diff options
author | Stefan Giehl <stefan@matomo.org> | 2020-11-27 00:26:57 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-11-27 00:26:57 +0300 |
commit | 8417ac09c3aeb8a72f3e432bad954e249c9ca617 (patch) | |
tree | 2e19c2e1b9f1e6b5ff566ede3def64377f63a324 | |
parent | c0c76f7ad40da605edcc53aef3a0f363234391bc (diff) |
Update session ids on update (#16814)
-rw-r--r-- | core/Updates/4.0.0-b1.php | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/core/Updates/4.0.0-b1.php b/core/Updates/4.0.0-b1.php index 4a62c199a6..5259fb3a9c 100644 --- a/core/Updates/4.0.0-b1.php +++ b/core/Updates/4.0.0-b1.php @@ -11,6 +11,7 @@ namespace Piwik\Updates; use Piwik\DataAccess\TableMetadata; use Piwik\Date; +use Piwik\Db; use Piwik\DbHelper; use Piwik\Plugin\Manager; use Piwik\Plugins\CoreHome\Columns\Profilable; @@ -28,6 +29,7 @@ use Piwik\Common; use Piwik\Config; use Piwik\Plugins\UserCountry\LocationProvider; use Piwik\Plugins\VisitorInterest\Columns\VisitorSecondsSinceLast; +use Piwik\SettingsPiwik; use Piwik\Updater; use Piwik\Updates as PiwikUpdates; use Piwik\Updater\Migration\Factory as MigrationFactory; @@ -104,6 +106,9 @@ class Updates_4_0_0_b1 extends PiwikUpdates $migrations[] = $this->migration->db->dropColumn('user', 'alias'); $migrations[] = $this->migration->db->dropColumn('user', 'token_auth'); + // prevent possible duplicates when shorting session id + $migrations[] = $this->migration->db->sql('DELETE FROM `' . Common::prefixTable('session') . '` WHERE length(id) > 190'); + $migrations[] = $this->migration->db->changeColumnType('session', 'id', 'VARCHAR(191)'); $migrations[] = $this->migration->db->changeColumnType('site_url', 'url', 'VARCHAR(190)'); $migrations[] = $this->migration->db->changeColumnType('option', 'option_name', 'VARCHAR(191)'); @@ -252,6 +257,16 @@ class Updates_4_0_0_b1 extends PiwikUpdates public function doUpdate(Updater $updater) { + $salt = SettingsPiwik::getSalt(); + $sessions = Db::fetchAll('SELECT id from ' . Common::prefixTable('session')); + + foreach ($sessions as $session) { + if (!empty($session['id']) && Common::mb_strlen($session['id']) != 128) { + $bind = [ hash('sha512', $session['id'] . $salt), $session['id'] ]; + Db::query(sprintf('UPDATE %s SET id = ? WHERE id = ?', Common::prefixTable('session')), $bind); + } + } + $updater->executeMigrations(__FILE__, $this->getMigrations($updater)); if ($this->usesGeoIpLegacyLocationProvider()) { |