diff options
| author | Philipp Schüttlöffel <schuettloeffel@zqs.uni-hannover.de> | 2024-09-24 10:53:31 +0200 |
|---|---|---|
| committer | Philipp Schüttlöffel <schuettloeffel@zqs.uni-hannover.de> | 2024-09-24 10:53:31 +0200 |
| commit | 4459dd7917f4d1c34f40bb68f0e991e9c3d53e4c (patch) | |
| tree | 5c07151ae61276d334e88f6309c30d439a85c12e /lib/classes/SessionDecoder.php | |
| parent | da0022e5c1abbf9825ae76debaabdff7e8623bb4 (diff) | |
| parent | 97a188592c679890a25c37ab78463add76a52ff7 (diff) | |
Merge branch 'main' into issue-3911issue-3911
Diffstat (limited to 'lib/classes/SessionDecoder.php')
| -rw-r--r-- | lib/classes/SessionDecoder.php | 246 |
1 files changed, 246 insertions, 0 deletions
diff --git a/lib/classes/SessionDecoder.php b/lib/classes/SessionDecoder.php new file mode 100644 index 0000000..fc40c07 --- /dev/null +++ b/lib/classes/SessionDecoder.php @@ -0,0 +1,246 @@ +<?php +# Lifter007: TODO +# Lifter003: TODO +# Lifter010: TODO +/** + * SessionDecoder.php + * + * decodes serialized PHP session data + * + * @author André Noack <noack@data-quest>, Suchi & Berg GmbH <info@data-quest.de> + * @access public + * @package core + */ +// +---------------------------------------------------------------------------+ +// This file is part of Stud.IP +// SessionDecoder.php +// +// Copyright (C) 2008 André Noack <noack@data-quest>, data-quest GmbH <info@data-quest.de> +// +---------------------------------------------------------------------------+ +// This program is free software; you can redistribute it and/or +// modify it under the terms of the GNU General Public License +// as published by the Free Software Foundation; either version 2 +// of the License, or any later version. +// +---------------------------------------------------------------------------+ +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// You should have received a copy of the GNU General Public License +// along with this program; if not, write to the Free Software +// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +// +---------------------------------------------------------------------------+ + +class SessionDecoder implements ArrayAccess, Countable, Iterator { + + private $encoded_session = []; + private $decoded_session = []; + private $var_names = []; + + /** + * Usage: + * Pass the string containing encoded session data to the + * constructor, the identified session variables become public members + * of the object + * + * $session = new SessionDecoder($encoded_session_string); + * print_r($session->my_var); + * or + * print_r($session['my_var']); + * get the names of identified variables + * print_r($session->keys()); + * + * @param string $encoded_session_string + */ + public function __construct($encoded_session_string) { + $this->decode($encoded_session_string); + } + + /** + * pass an encoded session string to fill the object + * + * @param string $encoded_session_string + * @return int number of identified variables + */ + public function decode($encoded_session_string){ + $this->encoded_session = $this->sessionRealDecode($encoded_session_string); + if(is_array($this->encoded_session)) { + $this->var_names = array_keys($this->encoded_session); + } else { + $this->encoded_session = []; + } + $this->decoded_session = []; + + return count($this->encoded_session); + } + + /** + * returns an array containing the names of the identified variables + * + * @return array names of identified variables + */ + public function keys() { + return $this->var_names; + } + + public function rewind(): void + { + reset($this->var_names); + } + + public function current(): mixed + { + $current = current($this->var_names); + return $current !== false ? $this->offsetGet($current) : false; + } + + public function key(): mixed + { + return current($this->var_names); + } + + public function next(): void + { + next($this->var_names); + } + + public function valid(): bool + { + $current = current($this->var_names); + return $current !== false; + } + + public function offsetExists($offset): bool + { + return isset($this->encoded_session[$offset]); + } + + /** + * @param string $offset + */ + public function offsetGet($offset): mixed + { + if($this->offsetExists($offset) && !isset($this->decoded_session[$offset])) { + $this->decoded_session[$offset] = unserialize($this->encoded_session[$offset]); + } + return $this->decoded_session[$offset] ?? null; + } + + public function offsetSet($offset, $value): void + { + } + + public function offsetUnset($offset): void + { + } + + public function count(): int + { + return count($this->var_names); + } + + public function __get($name){ + return $this->offsetGet($name); + } + + public function __isset($name){ + return $this->offsetExists($name); + } + + /** + * a function that returns decoded session data, + * that seems to work in every cases, + * even when strings contain reserved chars + * (c) bmorel at ssi dot fr + * http://www.php.net/manual/en/function.session-decode.php#56106 + * + * @param string $str + * @return array + */ + private function sessionRealDecode($str) { + $ret = []; + $PS_DELIMITER = '|'; + $PS_UNDEF_MARKER = '!'; + $str = (string)$str; + + $endptr = strlen($str); + $p = 0; + + $items = 0; + $level = 0; + + while ($p < $endptr) { + $q = $p; + while ($str[$q] != $PS_DELIMITER) + if (++$q >= $endptr) break 2; + + if ($str[$p] == $PS_UNDEF_MARKER) { + $p++; + $has_value = false; + } else { + $has_value = true; + } + + $name = substr($str, $p, $q - $p); + $q++; + + $serialized = ''; + if ($has_value) { + for (;;) { + $p = $q; + switch ($str[$q]) { + case 'N': /* null */ + case 'b': /* boolean */ + case 'i': /* integer */ + case 'd': /* decimal */ + do $q++; + while ( ($q < $endptr) && ($str[$q] != ';') ); + $q++; + $serialized .= substr($str, $p, $q - $p); + if ($level == 0) break 2; + break; + case 'R': /* reference */ + $q+= 2; + for ($id = ''; ($q < $endptr) && ($str[$q] != ';'); $q++) $id .= $str[$q]; + $q++; + //$serialized .= 'R:' . ($id + 1) . ';'; /* increment pointer because of outer array */ + $serialized .= 'N;'; /* unserializing references is not possible*/ + if ($level == 0) break 2; + break; + case 's': /* string */ + $q+=2; + for ($length=''; ($q < $endptr) && ($str[$q] != ':'); $q++) $length .= $str[$q]; + $q+=2; + $q+= (int)$length + 2; + $serialized .= substr($str, $p, $q - $p); + if ($level == 0) break 2; + break; + case 'a': /* array */ + case 'O': /* object */ + do $q++; + while ( ($q < $endptr) && ($str[$q] != '{') ); + $q++; + $level++; + $serialized .= substr($str, $p, $q - $p); + break; + case '}': /* end of array|object */ + $q++; + $serialized .= substr($str, $p, $q - $p); + if (--$level == 0) break 2; + break; + default: + return false; + } + } + } else { + $serialized .= 'N;'; + $q+= 2; + } + $items++; + $p = $q; + $ret[$name] = $serialized; + } + return $ret; + } +} +?> |