Mercurial > hg > isophonics-drupal-site
view core/lib/Drupal/Core/StackMiddleware/Session.php @ 13:5fb285c0d0e3
Update Drupal core to 8.4.7 via Composer. Security update; I *think* we've
been lucky to get away with this so far, as we don't support self-registration
which seems to be used by the so-called "drupalgeddon 2" attack that 8.4.5
was vulnerable to.
author | Chris Cannam |
---|---|
date | Mon, 23 Apr 2018 09:33:26 +0100 |
parents | 4c8ae668cc8c |
children |
line wrap: on
line source
<?php namespace Drupal\Core\StackMiddleware; use Symfony\Component\DependencyInjection\ContainerAwareTrait; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpKernel\HttpKernelInterface; /** * Wrap session logic around a HTTP request. * * Note, the session service is not injected into this class in order to prevent * premature initialization of session storage (database). Instead the session * service is retrieved from the container only when handling the request. */ class Session implements HttpKernelInterface { use ContainerAwareTrait; /** * The wrapped HTTP kernel. * * @var \Symfony\Component\HttpKernel\HttpKernelInterface */ protected $httpKernel; /** * The session service name. * * @var string */ protected $sessionServiceName; /** * Constructs a Session stack middleware object. * * @param \Symfony\Component\HttpKernel\HttpKernelInterface $http_kernel * The decorated kernel. * @param string $service_name * The name of the session service, defaults to "session". */ public function __construct(HttpKernelInterface $http_kernel, $service_name = 'session') { $this->httpKernel = $http_kernel; $this->sessionServiceName = $service_name; } /** * {@inheritdoc} */ public function handle(Request $request, $type = self::MASTER_REQUEST, $catch = TRUE) { if ($type === self::MASTER_REQUEST && PHP_SAPI !== 'cli') { $session = $this->container->get($this->sessionServiceName); $session->start(); $request->setSession($session); } $result = $this->httpKernel->handle($request, $type, $catch); if ($type === self::MASTER_REQUEST && $request->hasSession()) { $request->getSession()->save(); } return $result; } }