upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-11 09:42:09 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 57

fixup! fix(session): Make session encryption more robust

Browse source 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
This commit is contained in:
Christoph Wurst 2025-01-16 11:10:07 +01:00
parent c693dc9e8d
commit 749c9bb223
No known key found for this signature in database
GPG key ID: CC42AC2A7F0E56D8
1 changed files with 15 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
lib/private/Session/Internal.php
View file

@ -16,6 +16,10 @@ use OCP\ILogger;
use OCP\Session\Exceptions\SessionNotAvailableException;
use Psr\Log\LoggerInterface;
use function call_user_func_array;
use function is_array;
use function is_object;
use function json_decode;
use function json_encode;
use function microtime;
/**
@ -50,11 +54,20 @@ class Internal extends Session {
/**
* @param string $key
* @param integer $value
* @param mixed $value
*/
public function set(string $key, $value) {
$reopened = $this->reopen();
$_SESSION[$key] = $value;
// The previous mechanism for session encryption json-encoded all values,
// which implicitly led to objects convert to arrays or objects if they
// implement (json) serializable interfaces.
$normalized = match (is_array($value) || is_object($value)) {
true => json_decode(json_encode($value, JSON_THROW_ON_ERROR), true, 512, JSON_THROW_ON_ERROR),
false => $value,
};
$_SESSION[$key] = $normalized;
if ($reopened) {
$this->close();
}