Commit 2d5e401b authored by Robert Lyon's avatar Robert Lyon
Browse files

Bug 1670637: Updating session options for PHP 7.1 



behatnotneeded

Change-Id: I589cc42dd543ea4edfa418de8b85b711d3f0dd3e
Signed-off-by: default avatarRobert Lyon <robertl@catalyst.net.nz>
parent a3fbe08c

htdocs/auth/session.php

+16 −2
Original line number Diff line number Diff line
@@ -52,7 +52,12 @@ class Session { 
        // See more at http://php.net/manual/en/session.security.php

        ini_set('session.use_cookies', true);

        ini_set('session.use_only_cookies', true);

        if (version_compare(PHP_VERSION, '7.1.0') >= 0) {

            ini_set('session.sid_bits_per_character', 5);

        }

        else {

            ini_set('session.hash_bits_per_character', 4);

        }

        ini_set('session.gc_divisor', 1000);



        if (get_config('session_timeout')) {
@@ -71,7 +76,12 @@ class Session { 
        ini_set('session.gc_maxlifetime', $session_timeout);



        ini_set('session.use_trans_sid', false);

        if (version_compare(PHP_VERSION, '7.1.0') >= 0) {

            ini_set('session.sid_length', 32);

        }

        else {

            ini_set('session.hash_function', 'sha256'); // stronger hash functions are sha384 and sha512

        }

        if (version_compare(PHP_VERSION, '5.5.2') > 0) {

            ini_set('session.use_strict_mode', true);

        }
@@ -82,6 +92,10 @@ class Session { 
        if (!is_dir("$sessionpath/0")) {

            // Create three levels of directories, named 0-9, a-f

            $characters = array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f');

            if (version_compare(PHP_VERSION, '7.1.0') >= 0) {

                $characters = array_merge($characters, array('g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',

                                                             'o', 'p', 'q', 'r', 's', 't', 'u', 'v'));

            }

            foreach ($characters as $c1) {

                check_dir_exists("$sessionpath/$c1");

                foreach ($characters as $c2) {

htdocs/lib/db/upgrade.php

+5 −0
Original line number Diff line number Diff line
@@ -5321,5 +5321,10 @@ function xmldb_core_upgrade($oldversion=0) { 
        delete_records('auth_installed', 'name', 'browserid');

    }



    if ($oldversion < 2017092500) {

        log_debug('Clear all caches to allow regeneration of session directories');

        clear_all_caches(true);

    }



    return $status;

}

htdocs/lib/mahara.php

+9 −1
Original line number Diff line number Diff line
@@ -5084,10 +5084,11 @@ function is_valid_serialized_skin_attribute($sobj) { 


/*

 * Crear all Mahara chaches.

 * @param   bool   $clearsessiondirs  Optional to clear sessions. Useful during upgrade when session structure changes

 *

 * @return bool True if success, false otherwise.

 */

function clear_all_caches() {

function clear_all_caches($clearsessiondirs = false) {

    require_once(get_config('libroot') . 'file.php');



    try {
@@ -5100,6 +5101,13 @@ function clear_all_caches() { 
            throw new SystemException('Can not remove dwoo directory ' . $dwoo_dir);

        }



        if ($clearsessiondirs) {

            $session_dir = get_config('dataroot') . 'sessions';

            if (check_dir_exists($session_dir) && !rmdirr($session_dir)) {

                throw new SystemException('Can not remove session directory ' . $session_dir);

            }

        }



        handle_event('clearcaches', array());



        $result = true;

htdocs/lib/upgrade.php

+5 −1
Original line number Diff line number Diff line
@@ -579,6 +579,10 @@ function core_postinst() { 
    if (check_dir_exists($sessionpath)) {

        // Create three levels of directories, named 0-9, a-f

        $characters = array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f');

        if (version_compare(PHP_VERSION, '7.1.0') >= 0) {

            $characters = array_merge($characters, array('g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',

                                                         'o', 'p', 'q', 'r', 's', 't', 'u', 'v'));

        }

        foreach ($characters as $c1) {

            if (check_dir_exists("$sessionpath/$c1")) {

                foreach ($characters as $c2) {
@@ -1504,7 +1508,7 @@ function site_warnings() { 
    }



    // Check for low security (i.e. not random enough) session IDs

    if ((int)ini_get('session.entropy_length') < 16) {

    if (version_compare(PHP_VERSION, '7.1.0') < 0 && (int)ini_get('session.entropy_length') < 16) {

        $warnings[] = get_string('notenoughsessionentropy', 'error');

    }

htdocs/lib/version.php

+1 −1
Original line number Diff line number Diff line
@@ -16,7 +16,7 @@ $config = new stdClass(); 
// See https://wiki.mahara.org/wiki/Developer_Area/Version_Numbering_Policy

// For upgrades on stable branches, increment the version by one.  On master, use the date.



$config->version = 2017092200;

$config->version = 2017092500;

$config->series = '17.10';

$config->release = '17.10dev';

$config->minupgradefrom = 2015030409;