Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

MDL-21637 "bug in some versions of php version 5 prevents cookieless …

…sessions working"
  • Loading branch information...
commit 4a4a05cfa82fcdf8d90a92773b99c09698b6ea64 1 parent e599553
James Pratt jamiepratt authored

Showing 2 changed files with 153 additions and 120 deletions. Show diff stats Hide diff stats

  1. +153 119 lib/cookieless.php
  2. +0 1  lib/setup.php
272 lib/cookieless.php
@@ -13,132 +13,166 @@
13 13 * @author Richard at postamble.co.uk and Jamie Pratt
14 14 * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
15 15 */
16   -/**
17   -* You won't call this function directly. This function is used to process
18   -* text buffered by php in an output buffer. All output is run through this function
19   -* before it is ouput.
20   -* @param string $buffer is the output sent from php
21   -* @return string the output sent to the browser
22   -*/
23   -function sid_ob_rewrite($buffer){
24   - $replacements = array(
25   - '/(<\s*(a|link|script|frame|area|img)\s[^>]*(href|src)\s*=\s*")([^"]*)(")/i',
26   - '/(<\s*(a|link|script|frame|area|img)\s[^>]*(href|src)\s*=\s*\')([^\']*)(\')/i');
27   -
28   - $buffer = preg_replace_callback($replacements, "sid_rewrite_link_tag", $buffer);
29   - $buffer = preg_replace('/<form\s[^>]*>/i',
30   - '\0<input type="hidden" name="' . session_name() . '" value="' . session_id() . '"/>', $buffer);
31   -
32   - return $buffer;
33   -}
34   -/**
35   -* You won't call this function directly. This function is used to process
36   -* text buffered by php in an output buffer. All output is run through this function
37   -* before it is ouput.
38   -* This function only processes absolute urls, it is used when we decide that
39   -* php is processing other urls itself but needs some help with internal absolute urls still.
40   -* @param string $buffer is the output sent from php
41   -* @return string the output sent to the browser
42   -*/
43   -function sid_ob_rewrite_absolute($buffer){
44   - $replacements = array(
45   - '/(<\s*(a|link|script|frame|area|img)\s[^>]*(href|src)\s*=\s*")((?:http|https)[^"]*)(")/i',
46   - '/(<\s*(a|link|script|frame|area|img)\s[^>]*(href|src)\s*=\s*\')((?:http|https)[^\']*)(\')/i');
47   -
48   - $buffer = preg_replace_callback($replacements, "sid_rewrite_link_tag", $buffer);
49   - $buffer = preg_replace('/<form\s[^>]*>/i',
50   - '\0<input type="hidden" name="' . session_name() . '" value="' . session_id() . '"/>', $buffer);
51   - return $buffer;
52   -}
53   -/**
54   -* A function to process link, a and script tags found
55   -* by preg_replace_callback in {@link sid_ob_rewrite($buffer)}.
56   -*/
57   -function sid_rewrite_link_tag($matches){
58   - $url = $matches[4];
59   - $url=sid_process_url($url);
60   - return $matches[1]. $url.$matches[5];
  16 +class cookieless_sid {
  17 +
  18 + /**
  19 + * @var string Using this variable to store $CFG->wwwroot. Found that in some versions of php the $CFG global was null in
  20 + * the callback functions used by the output buffer.
  21 + */
  22 + var $httproot = null;
  23 + /**
  24 + * @var string Using this variable to store $CFG->httpswwwroot.
  25 + */
  26 + var $httpsroot = null;
  27 +
  28 + /**
  29 + * @var boolean Using this variable to store $CFG->usesid.
  30 + */
  31 + var $usesid = false;
  32 +
  33 + /**
  34 + * You won't call this function directly. This function is used to process
  35 + * text buffered by php in an output buffer. All output is run through this function
  36 + * before it is ouput.
  37 + * @param string $buffer is the output sent from php
  38 + * @return string the output sent to the browser
  39 + */
  40 + function ob_rewrite($buffer){
  41 + $replacements = array(
  42 + '/(<\s*(a|link|script|frame|area)\s[^>]*(href|src)\s*=\s*")([^"]*)(")/i',
  43 + '/(<\s*(a|link|script|frame|area)\s[^>]*(href|src)\s*=\s*\')([^\']*)(\')/i');
  44 +
  45 + $buffer = preg_replace_callback($replacements, array($this, "rewrite_link_tag"), $buffer);
  46 + $buffer = preg_replace('/<form\s[^>]*>/i',
  47 + '\0<input type="hidden" name="' . session_name() . '" value="' . session_id() . '"/>', $buffer);
  48 +
  49 + return $buffer;
  50 + }
  51 + /**
  52 + * You won't call this function directly. This function is used to process
  53 + * text buffered by php in an output buffer. All output is run through this function
  54 + * before it is ouput.
  55 + * This function only processes absolute urls, it is used when we decide that
  56 + * php is processing other urls itself but needs some help with internal absolute urls still.
  57 + * @param string $buffer is the output sent from php
  58 + * @return string the output sent to the browser
  59 + */
  60 + function ob_rewrite_absolute($buffer){
  61 + $replacements = array(
  62 + '/(<\s*(a|link|script|frame|area)\s[^>]*(href|src)\s*=\s*")((?:http|https)[^"]*)(")/i',
  63 + '/(<\s*(a|link|script|frame|area)\s[^>]*(href|src)\s*=\s*\')((?:http|https)[^\']*)(\')/i');
  64 +
  65 + $buffer = preg_replace_callback($replacements, array($this, "rewrite_link_tag"), $buffer);
  66 + $buffer = preg_replace('/<form\s[^>]*>/i',
  67 + '\0<input type="hidden" name="' . session_name() . '" value="' . session_id() . '"/>', $buffer);
  68 + return $buffer;
  69 + }
  70 + /**
  71 + * A function to process link, a and script tags found
  72 + * by preg_replace_callback in ob_rewrite($buffer).
  73 + */
  74 + function rewrite_link_tag($matches){
  75 + $url = $matches[4];
  76 + $url= $this->process_url($url);
  77 + return $matches[1]. $url.$matches[5];
  78 + }
  79 + /**
  80 + * You can call this function directly. This function is used to process
  81 + * urls to add a moodle session id to the url for internal links.
  82 + * @param string $url is a url
  83 + * @return string the processed url
  84 + */
  85 + function process_url($url) {
  86 + if ((preg_match('/^(http|https):/i', $url)) // absolute url
  87 + && ((stripos($url, $this->httproot)!==0) && stripos($url, $this->httpsroot)!==0)) { // and not local one
  88 + //error_log("non local url : $url ; \$CFG->wwwroot : ".$this->httproot);
  89 + return $url; //don't attach sessid to non local urls
  90 + }
  91 + if ($url[0]=='#' || (stripos($url, 'javascript:')===0)) {
  92 + //error_log("anchor : $url");
  93 + return $url; //don't attach sessid to anchors
  94 + }
  95 + if (strpos($url, session_name())!==FALSE)
  96 + {
  97 + //error_log("already has one sessid : $url");
  98 + return $url; //don't attach sessid to url that already has one sessid
  99 + }
  100 + if (strpos($url, "?")===FALSE){
  101 + $append="?".strip_tags(session_name() . '=' . session_id() );
  102 + } else {
  103 + $append="&amp;".strip_tags(session_name() . '=' . session_id() );
  104 + }
  105 + //put sessid before any anchor
  106 + $p = strpos($url, "#");
  107 + if($p!==FALSE){
  108 + $anch = substr($url, $p);
  109 + $url = substr($url, 0, $p).$append.$anch ;
  110 + } else {
  111 + $url .= $append ;
  112 + }
  113 + //error_log("added sid : $url");
  114 + return $url;
  115 + }
  116 +
  117 +
  118 +
  119 + /**
  120 + * Call this function before there has been any output to the browser to
  121 + * buffer output and add session ids to all internal links.
  122 + */
  123 + function start_ob(){
  124 + global $CFG;
  125 +
  126 + $this->httproot = $CFG->wwwroot;
  127 + $this->httpsroot = $CFG->httpswwwroot;
  128 + $this->usesid = !empty($CFG->usesid);
  129 +
  130 + //don't attach sess id for bots
  131 +
  132 + if (!empty($_SERVER['HTTP_USER_AGENT'])) {
  133 + if (!empty($CFG->opentogoogle)) {
  134 + if (strpos($_SERVER['HTTP_USER_AGENT'], 'Googlebot') !== false ) {
  135 + @ini_set('session.use_trans_sid', '0'); // try and turn off trans_sid
  136 + $CFG->usesid=false;
  137 + return;
  138 + }
  139 + if (strpos($_SERVER['HTTP_USER_AGENT'], 'google.com') !== false ) {
  140 + @ini_set('session.use_trans_sid', '0'); // try and turn off trans_sid
  141 + $CFG->usesid=false;
  142 + return;
  143 + }
  144 + }
  145 + if (strpos($_SERVER['HTTP_USER_AGENT'], 'W3C_Validator') !== false ) {
  146 + @ini_set('session.use_trans_sid', '0'); // try and turn off trans_sid
  147 + $CFG->usesid=false;
  148 + return;
  149 + }
  150 + }
  151 + @ini_set('session.use_trans_sid', '1'); // try and turn on trans_sid
  152 + if (ini_get('session.use_trans_sid')!=0 ){
  153 + // use trans sid as its available
  154 + ini_set('url_rewriter.tags', 'a=href,area=href,script=src,link=href,'
  155 + . 'frame=src,form=fakeentry');
  156 + ob_start(array($this, 'ob_rewrite_absolute'));
  157 + }else{
  158 + //rewrite all links ourselves
  159 + ob_start(array($this, 'ob_rewrite'));
  160 + }
  161 + }
61 162 }
  163 +
  164 +$url_processor_for_cookieless_sessions = new cookieless_sid();
  165 +$url_processor_for_cookieless_sessions->start_ob();
62 166 /**
63 167 * You can call this function directly. This function is used to process
64 168 * urls to add a moodle session id to the url for internal links.
  169 +* Still using this function as a facade to access the instantiated object,
  170 +* that actually does the processing, to preserve the old api.
65 171 * @param string $url is a url
66 172 * @return string the processed url
67 173 */
68 174 function sid_process_url($url) {
69   - global $CFG;
70   - static $wwwroot = null;
71   - static $httpswwwroot = null;
72   - if ($wwwroot == null){
73   - $wwwroot = $CFG->wwwroot;
74   - }
75   - if ($httpswwwroot == null){
76   - $httpswwwroot = $CFG->httpswwwroot;
77   - }
78   - if ((preg_match('/^(http|https):/i', $url)) // absolute url
79   - && ((stripos($url, $wwwroot)!==0) && stripos($url, $httpswwwroot)!==0)) { // and not local one
80   - return $url; //don't attach sessid to non local urls
81   - }
82   - if ($url[0]=='#' || (stripos($url, 'javascript:')===0)) {
83   - return $url; //don't attach sessid to anchors
84   - }
85   - if (strpos($url, session_name())!==FALSE)
86   - {
87   - return $url; //don't attach sessid to url that already has one sessid
88   - }
89   - if (strpos($url, "?")===FALSE){
90   - $append="?".strip_tags(session_name() . '=' . session_id() );
91   - } else {
92   - $append="&amp;".strip_tags(session_name() . '=' . session_id() );
93   - }
94   - //put sessid before any anchor
95   - $p = strpos($url, "#");
96   - if($p!==FALSE){
97   - $anch = substr($url, $p);
98   - $url = substr($url, 0, $p).$append.$anch ;
99   - } else {
100   - $url .= $append ;
101   - }
102   - return $url;
103   -}
104   -
105   -
106   -/**
107   -* Call this function before there has been any output to the browser to
108   -* buffer output and add session ids to all internal links.
109   -*/
110   -function sid_start_ob(){
111   - global $CFG;
112   - //don't attach sess id for bots
113   -
114   - if (!empty($_SERVER['HTTP_USER_AGENT'])) {
115   - if (!empty($CFG->opentogoogle)) {
116   - if (strpos($_SERVER['HTTP_USER_AGENT'], 'Googlebot') !== false ) {
117   - @ini_set('session.use_trans_sid', '0'); // try and turn off trans_sid
118   - $CFG->usesid=false;
119   - return;
120   - }
121   - if (strpos($_SERVER['HTTP_USER_AGENT'], 'google.com') !== false ) {
122   - @ini_set('session.use_trans_sid', '0'); // try and turn off trans_sid
123   - $CFG->usesid=false;
124   - return;
125   - }
126   - }
127   - if (strpos($_SERVER['HTTP_USER_AGENT'], 'W3C_Validator') !== false ) {
128   - @ini_set('session.use_trans_sid', '0'); // try and turn off trans_sid
129   - $CFG->usesid=false;
130   - return;
131   - }
132   - }
133   - @ini_set('session.use_trans_sid', '1'); // try and turn on trans_sid
134   - if (ini_get('session.use_trans_sid')!=0 ){
135   - // use trans sid as its available
136   - ini_set('url_rewriter.tags', 'a=href,img=src,area=href,script=src,link=href,'
137   - . 'frame=src,form=fakeentry');
138   - ob_start('sid_ob_rewrite_absolute');
139   - }else{
140   - //rewrite all links ourselves
141   - ob_start('sid_ob_rewrite');
142   - }
  175 + global $url_processor_for_cookieless_sessions;
  176 + return $url_processor_for_cookieless_sessions->process_url($url);
143 177 }
144 178 ?>
1  lib/setup.php
@@ -617,7 +617,6 @@ function addslashes_deep($value) {
617 617 }
618 618 if (!empty($CFG->usesid) && empty($_COOKIE['MoodleSession'.$CFG->sessioncookie])) {
619 619 require_once("$CFG->dirroot/lib/cookieless.php");
620   - sid_start_ob();
621 620 }
622 621 /// In VERY rare cases old PHP server bugs (it has been found on PHP 4.1.2 running
623 622 /// as a CGI under IIS on Windows) may require that you uncomment the following:

0 comments on commit 4a4a05c

Please sign in to comment.
Something went wrong with that request. Please try again.