 recca0120    /
                    laravel-elfinder
                      recca0120    /
                    laravel-elfinder
                
                            This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include, or for example
                                via PHP's auto-loading mechanism.
                                                    These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
| 1 | <?php | ||
| 2 | |||
| 3 | /** | ||
| 4 | * elFinder - file manager for web. | ||
| 5 | * Session Wrapper Class. | ||
| 6 | * | ||
| 7 | * @author Naoki Sawada | ||
| 8 | **/ | ||
| 9 | class elFinderSession implements elFinderSessionInterface | ||
| 10 | { | ||
| 11 | protected $started = false; | ||
| 12 | |||
| 13 | protected $keys = []; | ||
| 14 | |||
| 15 | protected $base64encode = false; | ||
| 16 | |||
| 17 | protected $opts = [ | ||
| 18 | 'base64encode' => false, | ||
| 19 | 'keys' => [ | ||
| 20 | 'default' => 'elFinderCaches', | ||
| 21 | 'netvolume' => 'elFinderNetVolumes', | ||
| 22 | ], | ||
| 23 | ]; | ||
| 24 | |||
| 25 | public function __construct($opts) | ||
| 26 |     { | ||
| 27 | $this->opts = array_merge($this->opts, $opts); | ||
| 28 | $this->base64encode = ! empty($this->opts['base64encode']); | ||
| 29 | $this->keys = $this->opts['keys']; | ||
| 30 | |||
| 31 | return $this; | ||
| 32 | } | ||
| 33 | |||
| 34 | /** | ||
| 35 |      * {@inheritdoc} | ||
| 36 | */ | ||
| 37 | public function start() | ||
| 38 |     { | ||
| 39 |         if (version_compare(PHP_VERSION, '5.4.0', '>=')) { | ||
| 40 |             if (session_status() !== PHP_SESSION_ACTIVE) { | ||
| 41 | session_start(); | ||
| 42 | } | ||
| 43 |         } else { | ||
| 44 | set_error_handler([$this, 'session_start_error'], E_NOTICE); | ||
| 45 | session_start(); | ||
| 46 | restore_error_handler(); | ||
| 47 | } | ||
| 48 | $this->started = session_id() ? true : false; | ||
| 49 | |||
| 50 | return $this; | ||
| 51 | } | ||
| 52 | |||
| 53 | /** | ||
| 54 |      * {@inheritdoc} | ||
| 55 | */ | ||
| 56 | public function close() | ||
| 57 |     { | ||
| 58 |         if ($this->started) { | ||
| 59 | session_write_close(); | ||
| 60 | } | ||
| 61 | $this->started = false; | ||
| 62 | |||
| 63 | return $this; | ||
| 64 | } | ||
| 65 | |||
| 66 | /** | ||
| 67 |      * {@inheritdoc} | ||
| 68 | */ | ||
| 69 | public function get($key, $empty = null) | ||
| 70 |     { | ||
| 71 | $closed = false; | ||
| 72 |         if (! $this->started) { | ||
| 73 | $closed = true; | ||
| 74 | $this->start(); | ||
| 75 | } | ||
| 76 | |||
| 77 | $data = null; | ||
| 78 | |||
| 79 |         if ($this->started) { | ||
| 80 | $session = &$this->getSessionRef($key); | ||
| 81 | $data = $session; | ||
| 82 |             if ($data && $this->base64encode) { | ||
| 83 | $data = $this->decodeData($data); | ||
| 84 | } | ||
| 85 | } | ||
| 86 | |||
| 87 | $checkFn = null; | ||
| 88 |         if (! is_null($empty)) { | ||
| 89 |             if (is_string($empty)) { | ||
| 90 | $checkFn = 'is_string'; | ||
| 91 |             } elseif (is_array($empty)) { | ||
| 92 | $checkFn = 'is_array'; | ||
| 93 |             } elseif (is_object($empty)) { | ||
| 94 | $checkFn = 'is_object'; | ||
| 95 |             } elseif (is_float($empty)) { | ||
| 96 | $checkFn = 'is_float'; | ||
| 97 |             } elseif (is_int($empty)) { | ||
| 98 | $checkFn = 'is_int'; | ||
| 99 | } | ||
| 100 | } | ||
| 101 | |||
| 102 |         if (is_null($data) || ($checkFn && ! $checkFn($data))) { | ||
| 0 ignored issues–
                            show | |||
| 103 | $session = $data = $empty; | ||
| 104 | } | ||
| 105 | |||
| 106 |         if ($closed) { | ||
| 107 | $this->close(); | ||
| 108 | } | ||
| 109 | |||
| 110 | return $data; | ||
| 111 | } | ||
| 112 | |||
| 113 | /** | ||
| 114 |      * {@inheritdoc} | ||
| 115 | */ | ||
| 116 | public function set($key, $data) | ||
| 117 |     { | ||
| 118 | $closed = false; | ||
| 119 |         if (! $this->started) { | ||
| 120 | $closed = true; | ||
| 121 | $this->start(); | ||
| 122 | } | ||
| 123 | $session = &$this->getSessionRef($key); | ||
| 124 |         if ($this->base64encode) { | ||
| 125 | $data = $this->encodeData($data); | ||
| 126 | } | ||
| 127 | $session = $data; | ||
| 128 | |||
| 129 |         if ($closed) { | ||
| 130 | $this->close(); | ||
| 131 | } | ||
| 132 | |||
| 133 | return $this; | ||
| 134 | } | ||
| 135 | |||
| 136 | /** | ||
| 137 |      * {@inheritdoc} | ||
| 138 | */ | ||
| 139 | public function remove($key) | ||
| 140 |     { | ||
| 141 | $closed = false; | ||
| 142 |         if (! $this->started) { | ||
| 143 | $closed = true; | ||
| 144 | $this->start(); | ||
| 145 | } | ||
| 146 | |||
| 147 |         list($cat, $name) = array_pad(explode('.', $key, 2), 2, null); | ||
| 148 | View Code Duplication |         if (is_null($name)) { | |
| 149 |             if (! isset($this->keys[$cat])) { | ||
| 150 | $name = $cat; | ||
| 151 | $cat = 'default'; | ||
| 152 | } | ||
| 153 | } | ||
| 154 | View Code Duplication |         if (isset($this->keys[$cat])) { | |
| 155 | $cat = $this->keys[$cat]; | ||
| 156 |         } else { | ||
| 157 | $name = $cat.'.'.$name; | ||
| 158 | $cat = $this->keys['default']; | ||
| 159 | } | ||
| 160 |         if (is_null($name)) { | ||
| 161 | unset($_SESSION[$cat]); | ||
| 162 |         } else { | ||
| 163 |             if (isset($_SESSION[$cat]) && is_array($_SESSION[$cat])) { | ||
| 164 | unset($_SESSION[$cat][$name]); | ||
| 165 | } | ||
| 166 | } | ||
| 167 | |||
| 168 |         if ($closed) { | ||
| 169 | $this->close(); | ||
| 170 | } | ||
| 171 | |||
| 172 | return $this; | ||
| 173 | } | ||
| 174 | |||
| 175 | protected function &getSessionRef($key) | ||
| 176 |     { | ||
| 177 | $session = null; | ||
| 178 |         if ($this->started) { | ||
| 179 |             list($cat, $name) = array_pad(explode('.', $key, 2), 2, null); | ||
| 180 | View Code Duplication |             if (is_null($name)) { | |
| 181 |                 if (! isset($this->keys[$cat])) { | ||
| 182 | $name = $cat; | ||
| 183 | $cat = 'default'; | ||
| 184 | } | ||
| 185 | } | ||
| 186 | View Code Duplication |             if (isset($this->keys[$cat])) { | |
| 187 | $cat = $this->keys[$cat]; | ||
| 188 |             } else { | ||
| 189 | $name = $cat.'.'.$name; | ||
| 190 | $cat = $this->keys['default']; | ||
| 191 | } | ||
| 192 |             if (is_null($name)) { | ||
| 193 |                 if (! isset($_SESSION[$cat])) { | ||
| 194 | $_SESSION[$cat] = null; | ||
| 195 | } | ||
| 196 | $session = &$_SESSION[$cat]; | ||
| 197 |             } else { | ||
| 198 | View Code Duplication |                 if (! isset($_SESSION[$cat]) || ! is_array($_SESSION[$cat])) { | |
| 199 | $_SESSION[$cat] = []; | ||
| 200 | } | ||
| 201 | View Code Duplication |                 if (! isset($_SESSION[$cat][$name])) { | |
| 202 | $_SESSION[$cat][$name] = null; | ||
| 203 | } | ||
| 204 | $session = &$_SESSION[$cat][$name]; | ||
| 205 | } | ||
| 206 | } | ||
| 207 | |||
| 208 | return $session; | ||
| 209 | } | ||
| 210 | |||
| 211 | protected function encodeData($data) | ||
| 212 |     { | ||
| 213 |         if ($this->base64encode) { | ||
| 214 | $data = base64_encode(serialize($data)); | ||
| 215 | } | ||
| 216 | |||
| 217 | return $data; | ||
| 218 | } | ||
| 219 | |||
| 220 | protected function decodeData($data) | ||
| 221 |     { | ||
| 222 |         if ($this->base64encode) { | ||
| 223 |             if (is_string($data)) { | ||
| 224 |                 if (($data = base64_decode($data)) !== false) { | ||
| 225 | $data = unserialize($data); | ||
| 226 |                 } else { | ||
| 227 | $data = null; | ||
| 228 | } | ||
| 229 |             } else { | ||
| 230 | $data = null; | ||
| 231 | } | ||
| 232 | } | ||
| 233 | |||
| 234 | return $data; | ||
| 235 | } | ||
| 236 | |||
| 237 | protected function session_start_error($errno, $errstr) | ||
| 238 |     { | ||
| 239 | } | ||
| 240 | } | ||
| 241 | 
 
                                
In PHP, under loose comparison (like
==, or!=, orswitchconditions), values of different types might be equal.For
stringvalues, the empty string''is a special case, in particular the following results might be unexpected: