diff options
Diffstat (limited to 'lib/util.php')
| -rw-r--r-- | lib/util.php | 60 |
1 files changed, 56 insertions, 4 deletions
diff --git a/lib/util.php b/lib/util.php index 50bd0e2ac..3e52f5db1 100644 --- a/lib/util.php +++ b/lib/util.php @@ -119,6 +119,11 @@ function common_language() function common_munge_password($password, $id) { + if (is_object($id) || is_object($password)) { + $e = new Exception(); + common_log(LOG_ERR, __METHOD__ . ' object in param to common_munge_password ' . + str_replace("\n", " ", $e->getTraceAsString())); + } return md5($password . $id); } @@ -166,15 +171,27 @@ function common_ensure_session() if (common_config('sessions', 'handle')) { Session::setSaveHandler(); } + if (array_key_exists(session_name(), $_GET)) { + $id = $_GET[session_name()]; + common_log(LOG_INFO, 'Setting session from GET parameter: '.$id); + } else if (array_key_exists(session_name(), $_COOKIE)) { + $id = $_COOKIE[session_name()]; + common_log(LOG_INFO, 'Setting session from COOKIE: '.$id); + } + if (isset($id)) { + session_id($id); + setcookie(session_name(), $id); + } @session_start(); if (!isset($_SESSION['started'])) { $_SESSION['started'] = time(); - if (!empty($c)) { + if (!empty($id)) { common_log(LOG_WARNING, 'Session cookie "' . $_COOKIE[session_name()] . '" ' . ' is set but started value is null'); } } } + common_debug("Session ID = " . session_id()); } // Three kinds of arguments: @@ -809,20 +826,50 @@ function common_path($relative, $ssl=false) } else if (common_config('site', 'server')) { $serverpart = common_config('site', 'server'); } else { - common_log(LOG_ERR, 'Site Sever not configured, unable to determine site name.'); + common_log(LOG_ERR, 'Site server not configured, unable to determine site name.'); } } else { $proto = 'http'; if (common_config('site', 'server')) { $serverpart = common_config('site', 'server'); } else { - common_log(LOG_ERR, 'Site Sever not configured, unable to determine site name.'); + common_log(LOG_ERR, 'Site server not configured, unable to determine site name.'); } } + $relative = common_inject_session($relative, $serverpart); + return $proto.'://'.$serverpart.'/'.$pathpart.$relative; } +function common_inject_session($url, $serverpart = null) +{ + if (common_have_session()) { + + if (empty($serverpart)) { + $serverpart = parse_url($url, PHP_URL_HOST); + } + + $currentServer = $_SERVER['HTTP_HOST']; + + // Are we pointing to another server (like an SSL server?) + + if (!empty($currentServer) && + 0 != strcasecmp($currentServer, $serverpart)) { + // Pass the session ID as a GET parameter + $sesspart = session_name() . '=' . session_id(); + $i = strpos($url, '?'); + if ($i === false) { // no GET params, just append + $url .= '?' . $sesspart; + } else { + $url = substr($url, 0, $i + 1).$sesspart.'&'.substr($url, $i + 1); + } + } + } + + return $url; +} + function common_date_string($dt) { // XXX: do some sexy date formatting @@ -1010,7 +1057,12 @@ function common_profile_url($nickname) function common_root_url($ssl=false) { - return common_path('', $ssl); + $url = common_path('', $ssl); + $i = strpos($url, '?'); + if ($i !== false) { + $url = substr($url, 0, $i); + } + return $url; } // returns $bytes bytes of random data as a hexadecimal string |