fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-11 04:52:14 +09:00
Code Issues Projects Releases Packages Wiki Activity

Remove $relax_key_checks because we are no longer using Flash uploader

Browse source
This commit is contained in:
Kijin Sung 2022-12-26 01:08:04 +09:00
parent b7a975a54d
commit 426a971c6c
2 changed files with 7 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

3
classes/context/Context.class.php
View file

@ -369,11 +369,10 @@ class Context
} }
// start session // start session
$relax_key_checks = ((self::$_get_vars->act ?? null) === 'procFileUpload' && preg_match('/shockwave\s?flash/i', $_SERVER['HTTP_USER_AGENT'] ?? ''));
if (\PHP_SAPI !== 'cli') if (\PHP_SAPI !== 'cli')
{ {
Rhymix\Framework\Session::checkSSO($site_module_info); Rhymix\Framework\Session::checkSSO($site_module_info);
Rhymix\Framework\Session::start(false, $relax_key_checks); Rhymix\Framework\Session::start(false);
} }
// start output buffer // start output buffer

22
common/framework/session.php
View file

@ -61,10 +61,9 @@ class Session
* There is usually no need to call it manually. * There is usually no need to call it manually.
* *
* @param bool $force (optional) * @param bool $force (optional)
* @param bool $relax_key_checks (optional)
* @return bool * @return bool
*/ */
public static function start($force = false, $relax_key_checks = false) public static function start($force = false)
{ {
// Do not start the session if it is already started. // Do not start the session if it is already started.
if (self::$_started) if (self::$_started)
@ -94,12 +93,6 @@ class Session
session_set_cookie_params($lifetime, $path, $domain, $secure, $secure); session_set_cookie_params($lifetime, $path, $domain, $secure, $secure);
session_name($session_name = Config::get('session.name') ?: session_name()); session_name($session_name = Config::get('session.name') ?: session_name());
// Get session ID from POST parameter if using relaxed key checks.
if ($relax_key_checks && isset($_POST[$session_name]))
{
session_id($_POST[$session_name]);
}
// Check if the session cookie already exists. // Check if the session cookie already exists.
$cookie_exists = isset($_COOKIE[$session_name]); $cookie_exists = isset($_COOKIE[$session_name]);
@ -125,10 +118,7 @@ class Session
// Fetch session keys. // Fetch session keys.
list($key1, $key2, self::$_autologin_key) = self::_getKeys(); list($key1, $key2, self::$_autologin_key) = self::_getKeys();
$must_create = $must_refresh = $must_resend_keys = false; $must_create = $must_refresh = $must_resend_keys = false;
if (config('session.use_keys') === false) $check_keys = config('session.use_keys');
{
$relax_key_checks = true;
}
// Check whether the visitor uses Android webview. // Check whether the visitor uses Android webview.
if (!isset($_SESSION['is_webview'])) if (!isset($_SESSION['is_webview']))
@ -151,7 +141,7 @@ class Session
{ {
$must_resend_keys = true; $must_resend_keys = true;
} }
elseif (!$relax_key_checks && !$_SESSION['is_webview']) elseif ($check_keys && !$_SESSION['is_webview'])
{ {
// Hacked session! Destroy everything. // Hacked session! Destroy everything.
trigger_error('Session is invalid (missing key 1)', \E_USER_WARNING); trigger_error('Session is invalid (missing key 1)', \E_USER_WARNING);
@ -180,7 +170,7 @@ class Session
{ {
$must_resend_keys = true; $must_resend_keys = true;
} }
elseif (!$relax_key_checks && !$_SESSION['is_webview']) elseif ($check_keys && !$_SESSION['is_webview'])
{ {
// Hacked session! Destroy everything. // Hacked session! Destroy everything.
trigger_error('Session is invalid (missing key 2)', \E_USER_WARNING); trigger_error('Session is invalid (missing key 2)', \E_USER_WARNING);
@ -191,11 +181,11 @@ class Session
} }
// Check the refresh interval. // Check the refresh interval.
if (!$must_create && $_SESSION['RHYMIX']['keys'][$alt_domain]['key1_time'] < time() - $refresh_interval && !$relax_key_checks) if (!$must_create && $_SESSION['RHYMIX']['keys'][$alt_domain]['key1_time'] < time() - $refresh_interval && $check_keys)
{ {
$must_refresh = true; $must_refresh = true;
} }
elseif (!$must_create && \RX_SSL && $_SESSION['RHYMIX']['keys'][$alt_domain]['key2_time'] < time() - $refresh_interval && !$relax_key_checks) elseif (!$must_create && \RX_SSL && $_SESSION['RHYMIX']['keys'][$alt_domain]['key2_time'] < time() - $refresh_interval && $check_keys)
{ {
$must_refresh = true; $must_refresh = true;
} }