diff options
author | Alexander Shubin <aleksandrs.subins@zabbix.com> | 2020-10-09 16:25:36 +0300 |
---|---|---|
committer | Alexander Shubin <aleksandrs.subins@zabbix.com> | 2020-10-09 16:25:36 +0300 |
commit | 8119ceb440965976a0fc864eb85f842e1d15703d (patch) | |
tree | 8c6158168a5ea677642c3c318ebe5e486089a774 | |
parent | 4c5f84c992c75350d099f5831d0857ae10ab36df (diff) |
..F....... [ZBXNEXT-5965] fixed undefined session id
-rw-r--r-- | ui/include/classes/api/services/CUser.php | 4 | ||||
-rw-r--r-- | ui/include/classes/core/CCookieSession.php | 27 | ||||
-rw-r--r-- | ui/include/classes/core/CEncryptedCookieSession.php | 5 | ||||
-rw-r--r-- | ui/include/classes/core/ZBase.php | 5 | ||||
-rw-r--r-- | ui/include/classes/user/CWebUser.php | 2 | ||||
-rw-r--r-- | ui/index_http.php | 2 | ||||
-rw-r--r-- | ui/index_sso.php | 2 |
7 files changed, 29 insertions, 18 deletions
diff --git a/ui/include/classes/api/services/CUser.php b/ui/include/classes/api/services/CUser.php index 54f004cc2a4..b473051d8c4 100644 --- a/ui/include/classes/api/services/CUser.php +++ b/ui/include/classes/api/services/CUser.php @@ -1174,6 +1174,10 @@ class CUser extends CApiService { $sessionid = self::$userData['sessionid']; + if (!$sessionid) { + self::exception(ZBX_API_ERROR_PARAMETERS, _('Cannot logout.')); + } + $db_sessions = DB::select('sessions', [ 'output' => ['userid'], 'filter' => [ diff --git a/ui/include/classes/core/CCookieSession.php b/ui/include/classes/core/CCookieSession.php index 7ca4f323c12..fffbe494201 100644 --- a/ui/include/classes/core/CCookieSession.php +++ b/ui/include/classes/core/CCookieSession.php @@ -33,17 +33,14 @@ class CCookieSession implements SessionHandlerInterface { * Class consturctor. Set session handlers and start session. */ public function __construct() { - if (!headers_sent() && session_status() === PHP_SESSION_NONE) { - - // Set use standard cookie PHPSESSID to false. - ini_set('session.use_cookies', '0'); - // Set serialize method to standard serialize / unserialize. - ini_set('session.serialize_handler', 'php_serialize'); - - session_set_save_handler([$this, 'open'], [$this, 'close'], [$this, 'read'], - [$this, 'write'], [$this, 'destroy'], [$this, 'gc'] - ); - } + // Set use standard cookie PHPSESSID to false. + ini_set('session.use_cookies', '0'); + // Set serialize method to standard serialize / unserialize. + ini_set('session.serialize_handler', 'php_serialize'); + + session_set_save_handler([$this, 'open'], [$this, 'close'], [$this, 'read'], + [$this, 'write'], [$this, 'destroy'], [$this, 'gc'] + ); } /** @@ -132,6 +129,10 @@ class CCookieSession implements SessionHandlerInterface { * @return boolean */ public function session_start(string $sessionid): bool { + if (headers_sent() || session_status() !== PHP_SESSION_NONE) { + return false; + } + session_id($sessionid); return session_start(); @@ -179,8 +180,6 @@ class CCookieSession implements SessionHandlerInterface { * @return string */ protected function prepareData(string $data): string { - $data = unserialize($data); - - return base64_encode(serialize($data)); + return base64_encode($data); } } diff --git a/ui/include/classes/core/CEncryptedCookieSession.php b/ui/include/classes/core/CEncryptedCookieSession.php index 73746478636..a5d757c4163 100644 --- a/ui/include/classes/core/CEncryptedCookieSession.php +++ b/ui/include/classes/core/CEncryptedCookieSession.php @@ -77,6 +77,11 @@ class CEncryptedCookieSession extends CCookieSession { */ protected function checkSign(string $data): bool { $data = unserialize($data); + + if (!array_key_exists('sign', $data)) { + return false; + } + $session_sign = $data['sign']; unset($data['sign']); $sign = CEncryptHelper::sign(serialize($data)); diff --git a/ui/include/classes/core/ZBase.php b/ui/include/classes/core/ZBase.php index ab2065915fa..5872a4f7466 100644 --- a/ui/include/classes/core/ZBase.php +++ b/ui/include/classes/core/ZBase.php @@ -154,9 +154,8 @@ class ZBase { /** * Initializes the application. * - * @param string $mode Application initialization mode. + * @param string $mode Application initialization mode. * - * @throws DBException * @throws Exception */ public function run($mode) { @@ -454,7 +453,7 @@ class ZBase { protected function authenticateUser(): void { $session = new CEncryptedCookieSession(); - if (!CWebUser::checkAuthentication($session->extractSessionId())) { + if (!CWebUser::checkAuthentication($session->extractSessionId() ?: '')) { CWebUser::setDefault(); } diff --git a/ui/include/classes/user/CWebUser.php b/ui/include/classes/user/CWebUser.php index eb6c6d69045..a1a0862fa61 100644 --- a/ui/include/classes/user/CWebUser.php +++ b/ui/include/classes/user/CWebUser.php @@ -90,7 +90,7 @@ class CWebUser { } } - public static function checkAuthentication(?string $sessionid): bool { + public static function checkAuthentication(string $sessionid): bool { try { self::$data = API::User()->checkAuthentication([ 'sessionid' => $sessionid, diff --git a/ui/index_http.php b/ui/index_http.php index bf037750404..4a410a6b2af 100644 --- a/ui/index_http.php +++ b/ui/index_http.php @@ -68,6 +68,8 @@ if ($http_user) { ); if ($user) { + CSessionHelper::set('sessionid', $user['sessionid']); + $redirect = array_filter([$request, $user['url'], ZBX_DEFAULT_URL]); redirect(reset($redirect)); } diff --git a/ui/index_sso.php b/ui/index_sso.php index cae82bc81b9..751d1ecfa65 100644 --- a/ui/index_sso.php +++ b/ui/index_sso.php @@ -235,6 +235,8 @@ try { throw new Exception(_('GUI access disabled.')); } + CSessionHelper::set('sessionid', $user['sessionid']); + $redirect = array_filter([$request, $user['url'], $relay_state, ZBX_DEFAULT_URL]); redirect(reset($redirect)); } |