From: Florent Bruneau <florent.bruneau@polytechnique.org>
Date: Tue, 5 Oct 2010 20:36:11 +0000 (+0200)
Subject: Fix SUID.
X-Git-Tag: core/1.1.1~12
X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=663c7f8e9bdc2d3d3f36ad25a63e62913f3b25ce;p=platal.git

Fix SUID.

Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
---

diff --git a/classes/plsession.php b/classes/plsession.php
index 9b6f90e..7a243be 100644
--- a/classes/plsession.php
+++ b/classes/plsession.php
@@ -189,8 +189,7 @@ abstract class PlSession
         if (S::suid()) {
             return false;
         }
-        $backup   = $_SESSION;
-        $_SESSION = array();
+        $backup = S::changeSession(array());
         $this->fillSession();
         S::set('suid', $backup);
         if (!$this->startSessionAs($user, AUTH_SUID)) {
@@ -211,7 +210,7 @@ abstract class PlSession
         if (!S::suid()) {
             return false;
         }
-        $_SESSION = $_SESSION['suid'];
+        S::changeSession(S::v('suid'));
         return true;
     }
 
diff --git a/classes/s.php b/classes/s.php
index 9f71872..d436bf1 100644
--- a/classes/s.php
+++ b/classes/s.php
@@ -117,9 +117,9 @@ class S
      * move into the php session (and data it helds should be removed from
      * the php session). */
     private static $user = null;
-    public static function &user()
+    public static function &user($forceFetch = false)
     {
-        if (self::$user == null && class_exists('User')) {
+        if (($forceFetch || self::$user == null) && class_exists('User')) {
             if (S::has('user') && S::v('user') instanceof User) {
                 self::$user = S::v('user');
             } else {
@@ -129,6 +129,14 @@ class S
         return self::$user;
     }
 
+    public static function changeSession(array $newSession)
+    {
+        $oldSession = $_SESSION;
+        $_SESSION = $newSession;
+        self::$user = null;
+        return $oldSession;
+    }
+
     public static function logged()
     {
         return S::i('auth', AUTH_PUBLIC) >= Platal::session()->loggedLevel();