diff options
| author | André Noack <noack@data-quest.de> | 2025-04-14 09:08:41 +0000 |
|---|---|---|
| committer | Jan-Hendrik Willms <tleilax+studip@gmail.com> | 2025-04-14 09:08:41 +0000 |
| commit | 78091cc545ea110f4a626b3ea6454a4918a01d05 (patch) | |
| tree | 9d08398dd650796b5728e0ea697c3b2aec11be50 /lib | |
| parent | 118a3225185cff99dc2036db4b635b76741423fb (diff) | |
Resolve #5499 "Media Proy: $cache must not be accessed before initialization"
Closes #5499
Merge request studip/studip!4126
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/session/CacheSessionHandler.php | 2 | ||||
| -rw-r--r-- | lib/session/Manager.php | 13 |
2 files changed, 10 insertions, 5 deletions
diff --git a/lib/session/CacheSessionHandler.php b/lib/session/CacheSessionHandler.php index 0418e47..78e0550 100644 --- a/lib/session/CacheSessionHandler.php +++ b/lib/session/CacheSessionHandler.php @@ -34,6 +34,7 @@ class CacheSessionHandler implements if ($session_lifetime) { $this->session_lifetime = $session_lifetime; } + $this->cache = Factory::getCache(); } public function close(): bool @@ -55,7 +56,6 @@ class CacheSessionHandler implements public function open(string $path, string $name): bool { - $this->cache = Factory::getCache(); return true; } diff --git a/lib/session/Manager.php b/lib/session/Manager.php index 169d89e..85ea8b3 100644 --- a/lib/session/Manager.php +++ b/lib/session/Manager.php @@ -175,16 +175,16 @@ class Manager } $state = self::STATE_UNKNOWN; if (isset($GLOBALS['user']) && is_object($GLOBALS['user'])) { - $state = in_array($GLOBALS['user']->id, ['nobody', 'form']) ? self::STATE_NOBODY : self::STATE_AUTHENTICATED; + $state = $GLOBALS['user']->id === 'nobody' ? self::STATE_NOBODY : self::STATE_AUTHENTICATED; } else { - $sid = $_COOKIE[$this->getName()]; + $sid = $this->getSessionIdFromCookie(); if ($sid) { $session_vars = $this->getSessionVars($sid); $session_auth = $session_vars['auth']; - if ($session_auth['uid'] && !in_array($session_auth['uid'], ['nobody', 'form'])) { + if ($session_auth['uid'] && $session_auth['uid'] !== 'nobody') { $state = self::STATE_AUTHENTICATED; } else { - $state = in_array($session_auth['uid'], ['nobody', 'form']) ? self::STATE_NOBODY : self::STATE_UNKNOWN; + $state = $session_auth['uid'] === 'nobody' ? self::STATE_NOBODY : self::STATE_UNKNOWN; } } } @@ -201,6 +201,11 @@ class Manager return new \SessionDecoder($data); } + public function getSessionIdFromCookie(): string + { + return $_COOKIE[$this->getName()] ?? ''; + } + /** * force garbage collect * |