppwp' . $this->prefix] : array(); |
| 100 | } else { |
| 101 | $this->session = WP_Session::get_instance(); |
| 102 | } |
| 103 | |
| 104 | return $this->session; |
| 105 | } |
| 106 | |
| 107 | /** |
| 108 | * Retrieve a session variable |
| 109 | * |
| 110 | * @param string $key Session key |
| 111 | * |
| 112 | * @return mixed Session variable |
| 113 | */ |
| 114 | public function get($key) |
| 115 | { |
| 116 | $key = sanitize_key($key); |
| 117 | $return = false; |
| 118 | |
| 119 | if (isset($this->session[$key]) && ! empty($this->session[$key])) { |
| 120 | |
| 121 | preg_match('/[oO]\s*:\s*\d+\s*:\s*"\s*(?!(?i)(stdClass))/', $this->session[$key], $matches); |
| 122 | if ( ! empty($matches)) { |
| 123 | $this->set($key, null); |
| 124 | |
| 125 | return false; |
| 126 | } |
| 127 | |
| 128 | if (is_numeric($this->session[$key])) { |
| 129 | $return = $this->session[$key]; |
| 130 | } else { |
| 131 | |
| 132 | $maybe_json = json_decode($this->session[$key]); |
| 133 | |
| 134 | // Since json_last_error is PHP 5.3+, we have to rely on a `null` value for failing to parse JSON. |
| 135 | if (is_null($maybe_json)) { |
| 136 | $is_serialized = is_serialized($this->session[$key]); |
| 137 | if ($is_serialized) { |
| 138 | $value = @unserialize($this->session[$key]); |
| 139 | $this->set($key, (array)$value); |
| 140 | $return = $value; |
| 141 | } else { |
| 142 | $return = $this->session[$key]; |
| 143 | } |
| 144 | } else { |
| 145 | $return = json_decode($this->session[$key], true); |
| 146 | } |
| 147 | } |
| 148 | } |
| 149 | |
| 150 | return $return; |
| 151 | } |
| 152 | |
| 153 | /** |
| 154 | * Set a session variable |
| 155 | * |
| 156 | * @param string $key Session key |
| 157 | * @param int|string|array $value Session variable |
| 158 | * |
| 159 | * @return mixed Session variable |
| 160 | */ |
| 161 | public function set($key, $value) |
| 162 | { |
| 163 | $key = sanitize_key($key); |
| 164 | |
| 165 | if (is_array($value)) { |
| 166 | $this->session[$key] = wp_json_encode($value); |
| 167 | } else { |
| 168 | $this->session[$key] = esc_attr($value); |
| 169 | } |
| 170 | |
| 171 | if ($this->use_php_sessions) { |
| 172 | |
| 173 | $_SESSION['ppwp' . $this->prefix] = $this->session; |
| 174 | } |
| 175 | |
| 176 | return $this->session[$key]; |
| 177 | } |
| 178 | |
| 179 | /** |
| 180 | * Starts a new session if one hasn't started yet. |
| 181 | * |
| 182 | * @return boolean |
| 183 | * |
| 184 | * Checks to see if the server supports PHP sessions |
| 185 | * |
| 186 | * @return boolean $ret True if we are using PHP sessions, false otherwise |
| 187 | * @author Daniel J Griffiths |
| 188 | * @since 2.1 |
| 189 | */ |
| 190 | public function use_php_sessions() |
| 191 | { |
| 192 | $ret = false; |
| 193 | |
| 194 | // Attempt to detect if the server supports PHP sessions |
| 195 | if (function_exists('session_start')) { |
| 196 | |
| 197 | $this->set('ppwp_use_php_sessions', 1); |
| 198 | |
| 199 | if ($this->get('ppwp_use_php_sessions')) { |
| 200 | $ret = true; |
| 201 | } |
| 202 | } |
| 203 | |
| 204 | return $ret; |
| 205 | } |
| 206 | |
| 207 | /** |
| 208 | * Determines if we should start sessions |
| 209 | * |
| 210 | * @return bool |
| 211 | * @since 2.5.11 |
| 212 | */ |
| 213 | public function should_start_session() |
| 214 | { |
| 215 | $start_session = true; |
| 216 | |
| 217 | if ( ! empty($_SERVER['REQUEST_URI'])) { |
| 218 | |
| 219 | $blacklist = $this->get_blacklist(); |
| 220 | $uri = ltrim($_SERVER['REQUEST_URI'], '/'); |
| 221 | $uri = untrailingslashit($uri); |
| 222 | |
| 223 | if (in_array($uri, $blacklist)) { |
| 224 | $start_session = false; |
| 225 | } |
| 226 | |
| 227 | if (false !== strpos($uri, 'feed=')) { |
| 228 | $start_session = false; |
| 229 | } |
| 230 | |
| 231 | if (is_admin() && false === strpos($uri, 'wp-admin/admin-ajax.php')) { |
| 232 | // We do not want to start sessions in the admin unless we're processing an ajax request |
| 233 | $start_session = false; |
| 234 | } |
| 235 | |
| 236 | if (false !== strpos($uri, 'wp_scrape_key')) { |
| 237 | // Starting sessions while saving the file editor can break the save process, so don't start |
| 238 | $start_session = false; |
| 239 | } |
| 240 | } |
| 241 | |
| 242 | return $start_session; |
| 243 | } |
| 244 | |
| 245 | /** |
| 246 | * Retrieve the URI blacklist |
| 247 | * |
| 248 | * These are the URIs where we never start sessions |
| 249 | * |
| 250 | * @return array |
| 251 | * @since 2.5.11 |
| 252 | */ |
| 253 | public function get_blacklist() |
| 254 | { |
| 255 | $blacklist = apply_filters('ppwp_session_start_uri_blacklist', array( |
| 256 | 'feed', |
| 257 | 'feed/rss', |
| 258 | 'feed/rss2', |
| 259 | 'feed/rdf', |
| 260 | 'feed/atom', |
| 261 | 'comments/feed' |
| 262 | )); |
| 263 | |
| 264 | // Look to see if WordPress is in a sub folder or this is a network site that uses sub folders |
| 265 | $folder = str_replace(network_home_url(), '', get_site_url()); |
| 266 | |
| 267 | if ( ! empty($folder)) { |
| 268 | foreach ($blacklist as $path) { |
| 269 | $blacklist[] = $folder . '/' . $path; |
| 270 | } |
| 271 | } |
| 272 | |
| 273 | return $blacklist; |
| 274 | } |
| 275 | |
| 276 | /** |
| 277 | * Starts a new session if one hasn't started yet. |
| 278 | */ |
| 279 | public function maybe_start_session() |
| 280 | { |
| 281 | if ( ! $this->should_start_session()) { |
| 282 | return; |
| 283 | } |
| 284 | |
| 285 | if ( ! session_id() && ! headers_sent()) { |
| 286 | session_start(); |
| 287 | } |
| 288 | } |
| 289 | |
| 290 | public static function get_instance() |
| 291 | { |
| 292 | static $instance = null; |
| 293 | |
| 294 | if (is_null($instance)) { |
| 295 | $instance = new self(); |
| 296 | } |
| 297 | |
| 298 | return $instance; |
| 299 | } |
| 300 | } |
| 301 |