From 663c7f8e9bdc2d3d3f36ad25a63e62913f3b25ce Mon Sep 17 00:00:00 2001 From: Florent Bruneau Date: Tue, 5 Oct 2010 22:36:11 +0200 Subject: [PATCH] Fix SUID. Signed-off-by: Florent Bruneau --- classes/plsession.php | 5 ++--- classes/s.php | 12 ++++++++++-- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/classes/plsession.php b/classes/plsession.php index 9b6f90e..7a243be 100644 --- a/classes/plsession.php +++ b/classes/plsession.php @@ -189,8 +189,7 @@ abstract class PlSession if (S::suid()) { return false; } - $backup = $_SESSION; - $_SESSION = array(); + $backup = S::changeSession(array()); $this->fillSession(); S::set('suid', $backup); if (!$this->startSessionAs($user, AUTH_SUID)) { @@ -211,7 +210,7 @@ abstract class PlSession if (!S::suid()) { return false; } - $_SESSION = $_SESSION['suid']; + S::changeSession(S::v('suid')); return true; } diff --git a/classes/s.php b/classes/s.php index 9f71872..d436bf1 100644 --- a/classes/s.php +++ b/classes/s.php @@ -117,9 +117,9 @@ class S * move into the php session (and data it helds should be removed from * the php session). */ private static $user = null; - public static function &user() + public static function &user($forceFetch = false) { - if (self::$user == null && class_exists('User')) { + if (($forceFetch || self::$user == null) && class_exists('User')) { if (S::has('user') && S::v('user') instanceof User) { self::$user = S::v('user'); } else { @@ -129,6 +129,14 @@ class S return self::$user; } + public static function changeSession(array $newSession) + { + $oldSession = $_SESSION; + $_SESSION = $newSession; + self::$user = null; + return $oldSession; + } + public static function logged() { return S::i('auth', AUTH_PUBLIC) >= Platal::session()->loggedLevel(); -- 2.1.4