silverstripe /
silverstripe-hybridsessions
@@ -54,8 +54,8 @@ discard block |
||
| 54 | 54 | private $saltedKey; |
| 55 | 55 | |
| 56 | 56 | /** |
| 57 | - * @param $key a per-site secret string which is used as the base encryption key. |
|
| 58 | - * @param $salt a per-session random string which is used as a salt to generate a per-session key |
|
| 57 | + * @param string $key a per-site secret string which is used as the base encryption key. |
|
| 58 | + * @param string $salt a per-session random string which is used as a salt to generate a per-session key |
|
| 59 | 59 | * |
| 60 | 60 | * The base encryption key needs to stay secret. If an attacker ever gets it, they can read their session, |
| 61 | 61 | * and even modify & re-sign it. |
@@ -79,7 +79,7 @@ discard block |
||
| 79 | 79 | /** |
| 80 | 80 | * Encrypt and then sign some cleartext |
| 81 | 81 | * |
| 82 | - * @param $cleartext - The cleartext to encrypt and sign |
|
| 82 | + * @param string $cleartext - The cleartext to encrypt and sign |
|
| 83 | 83 | * @return string - The encrypted-and-signed message as base64 ASCII. |
| 84 | 84 | */ |
| 85 | 85 | public function encrypt($cleartext) { |
@@ -101,8 +101,8 @@ discard block |
||
| 101 | 101 | /** |
| 102 | 102 | * Check the signature on an encrypted-and-signed message, and if valid decrypt the content |
| 103 | 103 | * |
| 104 | - * @param $data - The encrypted-and-signed message as base64 ASCII |
|
| 105 | - * @return bool|string - The decrypted cleartext or false if signature failed |
|
| 104 | + * @param string $data - The encrypted-and-signed message as base64 ASCII |
|
| 105 | + * @return string|false - The decrypted cleartext or false if signature failed |
|
| 106 | 106 | */ |
| 107 | 107 | public function decrypt($data) { |
| 108 | 108 | $data = base64_decode($data); |
@@ -422,6 +422,9 @@ discard block |
||
| 422 | 422 | $this->setKey($this->getKey()); |
| 423 | 423 | } |
| 424 | 424 | |
| 425 | + /** |
|
| 426 | + * @param string $key |
|
| 427 | + */ |
|
| 425 | 428 | public function setKey($key) { |
| 426 | 429 | parent::setKey($key); |
| 427 | 430 | foreach($this->handlers as $handler) { |
@@ -32,8 +32,7 @@ discard block |
||
| 32 | 32 | |
| 33 | 33 | register_shutdown_function('session_write_close'); |
| 34 | 34 | } |
| 35 | -} |
|
| 36 | -else { |
|
| 35 | +} else { |
|
| 37 | 36 | function register_sessionhandler($handler) { |
| 38 | 37 | session_set_save_handler($handler, true); |
| 39 | 38 | } |
@@ -122,7 +121,9 @@ discard block |
||
| 122 | 121 | // Needs to be after decrypt so it always runs, to avoid timing attack |
| 123 | 122 | $gen_hash = hash_hmac('sha256', $enc, $this->saltedKey); |
| 124 | 123 | |
| 125 | - if ($gen_hash == $hash) return $cleartext; |
|
| 124 | + if ($gen_hash == $hash) { |
|
| 125 | + return $cleartext; |
|
| 126 | + } |
|
| 126 | 127 | return false; |
| 127 | 128 | } |
| 128 | 129 | } |
@@ -233,7 +234,9 @@ discard block |
||
| 233 | 234 | // This is intended to force a failover to the database store if the |
| 234 | 235 | // modified session cannot be emitted. |
| 235 | 236 | $this->currentCookieData = Cookie::get($this->cookie); |
| 236 | - if ($this->currentCookieData) Cookie::set($this->cookie, ''); |
|
| 237 | + if ($this->currentCookieData) { |
|
| 238 | + Cookie::set($this->cookie, ''); |
|
| 239 | + } |
|
| 237 | 240 | } |
| 238 | 241 | |
| 239 | 242 | public function close() { |
@@ -247,7 +250,9 @@ discard block |
||
| 247 | 250 | */ |
| 248 | 251 | protected function getCrypto($session_id) { |
| 249 | 252 | $key = $this->getKey(); |
| 250 | - if(!$key) return null; |
|
| 253 | + if(!$key) { |
|
| 254 | + return null; |
|
| 255 | + } |
|
| 251 | 256 | if (!$this->crypto || $this->crypto->salt != $session_id) { |
| 252 | 257 | $this->crypto = new HybridSessionStore_Crypto($key, $session_id); |
| 253 | 258 | } |
@@ -258,7 +263,9 @@ discard block |
||
| 258 | 263 | // Check ability to safely decrypt content |
| 259 | 264 | if(!$this->currentCookieData |
| 260 | 265 | || !($crypto = $this->getCrypto($session_id)) |
| 261 | - ) return; |
|
| 266 | + ) { |
|
| 267 | + return; |
|
| 268 | + } |
|
| 262 | 269 | |
| 263 | 270 | // Decrypt and invalidate old data |
| 264 | 271 | $cookieData = $crypto->decrypt($this->currentCookieData); |
@@ -269,7 +276,9 @@ discard block |
||
| 269 | 276 | $expiry = (int)substr($cookieData, 0, 10); |
| 270 | 277 | $data = substr($cookieData, 10); |
| 271 | 278 | |
| 272 | - if ($expiry > $this->getNow()) return $data; |
|
| 279 | + if ($expiry > $this->getNow()) { |
|
| 280 | + return $data; |
|
| 281 | + } |
|
| 273 | 282 | } |
| 274 | 283 | } |
| 275 | 284 | |
@@ -287,7 +296,9 @@ discard block |
||
| 287 | 296 | if(!$this->canWrite() |
| 288 | 297 | || (strlen($session_data) > Config::inst()->get(__CLASS__, 'max_length')) |
| 289 | 298 | || !($crypto = $this->getCrypto($session_id)) |
| 290 | - ) return false; |
|
| 299 | + ) { |
|
| 300 | + return false; |
|
| 301 | + } |
|
| 291 | 302 | |
| 292 | 303 | // Prepare content for write |
| 293 | 304 | $params = session_get_cookie_params(); |
@@ -335,7 +346,9 @@ discard block |
||
| 335 | 346 | */ |
| 336 | 347 | protected function isDatabaseReady() { |
| 337 | 348 | // Such as during setup of testsession prior to DB connection. |
| 338 | - if(!DB::isActive()) return false; |
|
| 349 | + if(!DB::isActive()) { |
|
| 350 | + return false; |
|
| 351 | + } |
|
| 339 | 352 | |
| 340 | 353 | // If we have a DB of the wrong type then complain |
| 341 | 354 | if (!(DB::getConn() instanceof MySQLDatabase)) { |
@@ -353,7 +366,9 @@ discard block |
||
| 353 | 366 | } |
| 354 | 367 | |
| 355 | 368 | public function read($session_id) { |
| 356 | - if(!$this->isDatabaseReady()) return null; |
|
| 369 | + if(!$this->isDatabaseReady()) { |
|
| 370 | + return null; |
|
| 371 | + } |
|
| 357 | 372 | |
| 358 | 373 | $result = DB::query(sprintf( |
| 359 | 374 | 'SELECT "Data" FROM "HybridSessionDataObject" |
@@ -369,7 +384,9 @@ discard block |
||
| 369 | 384 | } |
| 370 | 385 | |
| 371 | 386 | public function write($session_id, $session_data) { |
| 372 | - if(!$this->isDatabaseReady()) return false; |
|
| 387 | + if(!$this->isDatabaseReady()) { |
|
| 388 | + return false; |
|
| 389 | + } |
|
| 373 | 390 | |
| 374 | 391 | $expiry = $this->getNow() + $this->getLifetime(); |
| 375 | 392 | DB::query($str = sprintf( |
@@ -389,7 +406,9 @@ discard block |
||
| 389 | 406 | } |
| 390 | 407 | |
| 391 | 408 | public function gc($maxlifetime) { |
| 392 | - if(!$this->isDatabaseReady()) return; |
|
| 409 | + if(!$this->isDatabaseReady()) { |
|
| 410 | + return; |
|
| 411 | + } |
|
| 393 | 412 | DB::query(sprintf( |
| 394 | 413 | 'DELETE FROM "HybridSessionDataObject" WHERE "Expiry" < %u', |
| 395 | 414 | $this->getNow() |
@@ -454,7 +473,9 @@ discard block |
||
| 454 | 473 | |
| 455 | 474 | public function read($session_id) { |
| 456 | 475 | foreach ($this->handlers as $handler) { |
| 457 | - if ($data = $handler->read($session_id)) return $data; |
|
| 476 | + if ($data = $handler->read($session_id)) { |
|
| 477 | + return $data; |
|
| 478 | + } |
|
| 458 | 479 | } |
| 459 | 480 | |
| 460 | 481 | return ''; |
@@ -462,7 +483,9 @@ discard block |
||
| 462 | 483 | |
| 463 | 484 | public function write($session_id, $session_data) { |
| 464 | 485 | foreach ($this->handlers as $handler) { |
| 465 | - if ($handler->write($session_id, $session_data)) return; |
|
| 486 | + if ($handler->write($session_id, $session_data)) { |
|
| 487 | + return; |
|
| 488 | + } |
|
| 466 | 489 | } |
| 467 | 490 | } |
| 468 | 491 | |
