Mercurial > hg > isophonics-drupal-site
comparison vendor/symfony/http-foundation/Session/Storage/Handler/PdoSessionHandler.php @ 17:129ea1e6d783
Update, including to Drupal core 8.6.10
| author | Chris Cannam |
|---|---|
| date | Thu, 28 Feb 2019 13:21:36 +0000 |
| parents | c2387f117808 |
| children |
comparison
equal
deleted
inserted
replaced
| 16:c2387f117808 | 17:129ea1e6d783 |
|---|---|
| 69 * @var \PDO|null PDO instance or null when not connected yet | 69 * @var \PDO|null PDO instance or null when not connected yet |
| 70 */ | 70 */ |
| 71 private $pdo; | 71 private $pdo; |
| 72 | 72 |
| 73 /** | 73 /** |
| 74 * @var string|null|false DSN string or null for session.save_path or false when lazy connection disabled | 74 * @var string|false|null DSN string or null for session.save_path or false when lazy connection disabled |
| 75 */ | 75 */ |
| 76 private $dsn = false; | 76 private $dsn = false; |
| 77 | 77 |
| 78 /** | 78 /** |
| 79 * @var string Database driver | 79 * @var string Database driver |
| 116 private $password = ''; | 116 private $password = ''; |
| 117 | 117 |
| 118 /** | 118 /** |
| 119 * @var array Connection options when lazy-connect | 119 * @var array Connection options when lazy-connect |
| 120 */ | 120 */ |
| 121 private $connectionOptions = array(); | 121 private $connectionOptions = []; |
| 122 | 122 |
| 123 /** | 123 /** |
| 124 * @var int The strategy for locking, see constants | 124 * @var int The strategy for locking, see constants |
| 125 */ | 125 */ |
| 126 private $lockMode = self::LOCK_TRANSACTIONAL; | 126 private $lockMode = self::LOCK_TRANSACTIONAL; |
| 128 /** | 128 /** |
| 129 * It's an array to support multiple reads before closing which is manual, non-standard usage. | 129 * It's an array to support multiple reads before closing which is manual, non-standard usage. |
| 130 * | 130 * |
| 131 * @var \PDOStatement[] An array of statements to release advisory locks | 131 * @var \PDOStatement[] An array of statements to release advisory locks |
| 132 */ | 132 */ |
| 133 private $unlockStatements = array(); | 133 private $unlockStatements = []; |
| 134 | 134 |
| 135 /** | 135 /** |
| 136 * @var bool True when the current session exists but expired according to session.gc_maxlifetime | 136 * @var bool True when the current session exists but expired according to session.gc_maxlifetime |
| 137 */ | 137 */ |
| 138 private $sessionExpired = false; | 138 private $sessionExpired = false; |
| 159 * * db_data_col: The column where to store the session data [default: sess_data] | 159 * * db_data_col: The column where to store the session data [default: sess_data] |
| 160 * * db_lifetime_col: The column where to store the lifetime [default: sess_lifetime] | 160 * * db_lifetime_col: The column where to store the lifetime [default: sess_lifetime] |
| 161 * * db_time_col: The column where to store the timestamp [default: sess_time] | 161 * * db_time_col: The column where to store the timestamp [default: sess_time] |
| 162 * * db_username: The username when lazy-connect [default: ''] | 162 * * db_username: The username when lazy-connect [default: ''] |
| 163 * * db_password: The password when lazy-connect [default: ''] | 163 * * db_password: The password when lazy-connect [default: ''] |
| 164 * * db_connection_options: An array of driver-specific connection options [default: array()] | 164 * * db_connection_options: An array of driver-specific connection options [default: []] |
| 165 * * lock_mode: The strategy for locking, see constants [default: LOCK_TRANSACTIONAL] | 165 * * lock_mode: The strategy for locking, see constants [default: LOCK_TRANSACTIONAL] |
| 166 * | 166 * |
| 167 * @param \PDO|string|null $pdoOrDsn A \PDO instance or DSN string or URL string or null | 167 * @param \PDO|string|null $pdoOrDsn A \PDO instance or DSN string or URL string or null |
| 168 * @param array $options An associative array of options | 168 * @param array $options An associative array of options |
| 169 * | 169 * |
| 170 * @throws \InvalidArgumentException When PDO error mode is not PDO::ERRMODE_EXCEPTION | 170 * @throws \InvalidArgumentException When PDO error mode is not PDO::ERRMODE_EXCEPTION |
| 171 */ | 171 */ |
| 172 public function __construct($pdoOrDsn = null, array $options = array()) | 172 public function __construct($pdoOrDsn = null, array $options = []) |
| 173 { | 173 { |
| 174 if ($pdoOrDsn instanceof \PDO) { | 174 if ($pdoOrDsn instanceof \PDO) { |
| 175 if (\PDO::ERRMODE_EXCEPTION !== $pdoOrDsn->getAttribute(\PDO::ATTR_ERRMODE)) { | 175 if (\PDO::ERRMODE_EXCEPTION !== $pdoOrDsn->getAttribute(\PDO::ATTR_ERRMODE)) { |
| 176 throw new \InvalidArgumentException(sprintf('"%s" requires PDO error mode attribute be set to throw Exceptions (i.e. $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION))', __CLASS__)); | 176 throw new \InvalidArgumentException(sprintf('"%s" requires PDO error mode attribute be set to throw Exceptions (i.e. $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION))', __CLASS__)); |
| 177 } | 177 } |
| 178 | 178 |
| 179 $this->pdo = $pdoOrDsn; | 179 $this->pdo = $pdoOrDsn; |
| 180 $this->driver = $this->pdo->getAttribute(\PDO::ATTR_DRIVER_NAME); | 180 $this->driver = $this->pdo->getAttribute(\PDO::ATTR_DRIVER_NAME); |
| 181 } elseif (is_string($pdoOrDsn) && false !== strpos($pdoOrDsn, '://')) { | 181 } elseif (\is_string($pdoOrDsn) && false !== strpos($pdoOrDsn, '://')) { |
| 182 $this->dsn = $this->buildDsnFromUrl($pdoOrDsn); | 182 $this->dsn = $this->buildDsnFromUrl($pdoOrDsn); |
| 183 } else { | 183 } else { |
| 184 $this->dsn = $pdoOrDsn; | 184 $this->dsn = $pdoOrDsn; |
| 185 } | 185 } |
| 186 | 186 |
| 466 | 466 |
| 467 if (!isset($params['scheme'])) { | 467 if (!isset($params['scheme'])) { |
| 468 throw new \InvalidArgumentException('URLs without scheme are not supported to configure the PdoSessionHandler'); | 468 throw new \InvalidArgumentException('URLs without scheme are not supported to configure the PdoSessionHandler'); |
| 469 } | 469 } |
| 470 | 470 |
| 471 $driverAliasMap = array( | 471 $driverAliasMap = [ |
| 472 'mssql' => 'sqlsrv', | 472 'mssql' => 'sqlsrv', |
| 473 'mysql2' => 'mysql', // Amazon RDS, for some weird reason | 473 'mysql2' => 'mysql', // Amazon RDS, for some weird reason |
| 474 'postgres' => 'pgsql', | 474 'postgres' => 'pgsql', |
| 475 'postgresql' => 'pgsql', | 475 'postgresql' => 'pgsql', |
| 476 'sqlite3' => 'sqlite', | 476 'sqlite3' => 'sqlite', |
| 477 ); | 477 ]; |
| 478 | 478 |
| 479 $driver = isset($driverAliasMap[$params['scheme']]) ? $driverAliasMap[$params['scheme']] : $params['scheme']; | 479 $driver = isset($driverAliasMap[$params['scheme']]) ? $driverAliasMap[$params['scheme']] : $params['scheme']; |
| 480 | 480 |
| 481 // Doctrine DBAL supports passing its internal pdo_* driver names directly too (allowing both dashes and underscores). This allows supporting the same here. | 481 // Doctrine DBAL supports passing its internal pdo_* driver names directly too (allowing both dashes and underscores). This allows supporting the same here. |
| 482 if (0 === strpos($driver, 'pdo_') || 0 === strpos($driver, 'pdo-')) { | 482 if (0 === strpos($driver, 'pdo_') || 0 === strpos($driver, 'pdo-')) { |
| 627 $this->sessionExpired = true; | 627 $this->sessionExpired = true; |
| 628 | 628 |
| 629 return ''; | 629 return ''; |
| 630 } | 630 } |
| 631 | 631 |
| 632 return is_resource($sessionRows[0][0]) ? stream_get_contents($sessionRows[0][0]) : $sessionRows[0][0]; | 632 return \is_resource($sessionRows[0][0]) ? stream_get_contents($sessionRows[0][0]) : $sessionRows[0][0]; |
| 633 } | 633 } |
| 634 | 634 |
| 635 if (null !== $insertStmt) { | 635 if (null !== $insertStmt) { |
| 636 $this->rollback(); | 636 $this->rollback(); |
| 637 throw new \RuntimeException('Failed to read session: INSERT reported a duplicate id but next SELECT did not return any data.'); | 637 throw new \RuntimeException('Failed to read session: INSERT reported a duplicate id but next SELECT did not return any data.'); |
| 638 } | 638 } |
| 639 | 639 |
| 640 if (!ini_get('session.use_strict_mode') && self::LOCK_TRANSACTIONAL === $this->lockMode && 'sqlite' !== $this->driver) { | 640 if (!filter_var(ini_get('session.use_strict_mode'), FILTER_VALIDATE_BOOLEAN) && self::LOCK_TRANSACTIONAL === $this->lockMode && 'sqlite' !== $this->driver) { |
| 641 // In strict mode, session fixation is not possible: new sessions always start with a unique | 641 // In strict mode, session fixation is not possible: new sessions always start with a unique |
| 642 // random id, so that concurrency is not possible and this code path can be skipped. | 642 // random id, so that concurrency is not possible and this code path can be skipped. |
| 643 // Exclusive-reading of non-existent rows does not block, so we need to do an insert to block | 643 // Exclusive-reading of non-existent rows does not block, so we need to do an insert to block |
| 644 // until other connections to the session are committed. | 644 // until other connections to the session are committed. |
| 645 try { | 645 try { |
| 739 * @return int | 739 * @return int |
| 740 */ | 740 */ |
| 741 private function convertStringToInt($string) | 741 private function convertStringToInt($string) |
| 742 { | 742 { |
| 743 if (4 === \PHP_INT_SIZE) { | 743 if (4 === \PHP_INT_SIZE) { |
| 744 return (ord($string[3]) << 24) + (ord($string[2]) << 16) + (ord($string[1]) << 8) + ord($string[0]); | 744 return (\ord($string[3]) << 24) + (\ord($string[2]) << 16) + (\ord($string[1]) << 8) + \ord($string[0]); |
| 745 } | 745 } |
| 746 | 746 |
| 747 $int1 = (ord($string[7]) << 24) + (ord($string[6]) << 16) + (ord($string[5]) << 8) + ord($string[4]); | 747 $int1 = (\ord($string[7]) << 24) + (\ord($string[6]) << 16) + (\ord($string[5]) << 8) + \ord($string[4]); |
| 748 $int2 = (ord($string[3]) << 24) + (ord($string[2]) << 16) + (ord($string[1]) << 8) + ord($string[0]); | 748 $int2 = (\ord($string[3]) << 24) + (\ord($string[2]) << 16) + (\ord($string[1]) << 8) + \ord($string[0]); |
| 749 | 749 |
| 750 return $int2 + ($int1 << 32); | 750 return $int2 + ($int1 << 32); |
| 751 } | 751 } |
| 752 | 752 |
| 753 /** | 753 /** |