mirror of
https://github.com/joomla/joomla-cms.git
synced 2024-07-02 10:03:43 +00:00
Updated Session package
This commit is contained in:
parent
3d6c891997
commit
6111e71738
19
composer.lock
generated
19
composer.lock
generated
|
@ -393,16 +393,16 @@
|
|||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/joomla-framework/session.git",
|
||||
"reference": "144cd6bc1d268e3777963cef6f5f705ebe22d9c0"
|
||||
"reference": "927573d3208cec451b8a61c2916d97a1ef280a32"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/joomla-framework/session/zipball/144cd6bc1d268e3777963cef6f5f705ebe22d9c0",
|
||||
"reference": "144cd6bc1d268e3777963cef6f5f705ebe22d9c0",
|
||||
"url": "https://api.github.com/repos/joomla-framework/session/zipball/927573d3208cec451b8a61c2916d97a1ef280a32",
|
||||
"reference": "927573d3208cec451b8a61c2916d97a1ef280a32",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": ">=5.4|>=7.0"
|
||||
"php": "^5.5.9|~7.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"joomla/database": "~2.0@dev",
|
||||
|
@ -415,9 +415,16 @@
|
|||
"squizlabs/php_codesniffer": "1.*"
|
||||
},
|
||||
"suggest": {
|
||||
"ext-apc": "To use APC cache as a session handler",
|
||||
"ext-apcu": "To use APCu cache as a session handler",
|
||||
"ext-memcache": "To use a Memcache server as a session handler",
|
||||
"ext-memcached": "To use a Memcached server as a session handler",
|
||||
"ext-redis": "To use a Redis server as a session handler",
|
||||
"ext-wincache": "To use WinCache as a session handler",
|
||||
"ext-xcache": "To use XCache as a session handler",
|
||||
"joomla/database": "Install joomla/database if you want to use Database session storage.",
|
||||
"joomla/event": "The joomla/event package is required to use Joomla\\Session\\Session.",
|
||||
"joomla/input": "The joomla/input package is required to use Joomla\\Session\\Session.",
|
||||
"joomla/input": "The joomla/input package is required to use Address and Forwarded session validators.",
|
||||
"paragonie/random_compat": "The paragonie/random_compat package is required to use Joomla\\Session\\Session on PHP 5.x."
|
||||
},
|
||||
"type": "joomla-package",
|
||||
|
@ -442,7 +449,7 @@
|
|||
"joomla",
|
||||
"session"
|
||||
],
|
||||
"time": "2016-05-24 11:57:24"
|
||||
"time": "2016-09-21 10:28:18"
|
||||
},
|
||||
{
|
||||
"name": "joomla/string",
|
||||
|
|
19
libraries/vendor/composer/installed.json
vendored
19
libraries/vendor/composer/installed.json
vendored
|
@ -1028,16 +1028,16 @@
|
|||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/joomla-framework/session.git",
|
||||
"reference": "144cd6bc1d268e3777963cef6f5f705ebe22d9c0"
|
||||
"reference": "927573d3208cec451b8a61c2916d97a1ef280a32"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/joomla-framework/session/zipball/144cd6bc1d268e3777963cef6f5f705ebe22d9c0",
|
||||
"reference": "144cd6bc1d268e3777963cef6f5f705ebe22d9c0",
|
||||
"url": "https://api.github.com/repos/joomla-framework/session/zipball/927573d3208cec451b8a61c2916d97a1ef280a32",
|
||||
"reference": "927573d3208cec451b8a61c2916d97a1ef280a32",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": ">=5.4|>=7.0"
|
||||
"php": "^5.5.9|~7.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"joomla/database": "~2.0@dev",
|
||||
|
@ -1050,12 +1050,19 @@
|
|||
"squizlabs/php_codesniffer": "1.*"
|
||||
},
|
||||
"suggest": {
|
||||
"ext-apc": "To use APC cache as a session handler",
|
||||
"ext-apcu": "To use APCu cache as a session handler",
|
||||
"ext-memcache": "To use a Memcache server as a session handler",
|
||||
"ext-memcached": "To use a Memcached server as a session handler",
|
||||
"ext-redis": "To use a Redis server as a session handler",
|
||||
"ext-wincache": "To use WinCache as a session handler",
|
||||
"ext-xcache": "To use XCache as a session handler",
|
||||
"joomla/database": "Install joomla/database if you want to use Database session storage.",
|
||||
"joomla/event": "The joomla/event package is required to use Joomla\\Session\\Session.",
|
||||
"joomla/input": "The joomla/input package is required to use Joomla\\Session\\Session.",
|
||||
"joomla/input": "The joomla/input package is required to use Address and Forwarded session validators.",
|
||||
"paragonie/random_compat": "The paragonie/random_compat package is required to use Joomla\\Session\\Session on PHP 5.x."
|
||||
},
|
||||
"time": "2016-05-24 11:57:24",
|
||||
"time": "2016-09-21 10:28:18",
|
||||
"type": "joomla-package",
|
||||
"extra": {
|
||||
"branch-alias": {
|
||||
|
|
18
libraries/vendor/joomla/session/src/Exception/InvalidSessionException.php
vendored
Normal file
18
libraries/vendor/joomla/session/src/Exception/InvalidSessionException.php
vendored
Normal file
|
@ -0,0 +1,18 @@
|
|||
<?php
|
||||
/**
|
||||
* Part of the Joomla Framework Session Package
|
||||
*
|
||||
* @copyright Copyright (C) 2005 - 2015 Open Source Matters, Inc. All rights reserved.
|
||||
* @license GNU General Public License version 2 or later; see LICENSE
|
||||
*/
|
||||
|
||||
namespace Joomla\Session\Exception;
|
||||
|
||||
/**
|
||||
* Exception thrown when a session validator fails
|
||||
*
|
||||
* @since __DEPLOY_VERSION__
|
||||
*/
|
||||
class InvalidSessionException extends \RuntimeException
|
||||
{
|
||||
}
|
97
libraries/vendor/joomla/session/src/Session.php
vendored
97
libraries/vendor/joomla/session/src/Session.php
vendored
|
@ -11,7 +11,7 @@ namespace Joomla\Session;
|
|||
use Joomla\Event\DispatcherAwareInterface;
|
||||
use Joomla\Event\DispatcherAwareTrait;
|
||||
use Joomla\Event\DispatcherInterface;
|
||||
use Joomla\Input\Input;
|
||||
use Joomla\Session\Exception\InvalidSessionException;
|
||||
use Joomla\Session\Handler\FilesystemHandler;
|
||||
use Joomla\Session\Storage\NativeStorage;
|
||||
|
||||
|
@ -38,20 +38,12 @@ class Session implements SessionInterface, DispatcherAwareInterface
|
|||
protected $state = 'inactive';
|
||||
|
||||
/**
|
||||
* The Input object.
|
||||
*
|
||||
* @var Input
|
||||
* @since 1.0
|
||||
*/
|
||||
private $input;
|
||||
|
||||
/**
|
||||
* Maximum age of unused session in minutes
|
||||
* Maximum age of unused session in seconds
|
||||
*
|
||||
* @var integer
|
||||
* @since 1.0
|
||||
*/
|
||||
protected $expire = 15;
|
||||
protected $expire = 900;
|
||||
|
||||
/**
|
||||
* The session store object.
|
||||
|
@ -62,29 +54,23 @@ class Session implements SessionInterface, DispatcherAwareInterface
|
|||
protected $store;
|
||||
|
||||
/**
|
||||
* Security policy.
|
||||
* List of checks that will be done.
|
||||
* The session store object.
|
||||
*
|
||||
* Possible values:
|
||||
* - fix_browser
|
||||
* - fix_address
|
||||
*
|
||||
* @var array
|
||||
* @since 1.0
|
||||
* @var ValidatorInterface[]
|
||||
* @since __DEPLOY_VERSION__
|
||||
*/
|
||||
protected $security = array('fix_browser');
|
||||
protected $sessionValidators = array();
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
*
|
||||
* @param Input $input The input object
|
||||
* @param StorageInterface $store A StorageInterface implementation
|
||||
* @param DispatcherInterface $dispatcher DispatcherInterface for the session to use.
|
||||
* @param array $options Optional parameters
|
||||
*
|
||||
* @since 1.0
|
||||
*/
|
||||
public function __construct(Input $input, StorageInterface $store = null, DispatcherInterface $dispatcher = null, array $options = array())
|
||||
public function __construct(StorageInterface $store = null, DispatcherInterface $dispatcher = null, array $options = array())
|
||||
{
|
||||
$this->store = $store ?: new NativeStorage(new FilesystemHandler);
|
||||
|
||||
|
@ -93,17 +79,29 @@ class Session implements SessionInterface, DispatcherAwareInterface
|
|||
$this->setDispatcher($dispatcher);
|
||||
}
|
||||
|
||||
$this->input = $input;
|
||||
|
||||
$this->setOptions($options);
|
||||
|
||||
$this->setState('inactive');
|
||||
}
|
||||
|
||||
/**
|
||||
* Get expiration time in minutes
|
||||
* Adds a validator to the session
|
||||
*
|
||||
* @return integer The session expiration time in minutes
|
||||
* @param ValidatorInterface $validator The session validator
|
||||
*
|
||||
* @return void
|
||||
*
|
||||
* @since __DEPLOY_VERSION__
|
||||
*/
|
||||
public function addValidator(ValidatorInterface $validator)
|
||||
{
|
||||
$this->sessionValidators[] = $validator;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get expiration time in seconds
|
||||
*
|
||||
* @return integer The session expiration time in seconds
|
||||
*
|
||||
* @since 1.0
|
||||
*/
|
||||
|
@ -633,7 +631,7 @@ class Session implements SessionInterface, DispatcherAwareInterface
|
|||
/**
|
||||
* Set the session expiration
|
||||
*
|
||||
* @param integer $expire Maximum age of unused session in minutes
|
||||
* @param integer $expire Maximum age of unused session in seconds
|
||||
*
|
||||
* @return $this
|
||||
*
|
||||
|
@ -715,12 +713,6 @@ class Session implements SessionInterface, DispatcherAwareInterface
|
|||
$this->setExpire($options['expire']);
|
||||
}
|
||||
|
||||
// Get security options
|
||||
if (isset($options['security']))
|
||||
{
|
||||
$this->security = explode(',', $options['security']);
|
||||
}
|
||||
|
||||
// Sync the session maxlifetime
|
||||
ini_set('session.gc_maxlifetime', $this->getExpire());
|
||||
|
||||
|
@ -728,13 +720,9 @@ class Session implements SessionInterface, DispatcherAwareInterface
|
|||
}
|
||||
|
||||
/**
|
||||
* Do some checks for security reason
|
||||
* Do some checks for security reasons
|
||||
*
|
||||
* - timeout check (expire)
|
||||
* - ip-fixiation
|
||||
* - browser-fixiation
|
||||
*
|
||||
* If one check failed, session data has to be cleaned.
|
||||
* If one check fails, session data has to be cleaned.
|
||||
*
|
||||
* @param boolean $restart Reactivate session
|
||||
*
|
||||
|
@ -749,10 +737,6 @@ class Session implements SessionInterface, DispatcherAwareInterface
|
|||
if ($restart)
|
||||
{
|
||||
$this->setState('active');
|
||||
|
||||
$this->set('session.client.address', null);
|
||||
$this->set('session.client.forwarded', null);
|
||||
$this->set('session.client.browser', null);
|
||||
}
|
||||
|
||||
// Check if session has expired
|
||||
|
@ -770,31 +754,18 @@ class Session implements SessionInterface, DispatcherAwareInterface
|
|||
}
|
||||
}
|
||||
|
||||
$remoteAddr = $this->input->server->getString('REMOTE_ADDR', '');
|
||||
|
||||
// Check for client address
|
||||
if (in_array('fix_address', $this->security) && !empty($remoteAddr) && filter_var($remoteAddr, FILTER_VALIDATE_IP) !== false)
|
||||
try
|
||||
{
|
||||
$ip = $this->get('session.client.address');
|
||||
|
||||
if ($ip === null)
|
||||
foreach ($this->sessionValidators as $validator)
|
||||
{
|
||||
$this->set('session.client.address', $remoteAddr);
|
||||
}
|
||||
elseif ($remoteAddr !== $ip)
|
||||
{
|
||||
$this->setState('error');
|
||||
|
||||
return false;
|
||||
$validator->validate($restart);
|
||||
}
|
||||
}
|
||||
|
||||
$xForwardedFor = $this->input->server->getString('HTTP_X_FORWARDED_FOR', '');
|
||||
|
||||
// Record proxy forwarded for in the session in case we need it later
|
||||
if (!empty($xForwardedFor) && filter_var($xForwardedFor, FILTER_VALIDATE_IP) !== false)
|
||||
catch (InvalidSessionException $e)
|
||||
{
|
||||
$this->set('session.client.forwarded', $xForwardedFor);
|
||||
$this->setState('error');
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
|
|
87
libraries/vendor/joomla/session/src/Validator/AddressValidator.php
vendored
Normal file
87
libraries/vendor/joomla/session/src/Validator/AddressValidator.php
vendored
Normal file
|
@ -0,0 +1,87 @@
|
|||
<?php
|
||||
/**
|
||||
* Part of the Joomla Framework Session Package
|
||||
*
|
||||
* @copyright Copyright (C) 2005 - 2015 Open Source Matters, Inc. All rights reserved.
|
||||
* @license GNU General Public License version 2 or later; see LICENSE
|
||||
*/
|
||||
|
||||
namespace Joomla\Session\Validator;
|
||||
|
||||
use Joomla\Input\Input;
|
||||
use Joomla\Session\Exception\InvalidSessionException;
|
||||
use Joomla\Session\SessionInterface;
|
||||
use Joomla\Session\ValidatorInterface;
|
||||
|
||||
/**
|
||||
* Interface for validating a part of the session
|
||||
*
|
||||
* @since __DEPLOY_VERSION__
|
||||
*/
|
||||
class AddressValidator implements ValidatorInterface
|
||||
{
|
||||
/**
|
||||
* The Input object.
|
||||
*
|
||||
* @var Input
|
||||
* @since __DEPLOY_VERSION__
|
||||
*/
|
||||
private $input;
|
||||
|
||||
/**
|
||||
* The session object.
|
||||
*
|
||||
* @var SessionInterface
|
||||
* @since __DEPLOY_VERSION__
|
||||
*/
|
||||
private $session;
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
*
|
||||
* @param Input $input The input object
|
||||
* @param SessionInterface $session DispatcherInterface for the session to use.
|
||||
*
|
||||
* @since __DEPLOY_VERSION__
|
||||
*/
|
||||
public function __construct(Input $input, SessionInterface $session)
|
||||
{
|
||||
$this->input = $input;
|
||||
$this->session = $session;
|
||||
}
|
||||
|
||||
/**
|
||||
* Validates the session throwing a SessionValidationException if there is an invalid property in the exception
|
||||
*
|
||||
* @param boolean $restart Reactivate session
|
||||
*
|
||||
* @return void
|
||||
*
|
||||
* @since __DEPLOY_VERSION__
|
||||
* @throws InvalidSessionException
|
||||
*/
|
||||
public function validate($restart = false)
|
||||
{
|
||||
if ($restart)
|
||||
{
|
||||
$this->session->set('session.client.address', null);
|
||||
}
|
||||
|
||||
$remoteAddr = $this->input->server->getString('REMOTE_ADDR', '');
|
||||
|
||||
// Check for client address
|
||||
if (!empty($remoteAddr) && filter_var($remoteAddr, FILTER_VALIDATE_IP) !== false)
|
||||
{
|
||||
$ip = $this->session->get('session.client.address');
|
||||
|
||||
if ($ip === null)
|
||||
{
|
||||
$this->session->set('session.client.address', $remoteAddr);
|
||||
}
|
||||
elseif ($remoteAddr !== $ip)
|
||||
{
|
||||
throw new InvalidSessionException('Invalid client IP');
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
76
libraries/vendor/joomla/session/src/Validator/ForwardedValidator.php
vendored
Normal file
76
libraries/vendor/joomla/session/src/Validator/ForwardedValidator.php
vendored
Normal file
|
@ -0,0 +1,76 @@
|
|||
<?php
|
||||
/**
|
||||
* Part of the Joomla Framework Session Package
|
||||
*
|
||||
* @copyright Copyright (C) 2005 - 2015 Open Source Matters, Inc. All rights reserved.
|
||||
* @license GNU General Public License version 2 or later; see LICENSE
|
||||
*/
|
||||
|
||||
namespace Joomla\Session\Validator;
|
||||
|
||||
use Joomla\Input\Input;
|
||||
use Joomla\Session\SessionInterface;
|
||||
use Joomla\Session\ValidatorInterface;
|
||||
|
||||
/**
|
||||
* Interface for validating a part of the session
|
||||
*
|
||||
* @since __DEPLOY_VERSION__
|
||||
*/
|
||||
class ForwardedValidator implements ValidatorInterface
|
||||
{
|
||||
/**
|
||||
* The Input object.
|
||||
*
|
||||
* @var Input
|
||||
* @since __DEPLOY_VERSION__
|
||||
*/
|
||||
private $input;
|
||||
|
||||
/**
|
||||
* The session object.
|
||||
*
|
||||
* @var SessionInterface
|
||||
* @since __DEPLOY_VERSION__
|
||||
*/
|
||||
private $session;
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
*
|
||||
* @param Input $input The input object
|
||||
* @param SessionInterface $session DispatcherInterface for the session to use.
|
||||
*
|
||||
* @since __DEPLOY_VERSION__
|
||||
*/
|
||||
public function __construct(Input $input, SessionInterface $session)
|
||||
{
|
||||
$this->input = $input;
|
||||
$this->session = $session;
|
||||
}
|
||||
|
||||
/**
|
||||
* Validates the session throwing a SessionValidationException if there is an invalid property in the exception
|
||||
*
|
||||
* @param boolean $restart Reactivate session
|
||||
*
|
||||
* @return void
|
||||
*
|
||||
* @since __DEPLOY_VERSION__
|
||||
*/
|
||||
public function validate($restart = false)
|
||||
{
|
||||
if ($restart)
|
||||
{
|
||||
$this->session->set('session.client.forwarded', null);
|
||||
}
|
||||
|
||||
$xForwardedFor = $this->input->server->getString('HTTP_X_FORWARDED_FOR', '');
|
||||
|
||||
// Record proxy forwarded for in the session in case we need it later
|
||||
if (!empty($xForwardedFor) && filter_var($xForwardedFor, FILTER_VALIDATE_IP) !== false)
|
||||
{
|
||||
$this->session->set('session.client.forwarded', $xForwardedFor);
|
||||
}
|
||||
}
|
||||
}
|
31
libraries/vendor/joomla/session/src/ValidatorInterface.php
vendored
Normal file
31
libraries/vendor/joomla/session/src/ValidatorInterface.php
vendored
Normal file
|
@ -0,0 +1,31 @@
|
|||
<?php
|
||||
/**
|
||||
* Part of the Joomla Framework Session Package
|
||||
*
|
||||
* @copyright Copyright (C) 2005 - 2015 Open Source Matters, Inc. All rights reserved.
|
||||
* @license GNU General Public License version 2 or later; see LICENSE
|
||||
*/
|
||||
|
||||
namespace Joomla\Session;
|
||||
|
||||
use Joomla\Session\Exception\InvalidSessionException;
|
||||
|
||||
/**
|
||||
* Interface for validating a part of the session
|
||||
*
|
||||
* @since __DEPLOY_VERSION__
|
||||
*/
|
||||
interface ValidatorInterface
|
||||
{
|
||||
/**
|
||||
* Validates the session throwing a SessionValidationException if there is an invalid property in the exception
|
||||
*
|
||||
* @param boolean $restart Reactivate session
|
||||
*
|
||||
* @return void
|
||||
*
|
||||
* @since __DEPLOY_VERSION__
|
||||
* @throws InvalidSessionException
|
||||
*/
|
||||
public function validate($restart = false);
|
||||
}
|
Loading…
Reference in New Issue
Block a user