silverstripe /
silverstripe-hybridsessions
@@ -75,7 +75,7 @@ |
||
| 75 | 75 | * |
| 76 | 76 | * @param string $data - The encrypted-and-signed message as base64 ASCII |
| 77 | 77 | * |
| 78 | - * @return bool|string - The decrypted cleartext or false if signature failed |
|
| 78 | + * @return string|false - The decrypted cleartext or false if signature failed |
|
| 79 | 79 | */ |
| 80 | 80 | public function decrypt($data) |
| 81 | 81 | { |
@@ -64,9 +64,9 @@ |
||
| 64 | 64 | $iv = openssl_random_pseudo_bytes($ivlen); |
| 65 | 65 | $ciphertext_raw = openssl_encrypt($cleartext, $cipher, $this->saltedKey, $options = OPENSSL_RAW_DATA, $iv); |
| 66 | 66 | $hmac = hash_hmac('sha256', $ciphertext_raw, $this->saltedKey, $as_binary = true); |
| 67 | - $ciphertext = base64_encode($iv . $hmac . $ciphertext_raw); |
|
| 67 | + $ciphertext = base64_encode($iv.$hmac.$ciphertext_raw); |
|
| 68 | 68 | |
| 69 | - return base64_encode($iv . $hmac . $ciphertext_raw); |
|
| 69 | + return base64_encode($iv.$hmac.$ciphertext_raw); |
|
| 70 | 70 | } |
| 71 | 71 | |
| 72 | 72 | /** |
@@ -45,8 +45,8 @@ |
||
| 45 | 45 | protected function getLifetime() |
| 46 | 46 | { |
| 47 | 47 | $params = session_get_cookie_params(); |
| 48 | - $cookieLifetime = (int)$params['lifetime']; |
|
| 49 | - $gcLifetime = (int)ini_get('session.gc_maxlifetime'); |
|
| 48 | + $cookieLifetime = (int) $params['lifetime']; |
|
| 49 | + $gcLifetime = (int) ini_get('session.gc_maxlifetime'); |
|
| 50 | 50 | |
| 51 | 51 | return $cookieLifetime ? min($cookieLifetime, $gcLifetime) : $gcLifetime; |
| 52 | 52 | } |
@@ -25,6 +25,7 @@ discard block |
||
| 25 | 25 | |
| 26 | 26 | /** |
| 27 | 27 | * @param SessionHandlerInterface[] |
| 28 | + * @param BaseStore[] $handlers |
|
| 28 | 29 | * |
| 29 | 30 | * @return $this |
| 30 | 31 | */ |
@@ -38,6 +39,7 @@ discard block |
||
| 38 | 39 | |
| 39 | 40 | /** |
| 40 | 41 | * @param string |
| 42 | + * @param string $key |
|
| 41 | 43 | * |
| 42 | 44 | * @return $this |
| 43 | 45 | */ |
@@ -35,8 +35,8 @@ discard block |
||
| 35 | 35 | } |
| 36 | 36 | |
| 37 | 37 | /** |
| 38 | - * @param $key a per-site secret string which is used as the base encryption key. |
|
| 39 | - * @param $salt a per-session random string which is used as a salt to generate a per-session key |
|
| 38 | + * @param string $key a per-site secret string which is used as the base encryption key. |
|
| 39 | + * @param string $salt a per-session random string which is used as a salt to generate a per-session key |
|
| 40 | 40 | * |
| 41 | 41 | * The base encryption key needs to stay secret. If an attacker ever gets it, they can read their session, |
| 42 | 42 | * and even modify & re-sign it. |
@@ -87,7 +87,7 @@ discard block |
||
| 87 | 87 | * |
| 88 | 88 | * @param $data - The encrypted-and-signed message as base64 ASCII |
| 89 | 89 | * |
| 90 | - * @return bool|string - The decrypted cleartext or false if signature failed |
|
| 90 | + * @return string|false - The decrypted cleartext or false if signature failed |
|
| 91 | 91 | */ |
| 92 | 92 | public function decrypt($data) |
| 93 | 93 | { |
@@ -78,7 +78,7 @@ |
||
| 78 | 78 | |
| 79 | 79 | $hash = hash_hmac('sha256', $enc, $this->saltedKey); |
| 80 | 80 | |
| 81 | - return base64_encode($iv . $hash . $enc); |
|
| 81 | + return base64_encode($iv.$hash.$enc); |
|
| 82 | 82 | } |
| 83 | 83 | |
| 84 | 84 | /** |
@@ -13,7 +13,7 @@ |
||
| 13 | 13 | { |
| 14 | 14 | $store = Injector::inst()->get(CookieStore::class); |
| 15 | 15 | $store->setKey(uniqid()); |
| 16 | - $store->open(TempFolder::getTempFolder(BASE_PATH) . '/' . __CLASS__, 'SESSIONCOOKIE'); |
|
| 16 | + $store->open(TempFolder::getTempFolder(BASE_PATH).'/'.__CLASS__, 'SESSIONCOOKIE'); |
|
| 17 | 17 | |
| 18 | 18 | return $store; |
| 19 | 19 | } |
@@ -58,7 +58,7 @@ discard block |
||
| 58 | 58 | |
| 59 | 59 | public function open($save_path, $name) |
| 60 | 60 | { |
| 61 | - $this->cookie = $name . '_2'; |
|
| 61 | + $this->cookie = $name.'_2'; |
|
| 62 | 62 | |
| 63 | 63 | // Read the incoming value, then clear the cookie - we might not be able |
| 64 | 64 | // to do so later if write() is called after headers are sent |
@@ -111,7 +111,7 @@ discard block |
||
| 111 | 111 | |
| 112 | 112 | // Verify expiration |
| 113 | 113 | if ($cookieData) { |
| 114 | - $expiry = (int)substr($cookieData, 0, 10); |
|
| 114 | + $expiry = (int) substr($cookieData, 0, 10); |
|
| 115 | 115 | $data = substr($cookieData, 10); |
| 116 | 116 | |
| 117 | 117 | if ($expiry > $this->getNow()) { |
@@ -164,11 +164,11 @@ discard block |
||
| 164 | 164 | |
| 165 | 165 | // Restore the known good cookie value |
| 166 | 166 | $this->currentCookieData = $this->crypto->encrypt( |
| 167 | - sprintf('%010u', $expiry) . $session_data |
|
| 167 | + sprintf('%010u', $expiry).$session_data |
|
| 168 | 168 | ); |
| 169 | 169 | |
| 170 | 170 | // Respect auto-expire on browser close for the session cookie (in case the cookie lifetime is zero) |
| 171 | - $cookieLifetime = min((int)$params['lifetime'], $lifetime); |
|
| 171 | + $cookieLifetime = min((int) $params['lifetime'], $lifetime); |
|
| 172 | 172 | |
| 173 | 173 | Cookie::set( |
| 174 | 174 | $this->cookie, |
@@ -14,7 +14,7 @@ |
||
| 14 | 14 | public function testIntegrity() |
| 15 | 15 | { |
| 16 | 16 | $this->markTestSkipped( |
| 17 | - 'McryptCrypto is losing zero bytes at the end of messages: ' . |
|
| 17 | + 'McryptCrypto is losing zero bytes at the end of messages: '. |
|
| 18 | 18 | 'https://github.com/silverstripe/silverstripe-hybridsessions/issues/53' |
| 19 | 19 | ); |
| 20 | 20 | |
