123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337 |
- <?php
- /**
- * elFinder - file manager for web.
- * Session Wrapper Class.
- *
- * @package elfinder
- * @author Naoki Sawada
- **/
- class elFinderSession implements elFinderSessionInterface
- {
- /**
- * A flag of session started
- *
- * @var boolean
- */
- protected $started = false;
- /**
- * To fix PHP bug that duplicate Set-Cookie header to be sent
- *
- * @var boolean
- * @see https://bugs.php.net/bug.php?id=75554
- */
- protected $fixCookieRegist = false;
- /**
- * Array of session keys of this instance
- *
- * @var array
- */
- protected $keys = array();
- /**
- * Is enabled base64encode
- *
- * @var boolean
- */
- protected $base64encode = false;
- /**
- * Default options array
- *
- * @var array
- */
- protected $opts = array(
- 'base64encode' => false,
- 'keys' => array(
- 'default' => 'elFinderCaches',
- 'netvolume' => 'elFinderNetVolumes'
- ),
- 'cookieParams' => array()
- );
- /**
- * Constractor
- *
- * @param array $opts The options
- *
- * @return self Instanse of this class
- */
- public function __construct($opts)
- {
- $this->opts = array_merge($this->opts, $opts);
- $this->base64encode = !empty($this->opts['base64encode']);
- $this->keys = $this->opts['keys'];
- if (function_exists('apache_get_version') || $this->opts['cookieParams']) {
- $this->fixCookieRegist = true;
- }
- return $this;
- }
- /**
- * {@inheritdoc}
- */
- public function get($key, $empty = null)
- {
- $closed = false;
- if (!$this->started) {
- $closed = true;
- $this->start();
- }
- $data = null;
- if ($this->started) {
- $session =& $this->getSessionRef($key);
- $data = $session;
- if ($data && $this->base64encode) {
- $data = $this->decodeData($data);
- }
- }
- $checkFn = null;
- if (!is_null($empty)) {
- if (is_string($empty)) {
- $checkFn = 'is_string';
- } elseif (is_array($empty)) {
- $checkFn = 'is_array';
- } elseif (is_object($empty)) {
- $checkFn = 'is_object';
- } elseif (is_float($empty)) {
- $checkFn = 'is_float';
- } elseif (is_int($empty)) {
- $checkFn = 'is_int';
- }
- }
- if (is_null($data) || ($checkFn && !$checkFn($data))) {
- $session = $data = $empty;
- }
- if ($closed) {
- $this->close();
- }
- return $data;
- }
- /**
- * {@inheritdoc}
- */
- public function start()
- {
- set_error_handler(array($this, 'session_start_error'), E_NOTICE | E_WARNING);
- // apache2 SAPI has a bug of session cookie register
- // see https://bugs.php.net/bug.php?id=75554
- // see https://github.com/php/php-src/pull/3231
- if ($this->fixCookieRegist === true) {
- if ((int)ini_get('session.use_cookies') === 1) {
- if (ini_set('session.use_cookies', 0) === false) {
- $this->fixCookieRegist === false;
- }
- }
- }
- if (version_compare(PHP_VERSION, '5.4.0', '>=')) {
- if (session_status() !== PHP_SESSION_ACTIVE) {
- session_start();
- }
- } else {
- session_start();
- }
- $this->started = session_id() ? true : false;
- restore_error_handler();
- return $this;
- }
- /**
- * Get variable reference of $_SESSION
- *
- * @param string $key key of $_SESSION array
- *
- * @return mixed|null
- */
- protected function & getSessionRef($key)
- {
- $session = null;
- if ($this->started) {
- list($cat, $name) = array_pad(explode('.', $key, 2), 2, null);
- if (is_null($name)) {
- if (!isset($this->keys[$cat])) {
- $name = $cat;
- $cat = 'default';
- }
- }
- if (isset($this->keys[$cat])) {
- $cat = $this->keys[$cat];
- } else {
- $name = $cat . '.' . $name;
- $cat = $this->keys['default'];
- }
- if (is_null($name)) {
- if (!isset($_SESSION[$cat])) {
- $_SESSION[$cat] = null;
- }
- $session =& $_SESSION[$cat];
- } else {
- if (!isset($_SESSION[$cat]) || !is_array($_SESSION[$cat])) {
- $_SESSION[$cat] = array();
- }
- if (!isset($_SESSION[$cat][$name])) {
- $_SESSION[$cat][$name] = null;
- }
- $session =& $_SESSION[$cat][$name];
- }
- }
- return $session;
- }
- /**
- * base64 decode of session val
- *
- * @param $data
- *
- * @return bool|mixed|string|null
- */
- protected function decodeData($data)
- {
- if ($this->base64encode) {
- if (is_string($data)) {
- if (($data = base64_decode($data)) !== false) {
- $data = unserialize($data);
- } else {
- $data = null;
- }
- } else {
- $data = null;
- }
- }
- return $data;
- }
- /**
- * {@inheritdoc}
- */
- public function close()
- {
- if ($this->started) {
- if ($this->fixCookieRegist === true) {
- // regist cookie only once for apache2 SAPI
- $cParm = session_get_cookie_params();
- if ($this->opts['cookieParams'] && is_array($this->opts['cookieParams'])) {
- $cParm = array_merge($cParm, $this->opts['cookieParams']);
- }
- if (version_compare(PHP_VERSION, '7.3', '<')) {
- setcookie(session_name(), session_id(), 0, $cParm['path'] . (!empty($cParm['SameSite'])? '; SameSite=' . $cParm['SameSite'] : ''), $cParm['domain'], $cParm['secure'], $cParm['httponly']);
- } else {
- $allows = array('expires' => true, 'path' => true, 'domain' => true, 'secure' => true, 'httponly' => true, 'samesite' => true);
- foreach(array_keys($cParm) as $_k) {
- if (!isset($allows[$_k])) {
- unset($cParm[$_k]);
- }
- }
- setcookie(session_name(), session_id(), $cParm);
- }
- $this->fixCookieRegist = false;
- }
- session_write_close();
- }
- $this->started = false;
- return $this;
- }
- /**
- * {@inheritdoc}
- */
- public function set($key, $data)
- {
- $closed = false;
- if (!$this->started) {
- $closed = true;
- $this->start();
- }
- $session =& $this->getSessionRef($key);
- if ($this->base64encode) {
- $data = $this->encodeData($data);
- }
- $session = $data;
- if ($closed) {
- $this->close();
- }
- return $this;
- }
- /**
- * base64 encode for session val
- *
- * @param $data
- *
- * @return string
- */
- protected function encodeData($data)
- {
- if ($this->base64encode) {
- $data = base64_encode(serialize($data));
- }
- return $data;
- }
- /**
- * {@inheritdoc}
- */
- public function remove($key)
- {
- $closed = false;
- if (!$this->started) {
- $closed = true;
- $this->start();
- }
- list($cat, $name) = array_pad(explode('.', $key, 2), 2, null);
- if (is_null($name)) {
- if (!isset($this->keys[$cat])) {
- $name = $cat;
- $cat = 'default';
- }
- }
- if (isset($this->keys[$cat])) {
- $cat = $this->keys[$cat];
- } else {
- $name = $cat . '.' . $name;
- $cat = $this->keys['default'];
- }
- if (is_null($name)) {
- unset($_SESSION[$cat]);
- } else {
- if (isset($_SESSION[$cat]) && is_array($_SESSION[$cat])) {
- unset($_SESSION[$cat][$name]);
- }
- }
- if ($closed) {
- $this->close();
- }
- return $this;
- }
- /**
- * sessioin error handler (Only for suppression of error at session start)
- *
- * @param $errno
- * @param $errstr
- */
- protected function session_start_error($errno, $errstr)
- {
- }
- }
|