fix - session now uses request

2024-10-22 14:05:37 +02:00 · 2017-06-26 11:24:50 +12:00 · 2017-06-26 11:24:50 +12:00 · 67887febc5
commit 67887febc5
parent 69fe166897
3 changed files with 15 additions and 16 deletions
--- a/src/Control/Session.php
+++ b/src/Control/Session.php
@ -145,13 +145,9 @@ class Session
     *
     * @return string
     */
-    protected function userAgent()
+    protected function userAgent($request)
    {
-        if (isset($_SERVER['HTTP_USER_AGENT'])) {
-            return $_SERVER['HTTP_USER_AGENT'];
-        } else {
-            return '';
-        }
+        return $request->getHeader('User-Agent');
    }

    /**
@ -180,7 +176,7 @@ class Session

        // Funny business detected!
        if (isset($this->data['HTTP_USER_AGENT'])) {
-            if ($this->data['HTTP_USER_AGENT'] !== $this->userAgent()) {
+            if ($this->data['HTTP_USER_AGENT'] !== $this->userAgent($request)) {
                $this->clearAll();
                $this->destroy();
                $this->start($request);
@ -468,9 +464,9 @@ class Session
    /**
     * Set user agent key
     */
-    public function finalize()
+    public function finalize(HTTPRequest $request)
    {
-        $this->set('HTTP_USER_AGENT', $this->userAgent());
+        $this->set('HTTP_USER_AGENT', $this->userAgent($request));
    }

    /**
@ -480,7 +476,7 @@ class Session
    public function save(HTTPRequest $request)
    {
        if ($this->changedData) {
-            $this->finalize();
+            $this->finalize($request);

            if (!$this->isStarted()) {
                $this->start($request);
--- a/src/Dev/SapphireTest.php
+++ b/src/Dev/SapphireTest.php
@ -911,7 +911,7 @@ class SapphireTest extends PHPUnit_Framework_TestCase implements TestOnly
        // Custom application
        $app->execute($request, function (HTTPRequest $request) {
            // Start session and execute
-            $request->getSession()->init();
+            $request->getSession()->init($request);

            // Invalidate classname spec since the test manifest will now pull out new subclasses for each internal class
            // (e.g. Member will now have various subclasses of DataObjects that implement TestOnly)
--- a/tests/php/Control/SessionTest.php
+++ b/tests/php/Control/SessionTest.php
@ -4,6 +4,7 @@ namespace SilverStripe\Control\Tests;

 use SilverStripe\Control\Session;
 use SilverStripe\Dev\SapphireTest;
+use SilverStripe\Control\HTTPRequest;

 /**
 * Tests to cover the {@link Session} class
@ -107,20 +108,22 @@ class SessionTest extends SapphireTest
    public function testUserAgentLockout()
    {
        // Set a user agent
-        $_SERVER['HTTP_USER_AGENT'] = 'Test Agent';
+        $req1 = new HTTPRequest('GET', '/');
+        $req1->setHeader('User-Agent', 'Test Agent');

        // Generate our session
        $s = new Session(array());
-        $s->init();
+        $s->init($req1);
        $s->set('val', 123);
-        $s->finalize();
+        $s->finalize($req1);

        // Change our UA
-        $_SERVER['HTTP_USER_AGENT'] = 'Fake Agent';
+        $req2 = new HTTPRequest('GET', '/');
+        $req2->setHeader('User-Agent', 'Test Agent');

        // Verify the new session reset our values
        $s2 = new Session($s);
-        $s2->init();
+        $s2->init($req2);
        $this->assertNotEquals($s2->get('val'), 123);
    }
 }