Index: branches/5.0.x/core/kernel/session/session.php
===================================================================
diff -u -r12399 -r12450
--- branches/5.0.x/core/kernel/session/session.php (.../session.php) (revision 12399)
+++ branches/5.0.x/core/kernel/session/session.php (.../session.php) (revision 12450)
@@ -1,6 +1,6 @@
Application->TableFound($this->TableName)) {
@@ -180,7 +180,7 @@
FROM ' . $this->TableName . '
WHERE ' . $this->IDField . ' = ' . $this->Conn->qstr($sid);
$result = $this->Conn->GetRow($sql);
-
+
if ($result === false) {
return false;
}
@@ -189,16 +189,16 @@
if ($this->Application->ConfigValue('SessionBrowserSignatureCheck') && ($result['BrowserSignature'] != $this->_getBrowserSignature())) {
return false;
}
-
+
if ($this->Application->ConfigValue('SessionIPAddressCheck') && ($result['IpAddress'] != $_SERVER['REMOTE_ADDR'])) {
// most secure, except for cases where NAT (Network Address Translation)
// is used and two or more computers can have same IP address
return false;
}
-
+
$this->DirectVars = $result;
$this->Expiration = $result[$this->TimestampField];
-
+
return true;
}
@@ -688,7 +688,7 @@
function Check()
{
// don't check referer here, because it doesn't provide any security option and can be easily falsified
-
+
$sid = $this->GetPassedSIDValue();
if (empty($sid)) {
@@ -797,18 +797,21 @@
*/
function GenerateSID()
{
- list($usec, $sec) = explode(" ",microtime());
+ list ($usec, $sec) = explode(' ', microtime());
$sid_part_1 = substr($usec, 4, 4);
- $sid_part_2 = mt_rand(1,9);
+ $sid_part_2 = mt_rand(1, 9);
$sid_part_3 = substr($sec, 6, 4);
$digit_one = substr($sid_part_1, 0, 1);
+
if ($digit_one == 0) {
- $digit_one = mt_rand(1,9);
- $sid_part_1 = ereg_replace("^0","",$sid_part_1);
- $sid_part_1=$digit_one.$sid_part_1;
+ $digit_one = mt_rand(1, 9);
+ $sid_part_1 = preg_replace('/^0/', '', $sid_part_1);
+ $sid_part_1 = $digit_one . $sid_part_1;
}
- $this->setSID($sid_part_1.$sid_part_2.$sid_part_3);
+
+ $this->setSID($sid_part_1 . $sid_part_2 . $sid_part_3);
+
return $this->SID;
}
@@ -1020,13 +1023,13 @@
$data_keys = array_keys($session_data);
$optional_keys = array_keys($this->OptionalData);
$real_keys = array_diff($data_keys, $optional_keys);
-
+
if ($real_keys) {
$ret = '';
foreach ($real_keys as $real_key) {
$ret .= '[' . $real_key . '] = [' . $session_data[$real_key] . ']
';
}
-
+
$this->Application->Debugger->appendHTML('Real Keys:
' . $ret);
}
}