diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php
index d9520810bf4a891eeb45751379747cebb9cae29d..0f7eb84dc1b76174736feba860ef65c9c7709d00 100644
--- a/apps/files_encryption/lib/proxy.php
+++ b/apps/files_encryption/lib/proxy.php
@@ -220,7 +220,7 @@ class Proxy extends \OC_FileProxy
} elseif (
Crypt::mode() == 'server'
- && isset( $_SESSION['legacyenckey'] )
+ &&\OC::$session->exists('legacyenckey')
&& Crypt::isEncryptedMeta( $path )
) {
$plainData = Crypt::legacyBlockDecrypt( $data, $session->getLegacyKey() );
diff --git a/apps/files_encryption/lib/session.php b/apps/files_encryption/lib/session.php
index 2ddad0a15dacf188fb21575f45fb9cb3010922a4..d3353c738187770a1352ce12158e3edba43c085f 100644
--- a/apps/files_encryption/lib/session.php
+++ b/apps/files_encryption/lib/session.php
@@ -106,7 +106,7 @@ class Session
*/
public function setPrivateKey( $privateKey ) {
- $_SESSION['privateKey'] = $privateKey;
+ \OC::$session->set('privateKey', $privateKey)
return true;
@@ -119,12 +119,9 @@ class Session
*/
public function getPrivateKey() {
- if (
- isset( $_SESSION['privateKey'] )
- && !empty( $_SESSION['privateKey'] )
- ) {
+ if ( !is_null( \OC::$session->get('privateKey') ) ) {
- return $_SESSION['privateKey'];
+ return \OC::$session->get('privateKey');
} else {
@@ -141,7 +138,7 @@ class Session
*/
public function setLegacyKey( $legacyKey ) {
- $_SESSION['legacyKey'] = $legacyKey;
+ \OC::$session->set('legacyKey', $legacyKey);
return true;
}
@@ -153,12 +150,9 @@ class Session
*/
public function getLegacyKey() {
- if (
- isset( $_SESSION['legacyKey'] )
- && !empty( $_SESSION['legacyKey'] )
- ) {
+ if ( !is_null( \OC::$session->get('legacyKey') ) ) {
- return $_SESSION['legacyKey'];
+ return \OC::$session->get('legacyKey');
} else {
@@ -168,4 +162,4 @@ class Session
}
-}
\ No newline at end of file
+}
diff --git a/apps/files_encryption/tests/util.php b/apps/files_encryption/tests/util.php
index 2069cae27e5bdb232a8ee028e6ee1f3b9b926387..0dc452a41c870de813b9034d3561542202edf2ff 100755
--- a/apps/files_encryption/tests/util.php
+++ b/apps/files_encryption/tests/util.php
@@ -183,7 +183,7 @@ class Test_Encryption_Util extends \PHPUnit_Framework_TestCase {
$this->assertTrue(OCA\Encryption\Hooks::login($params));
- $this->assertEquals($this->legacyKey, $_SESSION['legacyKey']);
+ $this->assertEquals($this->legacyKey, \OC::$session->get('legacyKey'));
}
function testRecoveryEnabledForUser() {
@@ -273,7 +273,7 @@ class Test_Encryption_Util extends \PHPUnit_Framework_TestCase {
$this->assertTrue(OCA\Encryption\Hooks::login($params));
- $this->assertEquals($this->legacyKey, $_SESSION['legacyKey']);
+ $this->assertEquals($this->legacyKey, \OC::$session->get('legacyKey'));
$files = $util->findEncFiles('/' . \Test_Encryption_Util::TEST_ENCRYPTION_UTIL_LEGACY_USER . '/files/');
@@ -314,4 +314,4 @@ class Test_Encryption_Util extends \PHPUnit_Framework_TestCase {
$params['password'] = $password;
OCA\Encryption\Hooks::login($params);
}
-}
\ No newline at end of file
+}
diff --git a/apps/files_sharing/public.php b/apps/files_sharing/public.php
index 59598e35fa241b8a923d77b49c4d44e6f6e1376e..98d2a84fb6658183b5e1263ff73e8f6087e8285c 100644
--- a/apps/files_sharing/public.php
+++ b/apps/files_sharing/public.php
@@ -84,7 +84,7 @@ if (isset($path)) {
exit();
} else {
// Save item id in session for future requests
- $_SESSION['public_link_authenticated'] = $linkItem['id'];
+ \OC::$session->set('public_link_authenticated', $linkItem['id']);
}
} else {
OCP\Util::writeLog('share', 'Unknown share type '.$linkItem['share_type']
@@ -97,8 +97,8 @@ if (isset($path)) {
} else {
// Check if item id is set in session
- if (!isset($_SESSION['public_link_authenticated'])
- || $_SESSION['public_link_authenticated'] !== $linkItem['id']
+ if ( ! \OC::$session->exists('public_link_authenticated')
+ || \OC::$session->get('public_link_authenticated') !== $linkItem['id']
) {
// Prompt for password
$tmpl = new OCP\Template('files_sharing', 'authenticate', 'guest');
diff --git a/lib/base.php b/lib/base.php
index 724bd250a5c63fc3d518b5d19c41933d29b21c36..c6ea32362e4ed3eb371b57477ace14ae95f0186e 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -74,6 +74,11 @@ class OC {
*/
protected static $router = null;
+ /**
+ * @var \OC\Session\Session
+ */
+ public static $session = null;
+
/**
* @var \OC\Autoloader $loader
*/
@@ -283,14 +288,14 @@ class OC {
$cookie_path = OC::$WEBROOT ?: '/';
ini_set('session.cookie_path', $cookie_path);
- // set the session name to the instance id - which is unique
- session_name(OC_Util::getInstanceId());
-
- // if session cant be started break with http 500 error
- if (session_start() === false){
- OC_Log::write('core', 'Session could not be initialized',
+ try{
+ // set the session name to the instance id - which is unique
+ self::$session=new \OC\Session\Internal(OC_Util::getInstanceId());
+ // if session cant be started break with http 500 error
+ }catch (Exception $e){
+ OC_Log::write('core', 'Session could not be initialized',
OC_Log::ERROR);
-
+
header('HTTP/1.1 500 Internal Server Error');
OC_Util::addStyle("styles");
$error = 'Session could not be initialized. Please contact your ';
@@ -304,15 +309,15 @@ class OC {
}
// regenerate session id periodically to avoid session fixation
- if (!isset($_SESSION['SID_CREATED'])) {
- $_SESSION['SID_CREATED'] = time();
- } else if (time() - $_SESSION['SID_CREATED'] > 60*60*12) {
+ if (!self::$session->exists('SID_CREATED')) {
+ self::$session->set('SID_CREATED', time());
+ } else if (time() - self::$session->get('SID_CREATED') > 60*60*12) {
session_regenerate_id(true);
- $_SESSION['SID_CREATED'] = time();
+ self::$session->set('SID_CREATED', time());
}
// session timeout
- if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 60*60*24)) {
+ if (self::$session->exists('LAST_ACTIVITY') && (time() - self::$session->get('LAST_ACTIVITY') > 60*60*24)) {
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time() - 42000, $cookie_path);
}
@@ -320,7 +325,8 @@ class OC {
session_destroy();
session_start();
}
- $_SESSION['LAST_ACTIVITY'] = time();
+
+ self::$session->set('LAST_ACTIVITY', time());
}
public static function getRouter() {
@@ -446,14 +452,14 @@ class OC {
// User and Groups
if (!OC_Config::getValue("installed", false)) {
- $_SESSION['user_id'] = '';
+ self::$session->set('user_id','');
}
OC_User::useBackend(new OC_User_Database());
OC_Group::useBackend(new OC_Group_Database());
- if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SESSION['user_id'])
- && $_SERVER['PHP_AUTH_USER'] != $_SESSION['user_id']) {
+ if (isset($_SERVER['PHP_AUTH_USER']) && self::$session->exists('user_id')
+ && $_SERVER['PHP_AUTH_USER'] != self::$session->get('user_id')) {
OC_User::logout();
}
@@ -598,7 +604,7 @@ class OC {
// Handle redirect URL for logged in users
if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) {
$location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url']));
-
+
// Deny the redirect if the URL contains a @
// This prevents unvalidated redirects like ?redirect_url=:user@domain.com
if (strpos($location, '@') === false) {
@@ -748,7 +754,7 @@ class OC {
if (OC_User::login($_POST["user"], $_POST["password"])) {
// setting up the time zone
if (isset($_POST['timezone-offset'])) {
- $_SESSION['timezone'] = $_POST['timezone-offset'];
+ self::$session->set('timezone', $_POST['timezone-offset']);
}
self::cleanupLoginTokens($_POST['user']);
diff --git a/lib/template.php b/lib/template.php
index 2f53533564880ed73d342f04489a8d43cb89cbeb..9467dedb62aac43c34f31480cb6efac051771232 100644
--- a/lib/template.php
+++ b/lib/template.php
@@ -246,14 +246,14 @@ class OC_Template{
// if the formfactor is not yet autodetected do the
// autodetection now. For possible formfactors check the
// detectFormfactor documentation
- if(!isset($_SESSION['formfactor'])) {
- $_SESSION['formfactor'] = self::detectFormfactor();
+ if (!\OC::$session->exists('formfactor')) {
+ \OC::$session->set('formfactor', self::detectFormfactor());
}
// allow manual override via GET parameter
if(isset($_GET['formfactor'])) {
- $_SESSION['formfactor']=$_GET['formfactor'];
+ \OC::$session->set('formfactor', $_GET['formfactor']);
}
- $formfactor=$_SESSION['formfactor'];
+ $formfactor = \OC::$session->get('formfactor');
if($formfactor=='default') {
$fext='';
}elseif($formfactor=='mobile') {
diff --git a/lib/user.php b/lib/user.php
index 26fe73f8bfe630dd71b5a0bfa8056474555d6229..1dde87a13395dabc331c597317ad25ad3038a2e7 100644
--- a/lib/user.php
+++ b/lib/user.php
@@ -264,7 +264,7 @@ class OC_User {
* @brief Sets user id for session and triggers emit
*/
public static function setUserId($uid) {
- $_SESSION['user_id'] = $uid;
+ \OC::$session->set('user_id', $uid);
}
/**
@@ -285,7 +285,7 @@ class OC_User {
$result = true;
}
if (OC_User::getUser() === $uid) {
- $_SESSION['display_name'] = $displayName;
+ \OC::$session->set('display_name', $displayName);
}
return $result;
}
@@ -328,10 +328,10 @@ class OC_User {
* Checks if the user is logged in
*/
public static function isLoggedIn() {
- if( isset($_SESSION['user_id']) AND $_SESSION['user_id']) {
+ if( \OC::$session->get('user_id')) {
OC_App::loadApps(array('authentication'));
self::setupBackends();
- if (self::userExists($_SESSION['user_id']) ) {
+ if (self::userExists(\OC::$session->get('user_id')) ) {
return true;
}
}
@@ -356,8 +356,8 @@ class OC_User {
* @return string uid or false
*/
public static function getUser() {
- if( isset($_SESSION['user_id']) AND $_SESSION['user_id'] ) {
- return $_SESSION['user_id'];
+ if( \OC::$session->get('user_id') ) {
+ return \OC::$session->get('user_id');
}
else{
return false;
@@ -371,8 +371,8 @@ class OC_User {
public static function getDisplayName($user=null) {
if ( $user ) {
return self::determineDisplayName($user);
- } else if( isset($_SESSION['display_name']) AND $_SESSION['display_name'] ) {
- return $_SESSION['display_name'];
+ } else if( \OC::$session->get('display_name') ) {
+ return \OC::$session->get('display_name');
}
else{
return false;
diff --git a/lib/util.php b/lib/util.php
index ce68568183b864abf63efb70ff7ee87bfd73bd19..581f35bc0acb5c7ed27e5d1a2134c91a82102293 100755
--- a/lib/util.php
+++ b/lib/util.php
@@ -151,10 +151,10 @@ class OC_Util {
* @param bool dateOnly option to omit time from the result
*/
public static function formatDate( $timestamp, $dateOnly=false) {
- if(isset($_SESSION['timezone'])) {//adjust to clients timezone if we know it
+ if(\OC::$session->exists('timezone')) {//adjust to clients timezone if we know it
$systemTimeZone = intval(date('O'));
$systemTimeZone=(round($systemTimeZone/100, 0)*60)+($systemTimeZone%100);
- $clientTimeZone=$_SESSION['timezone']*60;
+ $clientTimeZone=\OC::$session->get('timezone')*60;
$offset=$clientTimeZone-$systemTimeZone;
$timestamp=$timestamp+$offset*60;
}
@@ -458,13 +458,13 @@ class OC_Util {
*/
public static function callRegister() {
// Check if a token exists
- if(!isset($_SESSION['requesttoken'])) {
+ if(!\OC::$session->exists('requesttoken')) {
// No valid token found, generate a new one.
$requestToken = self::generate_random_bytes(20);
- $_SESSION['requesttoken']=$requestToken;
+ \OC::$session->set('requesttoken', $requestToken);
} else {
// Valid token already exists, send it
- $requestToken = $_SESSION['requesttoken'];
+ $requestToken = \OC::$session->get('requesttoken');
}
return($requestToken);
}
@@ -476,7 +476,7 @@ class OC_Util {
* @see OC_Util::callRegister()
*/
public static function isCallRegistered() {
- if(!isset($_SESSION['requesttoken'])) {
+ if(!\OC::$session->exists('requesttoken')) {
return false;
}
@@ -492,7 +492,7 @@ class OC_Util {
}
// Check if the token is valid
- if($token !== $_SESSION['requesttoken']) {
+ if($token !== \OC::$session->get('requesttoken')) {
// Not valid
return false;
} else {