diff options
-rw-r--r-- | Zotlabs/Web/Session.php | 33 | ||||
-rw-r--r-- | Zotlabs/Web/SessionHandler.php | 7 | ||||
-rwxr-xr-x | boot.php | 18 | ||||
-rw-r--r-- | include/auth.php | 2 | ||||
-rw-r--r-- | include/import.php | 2 | ||||
-rwxr-xr-x | install/htconfig.sample.php | 1 | ||||
-rwxr-xr-x | mod/cal.php | 5 | ||||
-rw-r--r-- | version.inc | 2 | ||||
-rw-r--r-- | view/en/htconfig.tpl | 1 |
9 files changed, 55 insertions, 16 deletions
diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php index ff0070d15..d25ce5f6a 100644 --- a/Zotlabs/Web/Session.php +++ b/Zotlabs/Web/Session.php @@ -13,6 +13,8 @@ namespace Zotlabs\Web; class Session { + private static $handler = null; + function init() { $gc_probability = 50; @@ -26,8 +28,11 @@ class Session { */ $handler = new \Zotlabs\Web\SessionHandler(); + self::$handler = $handler; - session_set_save_handler($handler,true); + $x = session_set_save_handler($handler,true); + if(! $x) + logger('Session save handler initialisation failed.',LOGGER_NORMAL,LOG_ERR); // Force cookies to be secure (https only) if this site is SSL enabled. // Must be done before session_start(). @@ -65,26 +70,28 @@ class Session { - function new_cookie($time) { + function new_cookie($xtime) { + + $newxtime = (($xtime> 0) ? (time() + $xtime) : 0); $old_sid = session_id(); session_regenerate_id(false); - q("UPDATE session SET sid = '%s' WHERE sid = '%s'", - dbesc(session_id()), - dbesc($old_sid) - ); + if(self::$handler) { + $v = q("UPDATE session SET sid = '%s' WHERE sid = '%s'", + dbesc(session_id()), + dbesc($old_sid) + ); + } + else + logger('no session handler'); if (x($_COOKIE, 'jsAvailable')) { - if ($time) { - $expires = time() + $time; - } else { - $expires = 0; - } - setcookie('jsAvailable', $_COOKIE['jsAvailable'], $expires); + setcookie('jsAvailable', $_COOKIE['jsAvailable'], $newxtime); } - setcookie(session_name(),session_id(),$expires); + setcookie(session_name(),session_id(),$newxtime); + } diff --git a/Zotlabs/Web/SessionHandler.php b/Zotlabs/Web/SessionHandler.php index ede2bd609..670e8f216 100644 --- a/Zotlabs/Web/SessionHandler.php +++ b/Zotlabs/Web/SessionHandler.php @@ -35,7 +35,12 @@ class SessionHandler implements \SessionHandlerInterface { return false; } - $expire = time() + $this->session_expire; + // Can't just use $data here because we can't be certain of the serialisation algorithm + + if($_SESSION && array_key_exists('remember_me',$_SESSION) && intval($_SESSION['remember_me'])) + $expire = time() + (60 * 60 * 24 * 365); + else + $expire = time() + $this->session_expire; $default_expire = time() + 300; if($this->session_exists) { @@ -1542,6 +1542,24 @@ function fix_system_urls($oldurl, $newurl) { proc_run('php', 'include/notifier.php', 'refresh_all', $c[0]['channel_id']); } } + + // now replace any remote xchans whose photos are stored locally (which will be most if not all remote xchans) + + $r = q("select * from xchan where xchan_photo_l like '%s'", + dbesc($oldurl . '%') + ); + + if($r) { + foreach($r as $rr) { + $x = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s' where xchan_hash = '%s'", + dbesc(str_replace($oldurl,$newurl,$rr['xchan_photo_l'])), + dbesc(str_replace($oldurl,$newurl,$rr['xchan_photo_m'])), + dbesc(str_replace($oldurl,$newurl,$rr['xchan_photo_s'])), + dbesc($rr['xchan_hash']) + ); + } + } + } diff --git a/include/auth.php b/include/auth.php index 21f0dded8..f31bc074d 100644 --- a/include/auth.php +++ b/include/auth.php @@ -275,9 +275,11 @@ else { // on the cookie if($_POST['remember_me']) { + $_SESSION['remember_me'] = 1; \Zotlabs\Web\Session::new_cookie(31449600); // one year } else { + $_SESSION['remember_me'] = 0; \Zotlabs\Web\Session::new_cookie(0); // 0 means delete on browser exit } diff --git a/include/import.php b/include/import.php index f15dedfe0..3b5c8508c 100644 --- a/include/import.php +++ b/include/import.php @@ -925,7 +925,7 @@ function sync_files($channel,$files) { $ext = ''; } - $r = q("select filename from attach where ( filename = '%s' OR filename like '%s' ) and folder == '%s' and hash != '%s' ", + $r = q("select filename from attach where ( filename = '%s' OR filename like '%s' ) and folder = '%s' and hash != '%s' ", dbesc($basename . $ext), dbesc($basename . '(%)' . $ext), dbesc($att['folder']), diff --git a/install/htconfig.sample.php b/install/htconfig.sample.php index 1d9dc1a13..5e506225e 100755 --- a/install/htconfig.sample.php +++ b/install/htconfig.sample.php @@ -53,6 +53,7 @@ App::$config['system']['location_hash'] = 'if the auto install failed, put a uni App::$config['system']['transport_security_header'] = 1; App::$config['system']['content_security_policy'] = 1; +App::$config['system']['ssl_cookie_protection'] = 1; // Your choices are REGISTER_OPEN, REGISTER_APPROVE, or REGISTER_CLOSED. diff --git a/mod/cal.php b/mod/cal.php index b58f3a1f1..56d65d3f2 100755 --- a/mod/cal.php +++ b/mod/cal.php @@ -45,6 +45,11 @@ function cal_init(&$a) { function cal_content(&$a) { + if((get_config('system','block_public')) && (! local_channel()) && (! remote_channel())) { + return; + } + + $channel = null; if(argc() > 1) { diff --git a/version.inc b/version.inc index 32652d931..37532de97 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2016-04-08.1360H +2016-04-10.1362H diff --git a/view/en/htconfig.tpl b/view/en/htconfig.tpl index 13c5aa942..4aa6132a6 100644 --- a/view/en/htconfig.tpl +++ b/view/en/htconfig.tpl @@ -43,6 +43,7 @@ App::$config['system']['location_hash'] = '{{$site_id}}'; App::$config['system']['transport_security_header'] = 1; App::$config['system']['content_security_policy'] = 1; +App::$config['system']['ssl_cookie_protection'] = 1; // Your choices are REGISTER_OPEN, REGISTER_APPROVE, or REGISTER_CLOSED. // Be certain to create your own personal account before setting |