diff options
author | Christophe.Boulain <> | 2010-01-14 12:42:44 +0000 |
---|---|---|
committer | Christophe.Boulain <> | 2010-01-14 12:42:44 +0000 |
commit | b1f71c1b816615bb8e38728a1c76051c1ef7517f (patch) | |
tree | 007d6cd3ec8c3859308b85363aeda86c67f4bb13 | |
parent | 10b1f048ceca6d875000335056dc6ef2f2a6bfe4 (diff) |
Fixed Issue#86
-rw-r--r-- | HISTORY | 1 | ||||
-rw-r--r-- | framework/Exceptions/messages/messages-fr.txt | 1 | ||||
-rw-r--r-- | framework/Exceptions/messages/messages-id.txt | 1 | ||||
-rw-r--r-- | framework/Exceptions/messages/messages-zh.txt | 1 | ||||
-rw-r--r-- | framework/Exceptions/messages/messages.txt | 1 | ||||
-rw-r--r-- | framework/Web/THttpRequest.php | 6 | ||||
-rw-r--r-- | framework/Web/THttpSession.php | 12 |
7 files changed, 17 insertions, 6 deletions
@@ -1,5 +1,6 @@ Version 3.1.7 To be released BUG: Issue#80 - Inconsistencies in TRegularExpressionValidator (Christophe) +BUG: Issue#86 - THttpSession.CookieMode ignored / Session ID leak (Christophe) BUG: Issue#151 - TTextBox fails to display inital line break (Yves) BUG: Issue#153 - Bug with calls like MyActiveRedorc->withText()->withUser()->find(...) and null result (Christophe) BUG: Issue#157 - Enabled does not work properly on TActiveRadioButton/CheckBoxList controls (Bradley, Carl) diff --git a/framework/Exceptions/messages/messages-fr.txt b/framework/Exceptions/messages/messages-fr.txt index 82507b1a..5dce3812 100644 --- a/framework/Exceptions/messages/messages-fr.txt +++ b/framework/Exceptions/messages/messages-fr.txt @@ -71,6 +71,7 @@ httpsession_autostart_unchangeable = THttpSession.AutoStart ne peut pas être m httpsession_gcprobability_unchangeable = THttpSession.GCProbability ne peut pas être modifié après que la session ait démarré. httpsession_gcprobability_invalid = THttpSession.GCProbability doit être un entier compris entre 0 et 100. httpsession_transid_unchangeable = THttpSession.UseTransparentSessionID ne peut pas être modifié après que la session ait démarré. +httpsession_transid_cookieonly = THttpSession.UseTransparentSessionID ne peut pas être utilisé quand THttpSession.CookieMode est fixé à "Only". httpsession_maxlifetime_unchangeable = THttpSession.Timeout ne peut pas être modifié après que la session ait démarré. assetmanager_basepath_invalid = TAssetManager.BasePath '{0}' est invalide. Vérifier qu'il est bien au format 'namespace' et qu'il pointe bien vers un répertoire accessible en écriture par le propriétaire du processus serveur Web diff --git a/framework/Exceptions/messages/messages-id.txt b/framework/Exceptions/messages/messages-id.txt index fb57a5ba..61699ddd 100644 --- a/framework/Exceptions/messages/messages-id.txt +++ b/framework/Exceptions/messages/messages-id.txt @@ -71,6 +71,7 @@ httpsession_autostart_unchangeable = THttpSession.AutoStart tidak bisa diubah se httpsession_gcprobability_unchangeable = THttpSession.GCProbability tidak bisa diubah setelah sesi dimulai.
httpsession_gcprobability_invalid = THttpSession.GCProbability harus integer antara 0 dan 100.
httpsession_transid_unchangeable = THttpSession.UseTransparentSessionID tidak bisa diubah setelah sesi dimulai.
+httpsession_transid_cookieonly = THttpSession.UseTransparentSessionID cannot be set when THttpSession.CookieMode is set to Only.
httpsession_maxlifetime_unchangeable = THttpSession.Timeout tidak bisa diubah setelah sesi dimulai.
assetmanager_basepath_invalid = TAssetManager.BasePath '{0}' tidak benar. Pastikan ia dalam bentuk namespace dan mengarah ke direktori yang bisa ditulis oleh proses server Web.
diff --git a/framework/Exceptions/messages/messages-zh.txt b/framework/Exceptions/messages/messages-zh.txt index d9a61083..1859aa92 100644 --- a/framework/Exceptions/messages/messages-zh.txt +++ b/framework/Exceptions/messages/messages-zh.txt @@ -76,6 +76,7 @@ httpsession_autostart_unchangeable = THttpSession.AutoStart无法被修改, httpsession_gcprobability_unchangeable = THttpSession.GCProbability无法被修改,因为session已经启动了。 httpsession_gcprobability_invalid = THttpSession.GCProbability必须是个0到100之间的整数。 httpsession_transid_unchangeable = THttpSession.UseTransparentSessionID无法被修改,因为session已经启动了。 +httpsession_transid_cookieonly = THttpSession.UseTransparentSessionID cannot be set when THttpSession.CookieMode is set to Only. httpsession_maxlifetime_unchangeable = THttpSession.Timeout无法被修改,因为session已经启动了。 assetmanager_basepath_invalid = TAssetManager.BasePath所指路径“{0}”非法。请确认它以命名空间方式指定,并且它所对应的文件目录可以被Web服务器进程写入。 diff --git a/framework/Exceptions/messages/messages.txt b/framework/Exceptions/messages/messages.txt index 425979a3..0750c38d 100644 --- a/framework/Exceptions/messages/messages.txt +++ b/framework/Exceptions/messages/messages.txt @@ -76,6 +76,7 @@ httpsession_autostart_unchangeable = THttpSession.AutoStart cannot be modified httpsession_gcprobability_unchangeable = THttpSession.GCProbability cannot be modified after the session is started. httpsession_gcprobability_invalid = THttpSession.GCProbability must be an integer between 0 and 100. httpsession_transid_unchangeable = THttpSession.UseTransparentSessionID cannot be modified after the session is started. +httpsession_transid_cookieonly = THttpSession.UseTransparentSessionID cannot be set when THttpSession.CookieMode is set to Only. httpsession_maxlifetime_unchangeable = THttpSession.Timeout cannot be modified after the session is started. assetmanager_basepath_invalid = TAssetManager.BasePath '{0}' is invalid. Make sure it is in namespace form and points to a directory writable by the Web server process. diff --git a/framework/Web/THttpRequest.php b/framework/Web/THttpRequest.php index 7100a4c5..c3926d08 100644 --- a/framework/Web/THttpRequest.php +++ b/framework/Web/THttpRequest.php @@ -105,7 +105,7 @@ class THttpRequest extends TApplicationComponent implements IteratorAggregate,Ar /** * @var boolean whether the session ID should be kept in cookie only */ - private $_cookieOnly=false; + private $_cookieOnly=null; private $_urlFormat=THttpRequestUrlFormat::Get; private $_services; private $_requestResolved=false; @@ -172,8 +172,6 @@ class THttpRequest extends TApplicationComponent implements IteratorAggregate,Ar $_SERVER['HTTP_USER_AGENT']=''; } - $this->_cookieOnly=(int)ini_get('session.use_cookies') && (int)ini_get('session.use_only_cookies'); - // Info about server variables: // PHP_SELF contains real URI (w/ path info, w/o query string) // SCRIPT_NAME is the real URI for the requested script (w/o path info and query string) @@ -568,6 +566,8 @@ class THttpRequest extends TApplicationComponent implements IteratorAggregate,Ar */ public function constructUrl($serviceID,$serviceParam,$getItems=null,$encodeAmpersand=true,$encodeGetItems=true) { + if ($this->_cookieOnly===null) + $this->_cookieOnly=(int)ini_get('session.use_cookies') && (int)ini_get('session.use_only_cookies'); $url=$this->_urlManager->constructUrl($serviceID,$serviceParam,$getItems,$encodeAmpersand,$encodeGetItems); if(defined('SID') && SID != '' && !$this->_cookieOnly) return $url . (strpos($url,'?')===false? '?' : ($encodeAmpersand?'&':'&')) . SID; diff --git a/framework/Web/THttpSession.php b/framework/Web/THttpSession.php index 96d70704..e9f815e5 100644 --- a/framework/Web/THttpSession.php +++ b/framework/Web/THttpSession.php @@ -4,7 +4,7 @@ *
* @author Qiang Xue <qiang.xue@gmail.com>
* @link http://www.pradosoft.com/
- * @copyright Copyright © 2005-2008 PradoSoft + * @copyright Copyright © 2005-2008 PradoSoft
* @license http://www.pradosoft.com/license/
* @version $Id$
* @package System.Web
@@ -115,7 +115,7 @@ class THttpSession extends TApplicationComponent implements IteratorAggregate,Ar if($this->_autoStart)
$this->open();
$this->_initialized=true;
- $this->getApplication()->setSession($this); + $this->getApplication()->setSession($this);
register_shutdown_function(array($this, "close"));
}
@@ -296,6 +296,7 @@ class THttpSession extends TApplicationComponent implements IteratorAggregate,Ar {
ini_set('session.use_cookies','1');
ini_set('session.use_only_cookies','1');
+ ini_set('session.use_trans_sid', 0);
}
}
}
@@ -366,7 +367,12 @@ class THttpSession extends TApplicationComponent implements IteratorAggregate,Ar if($this->_started)
throw new TInvalidOperationException('httpsession_transid_unchangeable');
else
- ini_set('session.use_trans_sid',TPropertyValue::ensureBoolean($value)?'1':'0');
+ {
+ $value=TPropertyValue::ensureBoolean($value);
+ if ($value && $this->getCookieMode()==THttpSessionCookieMode::Only)
+ throw new TInvalidOperationException('httpsession_transid_cookieonly');
+ ini_set('session.use_trans_sid',$value?'1':'0');
+ }
}
/**
|