1 files changed, 107 insertions, 4 deletions
diff --git a/application/security/SessionManager.php b/application/security/SessionManager.php
index 994fcbe5..96bf193c 100644
--- a/application/security/SessionManager.php
+++ b/application/security/SessionManager.php
@@ -8,6 +8,14 @@ use Shaarli\Config\ConfigManager;
 */
 class SessionManager
 {
+    public const KEY_LINKS_PER_PAGE = 'LINKS_PER_PAGE';
+    public const KEY_VISIBILITY = 'visibility';
+    public const KEY_UNTAGGED_ONLY = 'untaggedonly';
+    public const KEY_SUCCESS_MESSAGES = 'successes';
+    public const KEY_WARNING_MESSAGES = 'warnings';
+    public const KEY_ERROR_MESSAGES = 'errors';
    /** @var int Session expiration timeout, in seconds */
    public static $SHORT_TIMEOUT = 3600;    // 1 hour
@@ -23,16 +31,35 @@ class SessionManager
    /** @var bool Whether the user should stay signed in (LONG_TIMEOUT) */
    protected $staySignedIn = false;
+    /** @var string */
+    protected $savePath;
    /**
     * Constructor
     *
-     * @param array         $session The $_SESSION array (reference)
+     * @param array         $session  The $_SESSION array (reference)
-     * @param ConfigManager $conf    ConfigManager instance
+     * @param ConfigManager $conf     ConfigManager instance
+     * @param string        $savePath Session save path returned by builtin function session_save_path()
     */
-    public function __construct(& $session, $conf)
+    public function __construct(&$session, $conf, string $savePath)
    {
        $this->session = &$session;
        $this->conf = $conf;
+        $this->savePath = $savePath;
+    }
+    /**
+     * Initialize XSRF token and links per page session variables.
+     */
+    public function initialize(): void
+    {
+        if (!isset($this->session['tokens'])) {
+            $this->session['tokens'] = [];
+        }
+        if (!isset($this->session['LINKS_PER_PAGE'])) {
+            $this->session['LINKS_PER_PAGE'] = $this->conf->get('general.links_per_page', 20);
+        }
    }
    /**
@@ -156,7 +183,6 @@ class SessionManager
            unset($this->session['expires_on']);
            unset($this->session['username']);
            unset($this->session['visibility']);
-            unset($this->session['untaggedonly']);
        }
    }
@@ -202,4 +228,81 @@ class SessionManager
    {
        return $this->session;
    }
+    /**
+     * @param mixed $default value which will be returned if the $key is undefined
+     *
+     * @return mixed Content stored in session
+     */
+    public function getSessionParameter(string $key, $default = null)
+    {
+        return $this->session[$key] ?? $default;
+    }
+    /**
+     * Store a variable in user session.
+     *
+     * @param string $key   Session key
+     * @param mixed  $value Session value to store
+     *
+     * @return $this
+     */
+    public function setSessionParameter(string $key, $value): self
+    {
+        $this->session[$key] = $value;
+        return $this;
+    }
+    /**
+     * Store a variable in user session.
+     *
+     * @param string $key   Session key
+     *
+     * @return $this
+     */
+    public function deleteSessionParameter(string $key): self
+    {
+        unset($this->session[$key]);
+        return $this;
+    }
+    public function getSavePath(): string
+    {
+        return $this->savePath;
+    }
+    /*
+     * Next public functions wrapping native PHP session API.
+     */
+    public function destroy(): bool
+    {
+        $this->session = [];
+        return session_destroy();
+    }
+    public function start(): bool
+    {
+        if (session_status() === PHP_SESSION_ACTIVE) {
+            $this->destroy();
+        }
+        return session_start();
+    }
+    /**
+     * Be careful, return type of session_set_cookie_params() changed between PHP 7.1 and 7.2.
+     */
+    public function cookieParameters(int $lifeTime, string $path, string $domain): void
+    {
+        session_set_cookie_params($lifeTime, $path, $domain);
+    }
+    public function regenerateId(bool $deleteOldSession = false): bool
+    {
+        return session_regenerate_id($deleteOldSession);
+    }
 }

diff --git a/application/security/SessionManager.php b/application/security/SessionManager.php index 994fcbe5..96bf193c 100644 --- a/application/security/SessionManager.php +++ b/application/security/SessionManager.php
@@ -8,6 +8,14 @@ use Shaarli\Config\ConfigManager;
8	*/	8	*/
9	class SessionManager	9	class SessionManager
10	{	10	{
		11	public const KEY_LINKS_PER_PAGE = 'LINKS_PER_PAGE';
		12	public const KEY_VISIBILITY = 'visibility';
		13	public const KEY_UNTAGGED_ONLY = 'untaggedonly';
		14
		15	public const KEY_SUCCESS_MESSAGES = 'successes';
		16	public const KEY_WARNING_MESSAGES = 'warnings';
		17	public const KEY_ERROR_MESSAGES = 'errors';
		18
11	/** @var int Session expiration timeout, in seconds */	19	/** @var int Session expiration timeout, in seconds */
12	public static $SHORT_TIMEOUT = 3600; // 1 hour	20	public static $SHORT_TIMEOUT = 3600; // 1 hour
13		21
@@ -23,16 +31,35 @@ class SessionManager
23	/** @var bool Whether the user should stay signed in (LONG_TIMEOUT) */	31	/** @var bool Whether the user should stay signed in (LONG_TIMEOUT) */
24	protected $staySignedIn = false;	32	protected $staySignedIn = false;
25		33
		34	/** @var string */
		35	protected $savePath;
		36
26	/**	37	/**
27	* Constructor	38	* Constructor
28	*	39	*
29	* @param array $session The $_SESSION array (reference)	40	* @param array $session The $_SESSION array (reference)
30	* @param ConfigManager $conf ConfigManager instance	41	* @param ConfigManager $conf ConfigManager instance
		42	* @param string $savePath Session save path returned by builtin function session_save_path()
31	*/	43	*/
32	public function __construct(& $session, $conf)	44	public function __construct(&$session, $conf, string $savePath)
33	{	45	{
34	$this->session = &$session;	46	$this->session = &$session;
35	$this->conf = $conf;	47	$this->conf = $conf;
		48	$this->savePath = $savePath;
		49	}
		50
		51	/**
		52	* Initialize XSRF token and links per page session variables.
		53	*/
		54	public function initialize(): void
		55	{
		56	if (!isset($this->session['tokens'])) {
		57	$this->session['tokens'] = [];
		58	}
		59
		60	if (!isset($this->session['LINKS_PER_PAGE'])) {
		61	$this->session['LINKS_PER_PAGE'] = $this->conf->get('general.links_per_page', 20);
		62	}
36	}	63	}
37		64
38	/**	65	/**
@@ -156,7 +183,6 @@ class SessionManager
156	unset($this->session['expires_on']);	183	unset($this->session['expires_on']);
157	unset($this->session['username']);	184	unset($this->session['username']);
158	unset($this->session['visibility']);	185	unset($this->session['visibility']);
159	unset($this->session['untaggedonly']);
160	}	186	}
161	}	187	}
162		188
@@ -202,4 +228,81 @@ class SessionManager
202	{	228	{
203	return $this->session;	229	return $this->session;
204	}	230	}
		231
		232	/**
		233	* @param mixed $default value which will be returned if the $key is undefined
		234	*
		235	* @return mixed Content stored in session
		236	*/
		237	public function getSessionParameter(string $key, $default = null)
		238	{
		239	return $this->session[$key] ?? $default;
		240	}
		241
		242	/**
		243	* Store a variable in user session.
		244	*
		245	* @param string $key Session key
		246	* @param mixed $value Session value to store
		247	*
		248	* @return $this
		249	*/
		250	public function setSessionParameter(string $key, $value): self
		251	{
		252	$this->session[$key] = $value;
		253
		254	return $this;
		255	}
		256
		257	/**
		258	* Store a variable in user session.
		259	*
		260	* @param string $key Session key
		261	*
		262	* @return $this
		263	*/
		264	public function deleteSessionParameter(string $key): self
		265	{
		266	unset($this->session[$key]);
		267
		268	return $this;
		269	}
		270
		271	public function getSavePath(): string
		272	{
		273	return $this->savePath;
		274	}
		275
		276	/*
		277	* Next public functions wrapping native PHP session API.
		278	*/
		279
		280	public function destroy(): bool
		281	{
		282	$this->session = [];
		283
		284	return session_destroy();
		285	}
		286
		287	public function start(): bool
		288	{
		289	if (session_status() === PHP_SESSION_ACTIVE) {
		290	$this->destroy();
		291	}
		292
		293	return session_start();
		294	}
		295
		296	/**
		297	* Be careful, return type of session_set_cookie_params() changed between PHP 7.1 and 7.2.
		298	*/
		299	public function cookieParameters(int $lifeTime, string $path, string $domain): void
		300	{
		301	session_set_cookie_params($lifeTime, $path, $domain);
		302	}
		303
		304	public function regenerateId(bool $deleteOldSession = false): bool
		305	{
		306	return session_regenerate_id($deleteOldSession);
		307	}
205	}	308	}