Update session ids on update (#16814)

author: Stefan Giehl <stefan@matomo.org> 2020-11-27 00:26:57 +0300
committer: GitHub <noreply@github.com> 2020-11-27 00:26:57 +0300
commit: 8417ac09c3aeb8a72f3e432bad954e249c9ca617 (patch)
tree: 2e19c2e1b9f1e6b5ff566ede3def64377f63a324
parent: c0c76f7ad40da605edcc53aef3a0f363234391bc (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/core/Updates/4.0.0-b1.php b/core/Updates/4.0.0-b1.php
index 4a62c199a6..5259fb3a9c 100644
--- a/core/Updates/4.0.0-b1.php
+++ b/core/Updates/4.0.0-b1.php
@@ -11,6 +11,7 @@ namespace Piwik\Updates;
 
 use Piwik\DataAccess\TableMetadata;
 use Piwik\Date;
+use Piwik\Db;
 use Piwik\DbHelper;
 use Piwik\Plugin\Manager;
 use Piwik\Plugins\CoreHome\Columns\Profilable;
@@ -28,6 +29,7 @@ use Piwik\Common;
 use Piwik\Config;
 use Piwik\Plugins\UserCountry\LocationProvider;
 use Piwik\Plugins\VisitorInterest\Columns\VisitorSecondsSinceLast;
+use Piwik\SettingsPiwik;
 use Piwik\Updater;
 use Piwik\Updates as PiwikUpdates;
 use Piwik\Updater\Migration\Factory as MigrationFactory;
@@ -104,6 +106,9 @@ class Updates_4_0_0_b1 extends PiwikUpdates
         $migrations[] = $this->migration->db->dropColumn('user', 'alias');
         $migrations[] = $this->migration->db->dropColumn('user', 'token_auth');
 
+        // prevent possible duplicates when shorting session id
+        $migrations[] = $this->migration->db->sql('DELETE FROM `' . Common::prefixTable('session') . '` WHERE length(id) > 190');
+
         $migrations[] = $this->migration->db->changeColumnType('session', 'id', 'VARCHAR(191)');
         $migrations[] = $this->migration->db->changeColumnType('site_url', 'url', 'VARCHAR(190)');
         $migrations[] = $this->migration->db->changeColumnType('option', 'option_name', 'VARCHAR(191)');
@@ -252,6 +257,16 @@ class Updates_4_0_0_b1 extends PiwikUpdates
 
     public function doUpdate(Updater $updater)
     {
+        $salt = SettingsPiwik::getSalt();
+        $sessions = Db::fetchAll('SELECT id from ' . Common::prefixTable('session'));
+
+        foreach ($sessions as $session) {
+            if (!empty($session['id']) && Common::mb_strlen($session['id']) != 128) {
+                $bind = [ hash('sha512', $session['id'] . $salt), $session['id'] ];
+                Db::query(sprintf('UPDATE %s SET id = ? WHERE id = ?', Common::prefixTable('session')), $bind);
+            }
+        }
+
         $updater->executeMigrations(__FILE__, $this->getMigrations($updater));
 
         if ($this->usesGeoIpLegacyLocationProvider()) {
author	Stefan Giehl <stefan@matomo.org>	2020-11-27 00:26:57 +0300
committer	GitHub <noreply@github.com>	2020-11-27 00:26:57 +0300
commit	8417ac09c3aeb8a72f3e432bad954e249c9ca617 (patch)
tree	2e19c2e1b9f1e6b5ff566ede3def64377f63a324
parent	c0c76f7ad40da605edcc53aef3a0f363234391bc (diff)