Skip to content
Permalink
Browse files

changed unserialize to json_decode for the settings table

  • Loading branch information...
danielkerr committed Jul 20, 2015
1 parent 611728e commit 141de8ac42ee10851d9d8736462e5e1418569be5
@@ -357,12 +357,6 @@ protected function getList() {
}
}
if (!in_array()) {
$data['total_api'] = $this->model_user_api->getApiIps($this->config->get('config_api_id'));
break;
}
$data['ip'] = $this->request->server['REMOTE_ADDR'];
$data['store'] = HTTPS_CATALOG;
@@ -9,7 +9,7 @@ public function getSetting($code, $store_id = 0) {
if (!$result['serialized']) {
$setting_data[$result['key']] = $result['value'];
} else {
$setting_data[$result['key']] = unserialize($result['value']);
$setting_data[$result['key']] = json_decode($result['value'], true);
}
}
@@ -24,7 +24,7 @@ public function editSetting($code, $data, $store_id = 0) {
if (!is_array($value)) {
$this->db->query("INSERT INTO " . DB_PREFIX . "setting SET store_id = '" . (int)$store_id . "', `code` = '" . $this->db->escape($code) . "', `key` = '" . $this->db->escape($key) . "', `value` = '" . $this->db->escape($value) . "'");
} else {
$this->db->query("INSERT INTO " . DB_PREFIX . "setting SET store_id = '" . (int)$store_id . "', `code` = '" . $this->db->escape($code) . "', `key` = '" . $this->db->escape($key) . "', `value` = '" . $this->db->escape(serialize($value)) . "', serialized = '1'");
$this->db->query("INSERT INTO " . DB_PREFIX . "setting SET store_id = '" . (int)$store_id . "', `code` = '" . $this->db->escape($code) . "', `key` = '" . $this->db->escape($key) . "', `value` = '" . $this->db->escape(json_encode($value)) . "', serialized = '1'");
}
}
}
@@ -38,7 +38,7 @@ public function editSettingValue($code = '', $key = '', $value = '', $store_id =
if (!is_array($value)) {
$this->db->query("UPDATE " . DB_PREFIX . "setting SET `value` = '" . $this->db->escape($value) . "', serialized = '0' WHERE `code` = '" . $this->db->escape($code) . "' AND `key` = '" . $this->db->escape($key) . "' AND store_id = '" . (int)$store_id . "'");
} else {
$this->db->query("UPDATE " . DB_PREFIX . "setting SET `value` = '" . $this->db->escape(serialize($value)) . "', serialized = '1' WHERE `code` = '" . $this->db->escape($code) . "' AND `key` = '" . $this->db->escape($key) . "' AND store_id = '" . (int)$store_id . "'");
$this->db->query("UPDATE " . DB_PREFIX . "setting SET `value` = '" . $this->db->escape(json_encode($value)) . "', serialized = '1' WHERE `code` = '" . $this->db->escape($code) . "' AND `key` = '" . $this->db->escape($key) . "' AND store_id = '" . (int)$store_id . "'");
}
}
}
@@ -27,16 +27,13 @@ public function index() {
if ($api_info) {
$json['success'] = $this->language->get('text_success');
$this->session->close();
//setcookie('PHPSESSID_' . uniqid(), );
$session = new Session();
//session = new Session();
$session->setName('PHPSESSID_' . uniqid());
//$session->setName('PHPSESSID_' . uniqid());
//$session->setId();
$session->start();
//$session->start();
$session->data['api_id'] = $api_info['api_id'];
@@ -51,7 +51,7 @@
if (!$result['serialized']) {
$config->set($result['key'], $result['value']);
} else {
$config->set($result['key'], unserialize($result['value']));
$config->set($result['key'], json_decode($result['value'], true));
}
}
@@ -122,24 +122,24 @@ function error_handler($code, $message, $file, $line) {
$cache = new Cache('file');
$registry->set('cache', $cache);
// Session
$session = new Session();
// For API requests we need to create a separate cookie
if (isset($request->get['token']) && isset($request->get['route']) && substr($request->get['route'], 0, 4) == 'api/') {
$db->query("DELETE FROM `" . DB_PREFIX . "api_session` WHERE TIMESTAMPADD(HOUR, 1, date_modified) < NOW()");
$query = $db->query("SELECT DISTINCT * FROM `" . DB_PREFIX . "api_session` as LEFT JOIN api_ip ai ON (as.api_id = ai.api_id) WHERE as.token = '" . $db->escape($request->get['token']) . "' AND ai.ip = '" . $db->escape($request->server['REMOTE_ADDR']) . "'");
if ($query->num_row) {
$session->setId($query->row['session_id']);
$session->setName($query->row['session_name']);
// Does not seem PHP is able to handle sessions as objects propperly so just using the built in functions
session_id($query->row['session_id']);
session_name($query->row['session_name']);
// keep the session alive
$db->query("UPDATE `" . DB_PREFIX . "api_session` SET date_modified = NOW() WHERE api_session_id = '" . $query->row['api_session_id'] . "'");
}
}
$session->start();
// Session
$session = new Session();
$registry->set('session', $session);
// Language Detection
@@ -11,7 +11,7 @@
define('DIR_APPLICATION', str_replace('\\', '/', realpath(dirname(__FILE__))) . '/');
define('DIR_SYSTEM', str_replace('\\', '/', realpath(dirname(__FILE__) . '/../')) . '/system/');
define('DIR_OPENCART', str_replace('\\', '/', realpath(DIR_APPLICATION . '../')) . '/');
define('DIR_MODIFICATION', DIR_SYSTEM . 'modification/');
define('DIR_MODIFICATION', DIR_SYSTEM . 'storage/modification/');
define('DIR_LANGUAGE', DIR_APPLICATION . 'language/');
define('DIR_TEMPLATE', DIR_APPLICATION . 'view/template/');
define('DIR_CONFIG', DIR_SYSTEM . 'config/');
@@ -2,71 +2,39 @@
class Session {
public $data = array();
public function __construct($prefix = 'default') {
public function __construct($session_id = '') {
if (!session_id()) {
ini_set('session.use_only_cookies', 'On');
ini_set('session.use_cookies', 'On');
ini_set('session.use_trans_sid', 'Off');
ini_set('session.cookie_httponly', 'On');
ini_set('session.hash_function', 1);
ini_set('session.hash_bits_per_character', 4);
if (!preg_match('/^[0-9a-z]*$/i', session_id())) {
exit();
}
if ($session_id) {
session_id($session_id);
}
session_set_cookie_params(0, '/');
session_start();
}
$this->data =& $_SESSION[$prefix];
$this->data =& $_SESSION;
}
function session_regenerate_id() {
$tv = gettimeofday();
$buf = sprintf("%.15s%ld%ld%0.8f", $_SERVER['REMOTE_ADDR'], $tv['sec'], $tv['usec'], php_combined_lcg() * 10);
session_id(md5($buf));
setcookie('PHPSESSID', session_id(), NULL, '/');
return TRUE;
public function regenerateId() {
return session_regenerate_id();
}
public function getId() {
return session_id();
}
public function setId($session_id = '') {
return session_id($session_id);
}
public function getName() {
return session_name();
}
public function setName() {
return session_name();
}
public function start($name = '', $limit = 0, $path = '/', $domain = null, $secure = null) {
if (!session_id()) {
ini_set('session.use_only_cookies', 'On');
ini_set('session.use_cookies', 'On');
ini_set('session.use_trans_sid', 'Off');
ini_set('session.cookie_httponly', 'On');
session_set_cookie_params(0, '/');
if (!preg_match('/^[0-9a-z]*$/i', session_id())) {
exit();
}
return session_start();
} else {
return false;
}
}
public function close() {
session_write_close();
}

0 comments on commit 141de8a

Please sign in to comment.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.