Skip to content
This repository was archived by the owner on Nov 18, 2025. It is now read-only.

Commit 5dbb650

Browse files
otengkwameotengkwame
committed
👌 improve Session functionalities
Signed-off-by: otengkwame <[email protected]>
1 parent 954fee6 commit 5dbb650

File tree

2 files changed

+198
-233
lines changed

2 files changed

+198
-233
lines changed

framework/core/Input.php

Lines changed: 61 additions & 50 deletions
Original file line numberDiff line numberDiff line change
@@ -174,11 +174,11 @@ public function __construct()
174174
* @param bool $xss_clean Whether to apply XSS filtering
175175
* @return mixed
176176
*/
177-
protected function _fetch_from_array(&$array, $index = NULL, $xss_clean = NULL)
177+
protected function _fetch_from_array(&$array, $index = null, $xss_clean = false)
178178
{
179179
is_bool($xss_clean) or $xss_clean = $this->_enable_xss;
180180

181-
// If $index is NULL, it means that the whole $array is requested
181+
// If $index is null, it means that the whole $array is requested
182182
isset($index) or $index = array_keys($array);
183183

184184
// allow fetching multiple keys at once
@@ -206,11 +206,11 @@ protected function _fetch_from_array(&$array, $index = NULL, $xss_clean = NULL)
206206
if (isset($value[$key])) {
207207
$value = $value[$key];
208208
} else {
209-
return NULL;
209+
return null;
210210
}
211211
}
212212
} else {
213-
return NULL;
213+
return null;
214214
}
215215

216216
return ($xss_clean === true)
@@ -227,7 +227,7 @@ protected function _fetch_from_array(&$array, $index = NULL, $xss_clean = NULL)
227227
* @param bool $xss_clean Whether to apply XSS filtering
228228
* @return mixed
229229
*/
230-
public function get($index = NULL, $xss_clean = NULL)
230+
public function get($index = null, $xss_clean = false)
231231
{
232232
return $this->_fetch_from_array($_GET, $index, $xss_clean);
233233
}
@@ -241,7 +241,7 @@ public function get($index = NULL, $xss_clean = NULL)
241241
* @param bool $xss_clean Whether to apply XSS filtering
242242
* @return mixed
243243
*/
244-
public function post($index = NULL, $xss_clean = NULL)
244+
public function post($index = null, $xss_clean = false)
245245
{
246246
return $this->_fetch_from_array($_POST, $index, $xss_clean);
247247
}
@@ -255,7 +255,7 @@ public function post($index = NULL, $xss_clean = NULL)
255255
* @param bool $xss_clean Whether to apply XSS filtering
256256
* @return mixed
257257
*/
258-
public function post_get($index, $xss_clean = NULL)
258+
public function post_get($index, $xss_clean = false)
259259
{
260260
return isset($_POST[$index])
261261
? $this->post($index, $xss_clean)
@@ -271,7 +271,7 @@ public function post_get($index, $xss_clean = NULL)
271271
* @param bool $xss_clean Whether to apply XSS filtering
272272
* @return mixed
273273
*/
274-
public function get_post($index, $xss_clean = NULL)
274+
public function get_post($index, $xss_clean = false)
275275
{
276276
return isset($_GET[$index])
277277
? $this->get($index, $xss_clean)
@@ -287,7 +287,7 @@ public function get_post($index, $xss_clean = NULL)
287287
* @param bool $xss_clean Whether to apply XSS filtering
288288
* @return mixed
289289
*/
290-
public function cookie($index = NULL, $xss_clean = NULL)
290+
public function cookie($index = null, $xss_clean = false)
291291
{
292292
return $this->_fetch_from_array($_COOKIE, $index, $xss_clean);
293293
}
@@ -301,7 +301,7 @@ public function cookie($index = NULL, $xss_clean = NULL)
301301
* @param bool $xss_clean Whether to apply XSS filtering
302302
* @return mixed
303303
*/
304-
public function server($index, $xss_clean = NULL)
304+
public function server($index, $xss_clean = false)
305305
{
306306
return $this->_fetch_from_array($_SERVER, $index, $xss_clean);
307307
}
@@ -317,7 +317,7 @@ public function server($index, $xss_clean = NULL)
317317
* @param bool $xss_clean Whether to apply XSS filtering
318318
* @return mixed
319319
*/
320-
public function input_stream($index = NULL, $xss_clean = NULL)
320+
public function input_stream($index = null, $xss_clean = false)
321321
{
322322
// Prior to PHP 5.6, the input stream can only be read once,
323323
// so we'll need to check if we have already done that first.
@@ -346,14 +346,14 @@ public function input_stream($index = NULL, $xss_clean = NULL)
346346
* @param string $prefix Cookie name prefix
347347
* @param bool $secure Whether to only transfer cookies via SSL
348348
* @param bool $httponly Whether to only makes the cookie accessible via HTTP (no javascript)
349-
* @param string|NULL $samesite The SameSite cookie setting (Possible values: 'Lax', 'Strict', 'None', NULL, default: NULL)
349+
* @param string|null $samesite The SameSite cookie setting (Possible values: 'Lax', 'Strict', 'None', null, default: null)
350350
* @return void
351351
*/
352-
public function set_cookie($name, $value = '', $expire = 0, $domain = '', $path = '/', $prefix = '', $secure = NULL, $httponly = NULL, $samesite = NULL)
352+
public function set_cookie($name, $value = '', $expire = 0, $domain = '', $path = '/', $prefix = '', $secure = null, $httponly = null, $samesite = null)
353353
{
354354
if (is_array($name)) {
355355
// always leave 'name' in last place, as the loop will break otherwise, due to $$item
356-
foreach (['value', 'expire', 'domain', 'path', 'prefix', 'secure', 'httponly', 'name'] as $item) {
356+
foreach (['value', 'expire', 'domain', 'path', 'prefix', 'secure', 'httponly', 'samesite', 'name'] as $item) {
357357
if (isset($name[$item])) {
358358
$$item = $name[$item];
359359
}
@@ -372,38 +372,58 @@ public function set_cookie($name, $value = '', $expire = 0, $domain = '', $path
372372
$path = config_item('cookie_path');
373373
}
374374

375-
$secure = ($secure === NULL && config_item('cookie_secure') !== NULL)
375+
$secure = ($secure === null && config_item('cookie_secure') !== null)
376376
? (bool) config_item('cookie_secure')
377377
: (bool) $secure;
378378

379-
$httponly = ($httponly === NULL && config_item('cookie_httponly') !== NULL)
379+
$httponly = ($httponly === null && config_item('cookie_httponly') !== null)
380380
? (bool) config_item('cookie_httponly')
381381
: (bool) $httponly;
382382

383-
// Handle cookie 'samesite' attribute
384-
$samesite = ($samesite === NULL && config_item('cookie_samesite') !== NULL)
385-
? config_item('cookie_samesite')
386-
: 'None';
387-
388383
if (!is_numeric($expire) or $expire < 0) {
389384
$expire = 1;
390385
} else {
391386
$expire = ($expire > 0) ? time() + $expire : 0;
392387
}
393388

389+
// Handle cookie 'samesite' attribute
390+
isset($samesite) or $samesite = config_item('cookie_samesite');
391+
392+
if (isset($samesite)) {
393+
$samesite = ucfirst(strtolower($samesite));
394+
in_array($samesite, ['Lax', 'Strict', 'None'], TRUE) or $samesite = 'Lax';
395+
} else {
396+
$samesite = 'Lax';
397+
}
398+
399+
if ($samesite === 'None' && !$secure) {
400+
log_message('error', $name . ' cookie sent with SameSite=None, but without Secure attribute.');
401+
}
402+
403+
if (!is_php('7.3')) {
404+
$maxage = $expire - time();
405+
if ($maxage < 1) {
406+
$maxage = 0;
407+
}
408+
409+
$cookie_header = 'Set-Cookie: ' . $prefix . $name . '=' . rawurlencode($value);
410+
$cookie_header .= ($expire === 0 ? '' : '; Expires=' . gmdate('D, d-M-Y H:i:s T', $expire)) . '; Max-Age=' . $maxage;
411+
$cookie_header .= '; Path=' . $path . ($domain !== '' ? '; Domain=' . $domain : '');
412+
$cookie_header .= ($secure ? '; Secure' : '') . ($httponly ? '; HttpOnly' : '') . '; SameSite=' . $samesite;
413+
header($cookie_header);
414+
return;
415+
}
416+
394417
// using setcookie with array option to add cookie 'samesite' attribute
395-
setcookie(
396-
$prefix . $name,
397-
$value,
398-
[
399-
'expires' => $expire,
400-
'path' => $path,
401-
'domain' => $domain,
402-
'secure' => $secure,
403-
'httponly' => $httponly,
404-
'samesite' => $samesite // add samesite attribute
405-
]
406-
);
418+
$setcookie_options = [
419+
'expires' => $expire,
420+
'path' => $path,
421+
'domain' => $domain,
422+
'secure' => $secure,
423+
'httponly' => $httponly,
424+
'samesite' => $samesite,
425+
];
426+
setcookie($prefix . $name, $value, $setcookie_options);
407427
}
408428

409429
// --------------------------------------------------------------------
@@ -430,14 +450,14 @@ public function ip_address()
430450

431451
if ($proxy_ips) {
432452
foreach (['HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP', 'HTTP_X_CLIENT_IP', 'HTTP_X_CLUSTER_CLIENT_IP'] as $header) {
433-
if (($spoof = $this->server($header)) !== NULL) {
453+
if (($spoof = $this->server($header)) !== null) {
434454
// Some proxies typically list the whole chain of IP
435455
// addresses through which the client has reached us.
436456
// e.g. client_ip, proxy_ip1, proxy_ip2, etc.
437457
sscanf($spoof, '%[^,]', $spoof);
438458

439459
if (!$this->valid_ip($spoof)) {
440-
$spoof = NULL;
460+
$spoof = null;
441461
} else {
442462
break;
443463
}
@@ -552,9 +572,9 @@ public function valid_ip($ip = '', $which = '')
552572
/**
553573
* Fetch User Agent string
554574
*
555-
* @return string|null User Agent string or NULL if it doesn't exist
575+
* @return string|null User Agent string or null if it doesn't exist
556576
*/
557-
public function user_agent($xss_clean = NULL)
577+
public function user_agent($xss_clean = false)
558578
{
559579
return $this->_fetch_from_array($_SERVER, 'HTTP_USER_AGENT', $xss_clean);
560580
}
@@ -639,15 +659,6 @@ protected function _clean_input_data($str)
639659
return $new_array;
640660
}
641661

642-
/* We strip slashes if magic quotes is on to keep things consistent
643-
644-
NOTE: In PHP 5.4 get_magic_quotes_gpc() will always return 0 and
645-
it will probably not exist in future versions at all.
646-
*/
647-
if (!is_php('5.4') && get_magic_quotes_gpc()) {
648-
$str = stripslashes($str);
649-
}
650-
651662
// Clean UTF-8 if supported
652663
if (UTF8_ENABLED === true) {
653664
$str = $this->uni->clean_string($str);
@@ -711,7 +722,7 @@ public function request_headers($xss_clean = false)
711722
{
712723
// If header is already defined, return it immediately
713724
if (!empty($this->headers)) {
714-
return $this->_fetch_from_array($this->headers, NULL, $xss_clean);
725+
return $this->_fetch_from_array($this->headers, null, $xss_clean);
715726
}
716727

717728
// In Apache, you can simply call apache_request_headers()
@@ -731,7 +742,7 @@ public function request_headers($xss_clean = false)
731742
}
732743
}
733744

734-
return $this->_fetch_from_array($this->headers, NULL, $xss_clean);
745+
return $this->_fetch_from_array($this->headers, null, $xss_clean);
735746
}
736747

737748
// --------------------------------------------------------------------
@@ -743,7 +754,7 @@ public function request_headers($xss_clean = false)
743754
*
744755
* @param string $index Header name
745756
* @param bool $xss_clean Whether to apply XSS filtering
746-
* @return string|null The requested header on success or NULL on failure
757+
* @return string|null The requested header on success or null on failure
747758
*/
748759
public function get_request_header($index, $xss_clean = false)
749760
{
@@ -759,7 +770,7 @@ public function get_request_header($index, $xss_clean = false)
759770
$index = strtolower($index);
760771

761772
if (!isset($headers[$index])) {
762-
return NULL;
773+
return null;
763774
}
764775

765776
return ($xss_clean === true)

0 commit comments

Comments
 (0)