joomla/cms
29
0
Fork 0
mirror of https://github.com/joomla/joomla-cms.git synced 2024-07-02 10:03:43 +00:00
Code Packages Releases Activity

Updated Session package

Browse Source
This commit is contained in:
Michael Babker 2016-09-21 11:53:37 -05:00
parent 3d6c891997
commit 6111e71738
7 changed files with 272 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
composer.lock generated
View File

@ -393,16 +393,16 @@
"source": {
"type": "git",
"url": "https://github.com/joomla-framework/session.git",
"reference": "144cd6bc1d268e3777963cef6f5f705ebe22d9c0"
"reference": "927573d3208cec451b8a61c2916d97a1ef280a32"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/joomla-framework/session/zipball/144cd6bc1d268e3777963cef6f5f705ebe22d9c0",
"reference": "144cd6bc1d268e3777963cef6f5f705ebe22d9c0",
"url": "https://api.github.com/repos/joomla-framework/session/zipball/927573d3208cec451b8a61c2916d97a1ef280a32",
"reference": "927573d3208cec451b8a61c2916d97a1ef280a32",
"shasum": ""
},
"require": {
"php": ">=5.4|>=7.0"
"php": "^5.5.9|~7.0"
},
"require-dev": {
"joomla/database": "~2.0@dev",
@ -415,9 +415,16 @@
"squizlabs/php_codesniffer": "1.*"
},
"suggest": {
"ext-apc": "To use APC cache as a session handler",
"ext-apcu": "To use APCu cache as a session handler",
"ext-memcache": "To use a Memcache server as a session handler",
"ext-memcached": "To use a Memcached server as a session handler",
"ext-redis": "To use a Redis server as a session handler",
"ext-wincache": "To use WinCache as a session handler",
"ext-xcache": "To use XCache as a session handler",
"joomla/database": "Install joomla/database if you want to use Database session storage.",
"joomla/event": "The joomla/event package is required to use Joomla\\Session\\Session.",
"joomla/input": "The joomla/input package is required to use Joomla\\Session\\Session.",
"joomla/input": "The joomla/input package is required to use Address and Forwarded session validators.",
"paragonie/random_compat": "The paragonie/random_compat package is required to use Joomla\\Session\\Session on PHP 5.x."
},
"type": "joomla-package",
@ -442,7 +449,7 @@
"joomla",
"session"
],
"time": "2016-05-24 11:57:24"
"time": "2016-09-21 10:28:18"
},
{
"name": "joomla/string",

19
libraries/vendor/composer/installed.json vendored
View File

@ -1028,16 +1028,16 @@
"source": {
"type": "git",
"url": "https://github.com/joomla-framework/session.git",
"reference": "144cd6bc1d268e3777963cef6f5f705ebe22d9c0"
"reference": "927573d3208cec451b8a61c2916d97a1ef280a32"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/joomla-framework/session/zipball/144cd6bc1d268e3777963cef6f5f705ebe22d9c0",
"reference": "144cd6bc1d268e3777963cef6f5f705ebe22d9c0",
"url": "https://api.github.com/repos/joomla-framework/session/zipball/927573d3208cec451b8a61c2916d97a1ef280a32",
"reference": "927573d3208cec451b8a61c2916d97a1ef280a32",
"shasum": ""
},
"require": {
"php": ">=5.4|>=7.0"
"php": "^5.5.9|~7.0"
},
"require-dev": {
"joomla/database": "~2.0@dev",
@ -1050,12 +1050,19 @@
"squizlabs/php_codesniffer": "1.*"
},
"suggest": {
"ext-apc": "To use APC cache as a session handler",
"ext-apcu": "To use APCu cache as a session handler",
"ext-memcache": "To use a Memcache server as a session handler",
"ext-memcached": "To use a Memcached server as a session handler",
"ext-redis": "To use a Redis server as a session handler",
"ext-wincache": "To use WinCache as a session handler",
"ext-xcache": "To use XCache as a session handler",
"joomla/database": "Install joomla/database if you want to use Database session storage.",
"joomla/event": "The joomla/event package is required to use Joomla\\Session\\Session.",
"joomla/input": "The joomla/input package is required to use Joomla\\Session\\Session.",
"joomla/input": "The joomla/input package is required to use Address and Forwarded session validators.",
"paragonie/random_compat": "The paragonie/random_compat package is required to use Joomla\\Session\\Session on PHP 5.x."
},
"time": "2016-05-24 11:57:24",
"time": "2016-09-21 10:28:18",
"type": "joomla-package",
"extra": {
"branch-alias": {

18
libraries/vendor/joomla/session/src/Exception/InvalidSessionException.php vendored Normal file
View File

@ -0,0 +1,18 @@
<?php
/**
* Part of the Joomla Framework Session Package
*
* @copyright Copyright (C) 2005 - 2015 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE
*/
namespace Joomla\Session\Exception;
/**
* Exception thrown when a session validator fails
*
* @since __DEPLOY_VERSION__
*/
class InvalidSessionException extends \RuntimeException
{
}

97
libraries/vendor/joomla/session/src/Session.php vendored
View File

@ -11,7 +11,7 @@ namespace Joomla\Session;
use Joomla\Event\DispatcherAwareInterface;
use Joomla\Event\DispatcherAwareTrait;
use Joomla\Event\DispatcherInterface;
use Joomla\Input\Input;
use Joomla\Session\Exception\InvalidSessionException;
use Joomla\Session\Handler\FilesystemHandler;
use Joomla\Session\Storage\NativeStorage;
@ -38,20 +38,12 @@ class Session implements SessionInterface, DispatcherAwareInterface
protected $state = 'inactive';
/**
* The Input object.
*
* @var Input
* @since 1.0
*/
private $input;
/**
* Maximum age of unused session in minutes
* Maximum age of unused session in seconds
*
* @var integer
* @since 1.0
*/
protected $expire = 15;
protected $expire = 900;
/**
* The session store object.
@ -62,29 +54,23 @@ class Session implements SessionInterface, DispatcherAwareInterface
protected $store;
/**
* Security policy.
* List of checks that will be done.
* The session store object.
*
* Possible values:
* - fix_browser
* - fix_address
*
* @var array
* @since 1.0
* @var ValidatorInterface[]
* @since __DEPLOY_VERSION__
*/
protected $security = array('fix_browser');
protected $sessionValidators = array();
/**
* Constructor
*
* @param Input $input The input object
* @param StorageInterface $store A StorageInterface implementation
* @param DispatcherInterface $dispatcher DispatcherInterface for the session to use.
* @param array $options Optional parameters
*
* @since 1.0
*/
public function __construct(Input $input, StorageInterface $store = null, DispatcherInterface $dispatcher = null, array $options = array())
public function __construct(StorageInterface $store = null, DispatcherInterface $dispatcher = null, array $options = array())
{
$this->store = $store ?: new NativeStorage(new FilesystemHandler);
@ -93,17 +79,29 @@ class Session implements SessionInterface, DispatcherAwareInterface
$this->setDispatcher($dispatcher);
}
$this->input = $input;
$this->setOptions($options);
$this->setState('inactive');
}
/**
* Get expiration time in minutes
* Adds a validator to the session
*
* @return integer The session expiration time in minutes
* @param ValidatorInterface $validator The session validator
*
* @return void
*
* @since __DEPLOY_VERSION__
*/
public function addValidator(ValidatorInterface $validator)
{
$this->sessionValidators[] = $validator;
}
/**
* Get expiration time in seconds
*
* @return integer The session expiration time in seconds
*
* @since 1.0
*/
@ -633,7 +631,7 @@ class Session implements SessionInterface, DispatcherAwareInterface
/**
* Set the session expiration
*
* @param integer $expire Maximum age of unused session in minutes
* @param integer $expire Maximum age of unused session in seconds
*
* @return $this
*
@ -715,12 +713,6 @@ class Session implements SessionInterface, DispatcherAwareInterface
$this->setExpire($options['expire']);
}
// Get security options
if (isset($options['security']))
{
$this->security = explode(',', $options['security']);
}
// Sync the session maxlifetime
ini_set('session.gc_maxlifetime', $this->getExpire());
@ -728,13 +720,9 @@ class Session implements SessionInterface, DispatcherAwareInterface
}
/**
* Do some checks for security reason
* Do some checks for security reasons
*
* - timeout check (expire)
* - ip-fixiation
* - browser-fixiation
*
* If one check failed, session data has to be cleaned.
* If one check fails, session data has to be cleaned.
*
* @param boolean $restart Reactivate session
*
@ -749,10 +737,6 @@ class Session implements SessionInterface, DispatcherAwareInterface
if ($restart)
{
$this->setState('active');
$this->set('session.client.address', null);
$this->set('session.client.forwarded', null);
$this->set('session.client.browser', null);
}
// Check if session has expired
@ -770,31 +754,18 @@ class Session implements SessionInterface, DispatcherAwareInterface
}
}
$remoteAddr = $this->input->server->getString('REMOTE_ADDR', '');
// Check for client address
if (in_array('fix_address', $this->security) && !empty($remoteAddr) && filter_var($remoteAddr, FILTER_VALIDATE_IP) !== false)
try
{
$ip = $this->get('session.client.address');
if ($ip === null)
foreach ($this->sessionValidators as $validator)
{
$this->set('session.client.address', $remoteAddr);
}
elseif ($remoteAddr !== $ip)
{
$this->setState('error');
return false;
$validator->validate($restart);
}
}
$xForwardedFor = $this->input->server->getString('HTTP_X_FORWARDED_FOR', '');
// Record proxy forwarded for in the session in case we need it later
if (!empty($xForwardedFor) && filter_var($xForwardedFor, FILTER_VALIDATE_IP) !== false)
catch (InvalidSessionException $e)
{
$this->set('session.client.forwarded', $xForwardedFor);
$this->setState('error');
return false;
}
return true;

87
libraries/vendor/joomla/session/src/Validator/AddressValidator.php vendored Normal file
View File

@ -0,0 +1,87 @@
<?php
/**
* Part of the Joomla Framework Session Package
*
* @copyright Copyright (C) 2005 - 2015 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE
*/
namespace Joomla\Session\Validator;
use Joomla\Input\Input;
use Joomla\Session\Exception\InvalidSessionException;
use Joomla\Session\SessionInterface;
use Joomla\Session\ValidatorInterface;
/**
* Interface for validating a part of the session
*
* @since __DEPLOY_VERSION__
*/
class AddressValidator implements ValidatorInterface
{
/**
* The Input object.
*
* @var Input
* @since __DEPLOY_VERSION__
*/
private $input;
/**
* The session object.
*
* @var SessionInterface
* @since __DEPLOY_VERSION__
*/
private $session;
/**
* Constructor
*
* @param Input $input The input object
* @param SessionInterface $session DispatcherInterface for the session to use.
*
* @since __DEPLOY_VERSION__
*/
public function __construct(Input $input, SessionInterface $session)
{
$this->input = $input;
$this->session = $session;
}
/**
* Validates the session throwing a SessionValidationException if there is an invalid property in the exception
*
* @param boolean $restart Reactivate session
*
* @return void
*
* @since __DEPLOY_VERSION__
* @throws InvalidSessionException
*/
public function validate($restart = false)
{
if ($restart)
{
$this->session->set('session.client.address', null);
}
$remoteAddr = $this->input->server->getString('REMOTE_ADDR', '');
// Check for client address
if (!empty($remoteAddr) && filter_var($remoteAddr, FILTER_VALIDATE_IP) !== false)
{
$ip = $this->session->get('session.client.address');
if ($ip === null)
{
$this->session->set('session.client.address', $remoteAddr);
}
elseif ($remoteAddr !== $ip)
{
throw new InvalidSessionException('Invalid client IP');
}
}
}
}

76
libraries/vendor/joomla/session/src/Validator/ForwardedValidator.php vendored Normal file
View File

@ -0,0 +1,76 @@
<?php
/**
* Part of the Joomla Framework Session Package
*
* @copyright Copyright (C) 2005 - 2015 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE
*/
namespace Joomla\Session\Validator;
use Joomla\Input\Input;
use Joomla\Session\SessionInterface;
use Joomla\Session\ValidatorInterface;
/**
* Interface for validating a part of the session
*
* @since __DEPLOY_VERSION__
*/
class ForwardedValidator implements ValidatorInterface
{
/**
* The Input object.
*
* @var Input
* @since __DEPLOY_VERSION__
*/
private $input;
/**
* The session object.
*
* @var SessionInterface
* @since __DEPLOY_VERSION__
*/
private $session;
/**
* Constructor
*
* @param Input $input The input object
* @param SessionInterface $session DispatcherInterface for the session to use.
*
* @since __DEPLOY_VERSION__
*/
public function __construct(Input $input, SessionInterface $session)
{
$this->input = $input;
$this->session = $session;
}
/**
* Validates the session throwing a SessionValidationException if there is an invalid property in the exception
*
* @param boolean $restart Reactivate session
*
* @return void
*
* @since __DEPLOY_VERSION__
*/
public function validate($restart = false)
{
if ($restart)
{
$this->session->set('session.client.forwarded', null);
}
$xForwardedFor = $this->input->server->getString('HTTP_X_FORWARDED_FOR', '');
// Record proxy forwarded for in the session in case we need it later
if (!empty($xForwardedFor) && filter_var($xForwardedFor, FILTER_VALIDATE_IP) !== false)
{
$this->session->set('session.client.forwarded', $xForwardedFor);
}
}
}

31
libraries/vendor/joomla/session/src/ValidatorInterface.php vendored Normal file
View File

@ -0,0 +1,31 @@
<?php
/**
* Part of the Joomla Framework Session Package
*
* @copyright Copyright (C) 2005 - 2015 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE
*/
namespace Joomla\Session;
use Joomla\Session\Exception\InvalidSessionException;
/**
* Interface for validating a part of the session
*
* @since __DEPLOY_VERSION__
*/
interface ValidatorInterface
{
/**
* Validates the session throwing a SessionValidationException if there is an invalid property in the exception
*
* @param boolean $restart Reactivate session
*
* @return void
*
* @since __DEPLOY_VERSION__
* @throws InvalidSessionException
*/
public function validate($restart = false);
}