From fd7d84616d53486c3a276a42da869390e1d7f5eb Mon Sep 17 00:00:00 2001
From: VirtualTam <virtualtam@flibidi.net>
Date: Sun, 22 Oct 2017 19:54:44 +0200
Subject: Move session ID check to SessionManager

Relates to https://github.com/shaarli/Shaarli/issues/324

Changed:
- `is_session_id_valid()` -> `SessionManager::checkId()`
- update tests

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
---
 application/Utils.php | 30 ------------------------------
 1 file changed, 30 deletions(-)

(limited to 'application/Utils.php')

diff --git a/application/Utils.php b/application/Utils.php
index 2f38a8de..97b12fcf 100644
--- a/application/Utils.php
+++ b/application/Utils.php
@@ -181,36 +181,6 @@ function generateLocation($referer, $host, $loopTerms = array())
     return $finalReferer;
 }
 
-/**
- * Validate session ID to prevent Full Path Disclosure.
- *
- * See #298.
- * The session ID's format depends on the hash algorithm set in PHP settings
- *
- * @param string $sessionId Session ID
- *
- * @return true if valid, false otherwise.
- *
- * @see http://php.net/manual/en/function.hash-algos.php
- * @see http://php.net/manual/en/session.configuration.php
- */
-function is_session_id_valid($sessionId)
-{
-    if (empty($sessionId)) {
-        return false;
-    }
-
-    if (!$sessionId) {
-        return false;
-    }
-
-    if (!preg_match('/^[a-zA-Z0-9,-]{2,128}$/', $sessionId)) {
-        return false;
-    }
-
-    return true;
-}
-
 /**
  * Sniff browser language to set the locale automatically.
  * Note that is may not work on your server if the corresponding locale is not installed.
-- 
cgit v1.2.3