Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Refactored double Set-Cookie prevention code, and session reopening code

Browse source
This commit is contained in:
Albert Santoni 2015-09-25 12:03:10 -04:00
parent 91c584ba16
commit 8b6833180d
8 changed files with 30 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

1
airtime_mvc/application/Bootstrap.php
View file

@ -25,6 +25,7 @@ require_once "OsPath.php";
require_once "Database.php"; require_once "Database.php";
require_once "ProvisioningHelper.php"; require_once "ProvisioningHelper.php";
require_once "SecurityHelper.php"; require_once "SecurityHelper.php";
require_once "SessionHelper.php";
require_once "GoogleAnalytics.php"; require_once "GoogleAnalytics.php";
require_once "Timezone.php"; require_once "Timezone.php";
require_once "Auth.php"; require_once "Auth.php";

13
airtime_mvc/application/common/SessionHelper.php Normal file
View file

@ -0,0 +1,13 @@
<?php
class SessionHelper
{
public static function reopenSessionForWriting() {
//PHP will send double Set-Cookie headers if we reopen the
//session for writing, and this breaks IE8 and some other browsers.
//This hacky workaround prevents double headers. Background here:
// https://bugs.php.net/bug.php?id=38104
ini_set('session.cache_limiter', null);
session_start(); // Reopen the session for writing (without resending the Set-Cookie header)
}
}

4
airtime_mvc/application/controllers/BillingController.php
View file

@ -27,7 +27,7 @@ class BillingController extends Zend_Controller_Action {
Billing::ensureClientIdIsValid(); Billing::ensureClientIdIsValid();
//Zend's CSRF token element requires the session to be open for writing //Zend's CSRF token element requires the session to be open for writing
session_start(); SessionHelper::reopenSessionForWriting();
$request = $this->getRequest(); $request = $this->getRequest();
$form = new Application_Form_BillingUpgradeDowngrade(); $form = new Application_Form_BillingUpgradeDowngrade();
@ -224,7 +224,7 @@ class BillingController extends Zend_Controller_Action {
$this->view->headLink()->appendStylesheet($baseUrl.'css/billing.css?'.$CC_CONFIG['airtime_version']); $this->view->headLink()->appendStylesheet($baseUrl.'css/billing.css?'.$CC_CONFIG['airtime_version']);
//Zend's CSRF token element requires the session to be open for writing //Zend's CSRF token element requires the session to be open for writing
session_start(); SessionHelper::reopenSessionForWriting();
$request = $this->getRequest(); $request = $this->getRequest();
$form = new Application_Form_BillingClient(); $form = new Application_Form_BillingClient();

10
airtime_mvc/application/controllers/LoginController.php
View file

@ -34,14 +34,8 @@ class LoginController extends Zend_Controller_Action
if (Zend_Session::isStarted()) { if (Zend_Session::isStarted()) {
ini_set('session.use_only_cookies', false);
ini_set('session.use_cookies', false);
ini_set('session.use_trans_sid', false);
ini_set('session.cache_limiter', null);
session_start(); // second session_start
//Open the session for writing, because we close it for writing by default in Bootstrap.php as an optimization. //Open the session for writing, because we close it for writing by default in Bootstrap.php as an optimization.
//session_start(); SessionHelper::reopenSessionForWriting();
$auth = Zend_Auth::getInstance(); $auth = Zend_Auth::getInstance();
$auth->getStorage(); $auth->getStorage();
@ -142,7 +136,7 @@ class LoginController extends Zend_Controller_Action
public function logoutAction() public function logoutAction()
{ {
//Open the session for writing, because we close it for writing by default in Bootstrap.php as an optimization. //Open the session for writing, because we close it for writing by default in Bootstrap.php as an optimization.
session_start(); SessionHelper::reopenSessionForWriting();
$auth = Zend_Auth::getInstance(); $auth = Zend_Auth::getInstance();
$auth->clearIdentity(); $auth->clearIdentity();

2
airtime_mvc/application/controllers/PlaylistController.php
View file

@ -32,7 +32,7 @@ class PlaylistController extends Zend_Controller_Action
->initContext(); ->initContext();
//This controller writes to the session all over the place, so we're going to reopen it for writing here. //This controller writes to the session all over the place, so we're going to reopen it for writing here.
session_start(); //Reopen the session for writing SessionHelper::reopenSessionForWriting();
} }
private function getPlaylist($p_type) private function getPlaylist($p_type)

12
airtime_mvc/application/controllers/PreferenceController.php
View file

@ -32,7 +32,7 @@ class PreferenceController extends Zend_Controller_Action
$form = new Application_Form_Preferences(); $form = new Application_Form_Preferences();
$values = array(); $values = array();
session_start(); //Open session for writing. SessionHelper::reopenSessionForWriting();
if ($request->isPost()) { if ($request->isPost()) {
$values = $request->getPost(); $values = $request->getPost();
@ -92,7 +92,7 @@ class PreferenceController extends Zend_Controller_Action
$this->view->headScript()->appendFile($baseUrl.'js/airtime/preferences/support-setting.js?'.$CC_CONFIG['airtime_version'],'text/javascript'); $this->view->headScript()->appendFile($baseUrl.'js/airtime/preferences/support-setting.js?'.$CC_CONFIG['airtime_version'],'text/javascript');
$this->view->statusMsg = ""; $this->view->statusMsg = "";
session_start(); //Open session for writing. SessionHelper::reopenSessionForWriting();
$form = new Application_Form_SupportSettings(); $form = new Application_Form_SupportSettings();
if ($request->isPost()) { if ($request->isPost()) {
@ -128,7 +128,7 @@ class PreferenceController extends Zend_Controller_Action
public function removeLogoAction() public function removeLogoAction()
{ {
session_start(); //Open session for writing. SessionHelper::reopenSessionForWriting();
$this->view->layout()->disableLayout(); $this->view->layout()->disableLayout();
// Remove reliance on .phtml files to render requests // Remove reliance on .phtml files to render requests
@ -153,7 +153,7 @@ class PreferenceController extends Zend_Controller_Action
$this->view->headScript()->appendFile($baseUrl.'js/airtime/preferences/streamsetting.js?'.$CC_CONFIG['airtime_version'],'text/javascript'); $this->view->headScript()->appendFile($baseUrl.'js/airtime/preferences/streamsetting.js?'.$CC_CONFIG['airtime_version'],'text/javascript');
session_start(); //Open session for writing. SessionHelper::reopenSessionForWriting();
$name_map = array( $name_map = array(
'ogg' => 'Ogg Vorbis', 'ogg' => 'Ogg Vorbis',
@ -447,7 +447,7 @@ class PreferenceController extends Zend_Controller_Action
public function setSourceConnectionUrlAction() public function setSourceConnectionUrlAction()
{ {
session_start(); //Open session for writing. SessionHelper::reopenSessionForWriting();
$request = $this->getRequest(); $request = $this->getRequest();
$type = $request->getParam("type", null); $type = $request->getParam("type", null);
@ -467,7 +467,7 @@ class PreferenceController extends Zend_Controller_Action
public function getAdminPasswordStatusAction() public function getAdminPasswordStatusAction()
{ {
session_start(); //Open session for writing. SessionHelper::reopenSessionForWriting();
$out = array(); $out = array();
$num_of_stream = intval(Application_Model_Preference::GetNumOfStreams()); $num_of_stream = intval(Application_Model_Preference::GetNumOfStreams());

4
airtime_mvc/application/controllers/UserController.php
View file

@ -18,7 +18,7 @@ class UserController extends Zend_Controller_Action
{ {
// Start the session to re-open write permission to the session so we can // Start the session to re-open write permission to the session so we can
// create the namespace for our csrf token verification // create the namespace for our csrf token verification
session_start(); SessionHelper::reopenSessionForWriting();
$CC_CONFIG = Config::getConfig(); $CC_CONFIG = Config::getConfig();
$request = $this->getRequest(); $request = $this->getRequest();
@ -121,7 +121,7 @@ class UserController extends Zend_Controller_Action
public function editUserAction() public function editUserAction()
{ {
session_start(); //Reopen session for writing. SessionHelper::reopenSessionForWriting();
$request = $this->getRequest(); $request = $this->getRequest();
$form = new Application_Form_EditUser(); $form = new Application_Form_EditUser();
if ($request->isPost()) { if ($request->isPost()) {

6
airtime_mvc/application/controllers/UsersettingsController.php
View file

@ -70,14 +70,14 @@ class UsersettingsController extends Zend_Controller_Action
public function remindmeAction() public function remindmeAction()
{ {
// unset session // unset session
session_start(); //open session for writing again SessionHelper::reopenSessionForWriting();
Zend_Session::namespaceUnset('referrer'); Zend_Session::namespaceUnset('referrer');
Application_Model_Preference::SetRemindMeDate(); Application_Model_Preference::SetRemindMeDate();
} }
public function remindmeNeverAction() public function remindmeNeverAction()
{ {
session_start(); //open session for writing again SessionHelper::reopenSessionForWriting();
Zend_Session::namespaceUnset('referrer'); Zend_Session::namespaceUnset('referrer');
//pass in true to indicate 'Remind me never' was clicked //pass in true to indicate 'Remind me never' was clicked
Application_Model_Preference::SetRemindMeDate(true); Application_Model_Preference::SetRemindMeDate(true);
@ -86,7 +86,7 @@ class UsersettingsController extends Zend_Controller_Action
public function donotshowregistrationpopupAction() public function donotshowregistrationpopupAction()
{ {
// unset session // unset session
session_start(); //open session for writing again SessionHelper::reopenSessionForWriting();
Zend_Session::namespaceUnset('referrer'); Zend_Session::namespaceUnset('referrer');
} }