From e92c63c5457bf56fe320d83977e3475c1fc60908 Mon Sep 17 00:00:00 2001 From: Sam Minnee Date: Sun, 25 Jun 2017 14:13:36 +1200 Subject: [PATCH] API: Remove $sid argument of Session::start() NEW: Pass HTTPRequest to session NEW: Pass HTTPReuqest optionally to Director statics The session handler now expects to operate on a specific HTTPRequest object. --- src/Control/Director.php | 20 +++++++++------- src/Control/Session.php | 23 ++++++++----------- src/Control/SessionMiddleware.php | 4 ++-- .../Startup/ErrorControlChainMiddleware.php | 2 +- 4 files changed, 25 insertions(+), 24 deletions(-) diff --git a/src/Control/Director.php b/src/Control/Director.php index a0bd5b930..52a9dd8ff 100644 --- a/src/Control/Director.php +++ b/src/Control/Director.php @@ -509,7 +509,7 @@ class Director implements TemplateGlobalProvider * * @return string */ - public static function host() + public static function host(HTTPRequest $request = null) { // Check if overridden by alternate_base_url if ($baseURL = self::config()->get('alternate_base_url')) { @@ -520,7 +520,9 @@ class Director implements TemplateGlobalProvider } } - $request = Injector::inst()->get(HTTPRequest::class); + if (!$request) { + $request = Injector::inst()->get(HTTPRequest::class, true, ['GET', '/']); + } if ($request && $host = $request->getHeader('Host')) { return $host; } @@ -549,9 +551,9 @@ class Director implements TemplateGlobalProvider * * @return bool|string */ - public static function protocolAndHost() + public static function protocolAndHost(HTTPRequest $request = null) { - return static::protocol() . static::host(); + return static::protocol($request) . static::host($request); } /** @@ -559,9 +561,9 @@ class Director implements TemplateGlobalProvider * * @return string */ - public static function protocol() + public static function protocol(HTTPRequest $request = null) { - return (self::is_https()) ? 'https://' : 'http://'; + return (self::is_https($request)) ? 'https://' : 'http://'; } /** @@ -569,7 +571,7 @@ class Director implements TemplateGlobalProvider * * @return bool */ - public static function is_https() + public static function is_https(HTTPRequest $request = null) { // Check override from alternate_base_url if ($baseURL = self::config()->uninherited('alternate_base_url')) { @@ -581,7 +583,9 @@ class Director implements TemplateGlobalProvider } // Check the current request - $request = Injector::inst()->get(HTTPRequest::class); + if (!$request) { + $request = Injector::inst()->get(HTTPRequest::class, true, ['GET', '/']); + } if ($request && $host = $request->getHeader('Host')) { return $request->getScheme() === 'https'; } diff --git a/src/Control/Session.php b/src/Control/Session.php index bf5f3f230..d8f4473b8 100644 --- a/src/Control/Session.php +++ b/src/Control/Session.php @@ -172,10 +172,10 @@ class Session /** * Init this session instance before usage */ - public function init() + public function init(HTTPRequest $request) { if (!$this->isStarted()) { - $this->start(); + $this->start($request); } // Funny business detected! @@ -183,7 +183,7 @@ class Session if ($this->data['HTTP_USER_AGENT'] !== $this->userAgent()) { $this->clearAll(); $this->destroy(); - $this->start(); + $this->start($request); } } } @@ -191,10 +191,10 @@ class Session /** * Destroy existing session and restart */ - public function restart() + public function restart(HTTPRequest $request) { $this->destroy(); - $this->init(); + $this->init($request); } /** @@ -210,9 +210,9 @@ class Session /** * Begin session * - * @param string $sid + * @param $request The request for which to start a session */ - public function start($sid = null) + public function start(HTTPRequest $request) { if ($this->isStarted()) { throw new BadMethodCallException("Session has already started"); @@ -223,7 +223,7 @@ class Session $path = Director::baseURL(); } $domain = $this->config()->get('cookie_domain'); - $secure = Director::is_https() && $this->config()->get('cookie_secure'); + $secure = Director::is_https($request) && $this->config()->get('cookie_secure'); $session_path = $this->config()->get('session_store_path'); $timeout = $this->config()->get('timeout'); @@ -255,9 +255,6 @@ class Session session_name('SECSESSID'); } - if ($sid) { - session_id($sid); - } session_start(); $this->data = isset($_SESSION) ? $_SESSION : array(); @@ -480,13 +477,13 @@ class Session * Save data to session * Only save the changes, so that anyone manipulating $_SESSION directly doesn't get burned. */ - public function save() + public function save(HTTPRequest $request) { if ($this->changedData) { $this->finalize(); if (!$this->isStarted()) { - $this->start(); + $this->start($request); } $this->recursivelyApply($this->changedData, $_SESSION); diff --git a/src/Control/SessionMiddleware.php b/src/Control/SessionMiddleware.php index bae7f9644..cd8c393c4 100644 --- a/src/Control/SessionMiddleware.php +++ b/src/Control/SessionMiddleware.php @@ -12,7 +12,7 @@ class SessionMiddleware implements HTTPMiddleware { try { // Start session and execute - $request->getSession()->init(); + $request->getSession()->init($request); // Generate output $response = $delegate($request); @@ -20,7 +20,7 @@ class SessionMiddleware implements HTTPMiddleware // Save session data, even if there was an exception. // Note that save() will start/resume the session if required. } finally { - $request->getSession()->save(); + $request->getSession()->save($request); } return $response; diff --git a/src/Core/Startup/ErrorControlChainMiddleware.php b/src/Core/Startup/ErrorControlChainMiddleware.php index d5a10ef2a..e853ebd08 100644 --- a/src/Core/Startup/ErrorControlChainMiddleware.php +++ b/src/Core/Startup/ErrorControlChainMiddleware.php @@ -84,7 +84,7 @@ class ErrorControlChainMiddleware implements HTTPMiddleware $this->getApplication()->getKernel()->boot(false); // Ensure session is started - $request->getSession()->init(); + $request->getSession()->init($request); // Next, check if we're in dev mode, or the database doesn't have any security data, or we are admin if (Director::isDev() || !Security::database_is_ready() || Permission::check('ADMIN')) {