// (do not use & for parameters sent by header) header('Location: ' . (defined('PMA_SETUP') ? '../' : '') . 'error.php' . '?lang=' . urlencode($available_languages[$lang][2]) . '&dir=' . urlencode($text_dir) . '&type=' . urlencode($strError) . '&error=' . urlencode(sprintf($strCantLoad, 'session'))); exit; } elseif (ini_get('session.auto_start') == true && session_name() != 'phpMyAdmin') { $_SESSION = array(); if (isset($_COOKIE[session_name()])) { PMA_removeCookie(session_name()); } session_unset(); @session_destroy(); } // disable starting of sessions before all settings are done // does not work, besides how it is written in php manual //ini_set('session.auto_start', 0); // session cookie settings session_set_cookie_params(0, PMA_Config::getCookiePath() . '; HttpOnly', '', PMA_Config::isHttps()); // cookies are safer ini_set('session.use_cookies', true); // but not all user allow cookies ini_set('session.use_only_cookies', false); ini_set('session.use_trans_sid', true); ini_set('url_rewriter.tags', 'a=href,frame=src,input=src,form=fakeentry,fieldset='); //ini_set('arg_separator.output', '&'); // delete session/cookies when browser is closed ini_set('session.cookie_lifetime', 0); // warn but dont work with bug ini_set('session.bug_compat_42', false); ini_set('session.bug_compat_warn', true); // use more secure session ids (with PHP 5) if (version_compare(PHP_VERSION, '5.0.0', 'ge') && substr(PHP_OS, 0, 3) != 'WIN') { ini_set('session.hash_function', 1);
/** * sets cookie if value is different from current cokkie value, * or removes if value is equal to default * * @uses PMA_Config::isHttps() * @uses PMA_Config::getCookiePath() * @uses $_COOKIE * @uses PMA_removeCookie() * @uses setcookie() * @uses time() * @param string $cookie name of cookie to remove * @param mixed $value new cookie value * @param string $default default value * @param int $validity validity of cookie in seconds (default is one month) * @param bool $httponlt whether cookie is only for HTTP (and not for scripts) * @return boolean result of setcookie() */ function PMA_setCookie($cookie, $value, $default = null, $validity = null, $httponly = true) { if ($validity == null) { $validity = 2592000; } if (strlen($value) && null !== $default && $value === $default && isset($_COOKIE[$cookie])) { // remove cookie, default value is used return PMA_removeCookie($cookie); } if (!strlen($value) && isset($_COOKIE[$cookie])) { // remove cookie, value is empty return PMA_removeCookie($cookie); } if (!isset($_COOKIE[$cookie]) || $_COOKIE[$cookie] !== $value) { // set cookie with new value /* Calculate cookie validity */ if ($validity == 0) { $v = 0; } else { $v = time() + $validity; } return setcookie($cookie, $value, $v, PMA_Config::getCookiePath(), '', PMA_Config::isHttps(), $httponly); } // cookie has already $value as value return true; }
/** * Test for getting cookie path * * @param string $absolute The absolute URL used for phpMyAdmin * @param string $expected Expected cookie path * * @dataProvider cookieUris */ public function testGetCookiePath($absolute, $expected) { $this->object->set('PmaAbsoluteUri', $absolute); $this->assertEquals($expected, $this->object->getCookiePath()); }
/** * detect correct cookie path */ function checkCookiePath() { $this->set('cookie_path', PMA_Config::getCookiePath()); }
/** * sets cookie if value is different from current cokkie value, * or removes if value is equal to default * * @uses PMA_Config::isHttps() * @uses PMA_Config::getCookiePath() * @uses $_COOKIE * @uses PMA_removeCookie() * @uses setcookie() * @uses time() * @param string $cookie name of cookie to remove * @param mixed $value new cookie value * @param string $default default value * @return boolean result of setcookie() */ function PMA_setCookie($cookie, $value, $default = null) { if (strlen($value) && null !== $default && $value === $default && isset($_COOKIE[$cookie])) { // remove cookie, default value is used return PMA_removeCookie($cookie); } if (!strlen($value) && isset($_COOKIE[$cookie])) { // remove cookie, value is empty return PMA_removeCookie($cookie); } if (!isset($_COOKIE[$cookie]) || $_COOKIE[$cookie] !== $value) { // set cookie with new value return setcookie($cookie, $value, time() + 60 * 60 * 24 * 30, PMA_Config::getCookiePath(), '', PMA_Config::isHttps()); } // cookie has already $value as value return true; }
/** * sets cookie if value is different from current cokkie value, * or removes if value is equal to default * * @uses PMA_Config::isHttps() * @uses PMA_Config::getCookiePath() * @uses $_COOKIE * @uses PMA_removeCookie() * @uses setcookie() * @uses time() * @param string $cookie name of cookie to remove * @param mixed $value new cookie value * @param string $default default value * @param int $validity validity of cookie in seconds (default is one month) * @param bool $httponlt whether cookie is only for HTTP (and not for scripts) * @return boolean result of setcookie() */ function PMA_setCookie($cookie, $value, $default = null, $validity = null, $httponly = true) { if ($validity == null) { $validity = 2592000; } if (strlen($value) && null !== $default && $value === $default && isset($_COOKIE[$cookie])) { // remove cookie, default value is used return PMA_removeCookie($cookie); } if (!strlen($value) && isset($_COOKIE[$cookie])) { // remove cookie, value is empty return PMA_removeCookie($cookie); } if (!isset($_COOKIE[$cookie]) || $_COOKIE[$cookie] !== $value) { // set cookie with new value /* Calculate cookie validity */ if ($validity == 0) { $v = 0; } else { $v = time() + $validity; } /* Use native support for httponly cookies if available */ if (version_compare(PHP_VERSION, '5.2.0', 'ge')) { return setcookie($cookie, $value, $v, PMA_Config::getCookiePath(), '', PMA_Config::isHttps(), $httponly); } else { return setcookie($cookie, $value, $v, PMA_Config::getCookiePath() . ($httponly ? '; HttpOnly' : ''), '', PMA_Config::isHttps()); } } // cookie has already $value as value return true; }