Skip to content

Commit 3bbe53d

Browse files
se7enxwebse7enxweb
committed
Updated: Expanded ezpKernelWeb class internals which run under platform to specifically not start session for requests to /login route. This is required to prevent bug related sessions/redirection and also only run the affected code if it's within a symfony/platform stack with service containers. Bugfix from Nexus Project.
1 parent 51816a0 commit 3bbe53d

File tree

1 file changed

+45
-33
lines changed

1 file changed

+45
-33
lines changed

kernel/private/classes/ezpkernelweb.php

Lines changed: 45 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -1110,46 +1110,58 @@ protected function requestInit()
11101110

11111111
if ( $this->siteBasics['session-required'] )
11121112
{
1113-
// Check if this should be run in a cronjob
1114-
if ( $ini->variable( 'Session', 'BasketCleanup' ) !== 'cronjob' )
1113+
// Don't initialize session on /login GET requests (unauthenticated entry point)
1114+
// Only check this in Symfony/Platform 2.x context with service container
1115+
// Pure legacy access (without service-container) will skip this detection and initialize session normally
1116+
$isLoginPage = false;
1117+
if ( isset( $this->settings['service-container'] ) && $this->settings['service-container'] !== null )
11151118
{
1116-
eZSession::addCallback(
1117-
'destroy_pre',
1118-
function ( eZDBInterface $db, $key, $escapedKey )
1119-
{
1120-
$basket = eZBasket::fetch( $key );
1121-
if ( $basket instanceof eZBasket )
1122-
$basket->remove();
1123-
}
1124-
);
1125-
eZSession::addCallback(
1126-
'gc_pre',
1127-
function ( eZDBInterface $db, $time )
1128-
{
1129-
eZBasket::cleanupExpired( $time );
1130-
}
1131-
);
1119+
$isLoginPage = $this->actualRequestedURI === '/login' && isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'GET';
1120+
}
1121+
1122+
if ( !$isLoginPage )
1123+
{
1124+
// Check if this should be run in a cronjob
1125+
if ( $ini->variable( 'Session', 'BasketCleanup' ) !== 'cronjob' )
1126+
{
1127+
eZSession::addCallback(
1128+
'destroy_pre',
1129+
function ( eZDBInterface $db, $key, $escapedKey )
1130+
{
1131+
$basket = eZBasket::fetch( $key );
1132+
if ( $basket instanceof eZBasket )
1133+
$basket->remove();
1134+
}
1135+
);
1136+
eZSession::addCallback(
1137+
'gc_pre',
1138+
function ( eZDBInterface $db, $time )
1139+
{
1140+
eZBasket::cleanupExpired( $time );
1141+
}
1142+
);
1143+
1144+
eZSession::addCallback(
1145+
'cleanup_pre',
1146+
function ( eZDBInterface $db )
1147+
{
1148+
eZBasket::cleanup();
1149+
}
1150+
);
1151+
}
11321152

1153+
// addCallBack to update session id for shop basket on session regenerate
11331154
eZSession::addCallback(
1134-
'cleanup_pre',
1135-
function ( eZDBInterface $db )
1155+
'regenerate_post',
1156+
function ( eZDBInterface $db, $escNewKey, $escOldKey )
11361157
{
1137-
eZBasket::cleanup();
1158+
$db->query( "UPDATE ezbasket SET session_id='{$escNewKey}' WHERE session_id='{$escOldKey}'" );
11381159
}
11391160
);
1140-
}
11411161

1142-
// addCallBack to update session id for shop basket on session regenerate
1143-
eZSession::addCallback(
1144-
'regenerate_post',
1145-
function ( eZDBInterface $db, $escNewKey, $escOldKey )
1146-
{
1147-
$db->query( "UPDATE ezbasket SET session_id='{$escNewKey}' WHERE session_id='{$escOldKey}'" );
1148-
}
1149-
);
1150-
1151-
// TODO: Session starting should be made only once in the constructor
1152-
$this->sessionInit();
1162+
// TODO: Session starting should be made only once in the constructor
1163+
$this->sessionInit();
1164+
}
11531165
}
11541166

11551167
// if $this->siteBasics['db-required'], open a db connection and check that db is connected

0 commit comments

Comments
 (0)