aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Zotlabs/Web/Session.php33
-rw-r--r--Zotlabs/Web/SessionHandler.php7
-rwxr-xr-xboot.php18
-rw-r--r--include/auth.php2
-rw-r--r--include/import.php2
-rwxr-xr-xinstall/htconfig.sample.php1
-rwxr-xr-xmod/cal.php5
-rw-r--r--version.inc2
-rw-r--r--view/en/htconfig.tpl1
9 files changed, 55 insertions, 16 deletions
diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php
index ff0070d15..d25ce5f6a 100644
--- a/Zotlabs/Web/Session.php
+++ b/Zotlabs/Web/Session.php
@@ -13,6 +13,8 @@ namespace Zotlabs\Web;
class Session {
+ private static $handler = null;
+
function init() {
$gc_probability = 50;
@@ -26,8 +28,11 @@ class Session {
*/
$handler = new \Zotlabs\Web\SessionHandler();
+ self::$handler = $handler;
- session_set_save_handler($handler,true);
+ $x = session_set_save_handler($handler,true);
+ if(! $x)
+ logger('Session save handler initialisation failed.',LOGGER_NORMAL,LOG_ERR);
// Force cookies to be secure (https only) if this site is SSL enabled.
// Must be done before session_start().
@@ -65,26 +70,28 @@ class Session {
- function new_cookie($time) {
+ function new_cookie($xtime) {
+
+ $newxtime = (($xtime> 0) ? (time() + $xtime) : 0);
$old_sid = session_id();
session_regenerate_id(false);
- q("UPDATE session SET sid = '%s' WHERE sid = '%s'",
- dbesc(session_id()),
- dbesc($old_sid)
- );
+ if(self::$handler) {
+ $v = q("UPDATE session SET sid = '%s' WHERE sid = '%s'",
+ dbesc(session_id()),
+ dbesc($old_sid)
+ );
+ }
+ else
+ logger('no session handler');
if (x($_COOKIE, 'jsAvailable')) {
- if ($time) {
- $expires = time() + $time;
- } else {
- $expires = 0;
- }
- setcookie('jsAvailable', $_COOKIE['jsAvailable'], $expires);
+ setcookie('jsAvailable', $_COOKIE['jsAvailable'], $newxtime);
}
- setcookie(session_name(),session_id(),$expires);
+ setcookie(session_name(),session_id(),$newxtime);
+
}
diff --git a/Zotlabs/Web/SessionHandler.php b/Zotlabs/Web/SessionHandler.php
index ede2bd609..670e8f216 100644
--- a/Zotlabs/Web/SessionHandler.php
+++ b/Zotlabs/Web/SessionHandler.php
@@ -35,7 +35,12 @@ class SessionHandler implements \SessionHandlerInterface {
return false;
}
- $expire = time() + $this->session_expire;
+ // Can't just use $data here because we can't be certain of the serialisation algorithm
+
+ if($_SESSION && array_key_exists('remember_me',$_SESSION) && intval($_SESSION['remember_me']))
+ $expire = time() + (60 * 60 * 24 * 365);
+ else
+ $expire = time() + $this->session_expire;
$default_expire = time() + 300;
if($this->session_exists) {
diff --git a/boot.php b/boot.php
index 386a419dc..b6febde4e 100755
--- a/boot.php
+++ b/boot.php
@@ -1542,6 +1542,24 @@ function fix_system_urls($oldurl, $newurl) {
proc_run('php', 'include/notifier.php', 'refresh_all', $c[0]['channel_id']);
}
}
+
+ // now replace any remote xchans whose photos are stored locally (which will be most if not all remote xchans)
+
+ $r = q("select * from xchan where xchan_photo_l like '%s'",
+ dbesc($oldurl . '%')
+ );
+
+ if($r) {
+ foreach($r as $rr) {
+ $x = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s' where xchan_hash = '%s'",
+ dbesc(str_replace($oldurl,$newurl,$rr['xchan_photo_l'])),
+ dbesc(str_replace($oldurl,$newurl,$rr['xchan_photo_m'])),
+ dbesc(str_replace($oldurl,$newurl,$rr['xchan_photo_s'])),
+ dbesc($rr['xchan_hash'])
+ );
+ }
+ }
+
}
diff --git a/include/auth.php b/include/auth.php
index 21f0dded8..f31bc074d 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -275,9 +275,11 @@ else {
// on the cookie
if($_POST['remember_me']) {
+ $_SESSION['remember_me'] = 1;
\Zotlabs\Web\Session::new_cookie(31449600); // one year
}
else {
+ $_SESSION['remember_me'] = 0;
\Zotlabs\Web\Session::new_cookie(0); // 0 means delete on browser exit
}
diff --git a/include/import.php b/include/import.php
index f15dedfe0..3b5c8508c 100644
--- a/include/import.php
+++ b/include/import.php
@@ -925,7 +925,7 @@ function sync_files($channel,$files) {
$ext = '';
}
- $r = q("select filename from attach where ( filename = '%s' OR filename like '%s' ) and folder == '%s' and hash != '%s' ",
+ $r = q("select filename from attach where ( filename = '%s' OR filename like '%s' ) and folder = '%s' and hash != '%s' ",
dbesc($basename . $ext),
dbesc($basename . '(%)' . $ext),
dbesc($att['folder']),
diff --git a/install/htconfig.sample.php b/install/htconfig.sample.php
index 1d9dc1a13..5e506225e 100755
--- a/install/htconfig.sample.php
+++ b/install/htconfig.sample.php
@@ -53,6 +53,7 @@ App::$config['system']['location_hash'] = 'if the auto install failed, put a uni
App::$config['system']['transport_security_header'] = 1;
App::$config['system']['content_security_policy'] = 1;
+App::$config['system']['ssl_cookie_protection'] = 1;
// Your choices are REGISTER_OPEN, REGISTER_APPROVE, or REGISTER_CLOSED.
diff --git a/mod/cal.php b/mod/cal.php
index b58f3a1f1..56d65d3f2 100755
--- a/mod/cal.php
+++ b/mod/cal.php
@@ -45,6 +45,11 @@ function cal_init(&$a) {
function cal_content(&$a) {
+ if((get_config('system','block_public')) && (! local_channel()) && (! remote_channel())) {
+ return;
+ }
+
+
$channel = null;
if(argc() > 1) {
diff --git a/version.inc b/version.inc
index 32652d931..37532de97 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2016-04-08.1360H
+2016-04-10.1362H
diff --git a/view/en/htconfig.tpl b/view/en/htconfig.tpl
index 13c5aa942..4aa6132a6 100644
--- a/view/en/htconfig.tpl
+++ b/view/en/htconfig.tpl
@@ -43,6 +43,7 @@ App::$config['system']['location_hash'] = '{{$site_id}}';
App::$config['system']['transport_security_header'] = 1;
App::$config['system']['content_security_policy'] = 1;
+App::$config['system']['ssl_cookie_protection'] = 1;
// Your choices are REGISTER_OPEN, REGISTER_APPROVE, or REGISTER_CLOSED.
// Be certain to create your own personal account before setting