Fix too much code into the NOREQUIREDB
This commit is contained in:
Laurent Destailleur
parent
53708c138a
commit
4f72bd35db
@ -199,12 +199,17 @@ $sessiontimeout='DOLSESSTIMEOUT_'.$prefix;
|
||||
if (! empty($_COOKIE[$sessiontimeout])) ini_set('session.gc_maxlifetime',$_COOKIE[$sessiontimeout]);
|
||||
session_name($sessionname);
|
||||
session_set_cookie_params(0, '/', null, false, true); // Add tag httponly on session cookie
|
||||
session_start();
|
||||
if (ini_get('register_globals')) // Deprecated in 5.3 and removed in 5.4. To solve bug in using $_SESSION
|
||||
// This create lock released until session_write_close() or end of page.
|
||||
// We need this lock as long as we read/write $_SESSION ['vars']. We can close released when finished.
|
||||
if (! defined('NOSESSION'))
|
||||
{
|
||||
foreach ($_SESSION as $key=>$value)
|
||||
session_start();
|
||||
if (ini_get('register_globals')) // Deprecated in 5.3 and removed in 5.4. To solve bug in using $_SESSION
|
||||
{
|
||||
if (isset($GLOBALS[$key])) unset($GLOBALS[$key]);
|
||||
foreach ($_SESSION as $key=>$value)
|
||||
{
|
||||
if (isset($GLOBALS[$key])) unset($GLOBALS[$key]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -142,33 +142,34 @@ if (! defined('NOREQUIREUSER'))
|
||||
* Load object $conf
|
||||
* After this, all parameters conf->global->CONSTANTS are loaded
|
||||
*/
|
||||
|
||||
// By default conf->entity is 1, but we change this if we ask another value.
|
||||
if (session_id() && ! empty($_SESSION["dol_entity"])) // Entity inside an opened session
|
||||
{
|
||||
$conf->entity = $_SESSION["dol_entity"];
|
||||
}
|
||||
else if (! empty($_ENV["dol_entity"])) // Entity inside a CLI script
|
||||
{
|
||||
$conf->entity = $_ENV["dol_entity"];
|
||||
}
|
||||
else if (isset($_POST["loginfunction"]) && GETPOST("entity")) // Just after a login page
|
||||
{
|
||||
$conf->entity = GETPOST("entity",'int');
|
||||
}
|
||||
else if (defined('DOLENTITY') && is_numeric(DOLENTITY)) // For public page with MultiCompany module
|
||||
{
|
||||
$conf->entity = DOLENTITY;
|
||||
}
|
||||
else if (!empty($_COOKIE['DOLENTITY'])) // For other application with MultiCompany module (TODO: We should remove this. entity to use should never be stored into client side)
|
||||
{
|
||||
$conf->entity = $_COOKIE['DOLENTITY'];
|
||||
}
|
||||
|
||||
// Sanitize entity
|
||||
if (! is_numeric($conf->entity)) $conf->entity=1;
|
||||
|
||||
if (! defined('NOREQUIREDB'))
|
||||
{
|
||||
// By default conf->entity is 1, but we change this if we ask another value.
|
||||
if (session_id() && ! empty($_SESSION["dol_entity"])) // Entity inside an opened session
|
||||
{
|
||||
$conf->entity = $_SESSION["dol_entity"];
|
||||
}
|
||||
else if (! empty($_ENV["dol_entity"])) // Entity inside a CLI script
|
||||
{
|
||||
$conf->entity = $_ENV["dol_entity"];
|
||||
}
|
||||
else if (isset($_POST["loginfunction"]) && GETPOST("entity")) // Just after a login page
|
||||
{
|
||||
$conf->entity = GETPOST("entity",'int');
|
||||
}
|
||||
else if (defined('DOLENTITY') && is_numeric(DOLENTITY)) // For public page with MultiCompany module
|
||||
{
|
||||
$conf->entity = DOLENTITY;
|
||||
}
|
||||
else if (!empty($_COOKIE['DOLENTITY'])) // For other application with MultiCompany module (TODO: We should remove this. entity to use should never be stored into client side)
|
||||
{
|
||||
$conf->entity = $_COOKIE['DOLENTITY'];
|
||||
}
|
||||
|
||||
// Sanitize entity
|
||||
if (! is_numeric($conf->entity)) $conf->entity=1;
|
||||
|
||||
//print "Will work with data into entity instance number '".$conf->entity."'";
|
||||
|
||||
// Here we read database (llx_const table) and define $conf->global->XXX var.
|
||||
|
||||
36
htdocs/public/test/test_sessionlock.php
Normal file
36
htdocs/public/test/test_sessionlock.php
Normal file
@ -0,0 +1,36 @@
|
||||
<?php
|
||||
|
||||
if (! defined('NOREQUIREUSER')) define('NOREQUIREUSER','1');
|
||||
if (! defined('NOREQUIREDB')) define('NOREQUIREDB','1');
|
||||
if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1');
|
||||
if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1');
|
||||
if (! defined('NOSTYLECHECK')) define('NOSTYLECHECK','1'); // Do not check style html tag into posted data
|
||||
if (! defined('NOCSRFCHECK')) define('NOCSRFCHECK','1'); // Do not check anti CSRF attack test
|
||||
if (! defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL','1'); // Do not check anti POST attack test
|
||||
if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1'); // If there is no need to load and show top and left menu
|
||||
if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML','1'); // If we don't need to load the html.form.class.php
|
||||
if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX','1'); // Do not load ajax.lib.php library
|
||||
if (! defined("NOLOGIN")) define("NOLOGIN",'1'); // If this page is public (can be called outside logged session)
|
||||
// If you don't need session management (can't be logged if no session used). You must also set
|
||||
// NOCSRFCHECK, NOTOKENRENEWAL, NOLOGIN,
|
||||
// Disable module with GETPOST('disablemodules') won't work. Variable 'dol_...' will not be set.
|
||||
// $_SESSION are then simple vars if sessions are not active.
|
||||
if (! defined("NOSESSION")) define("NOSESSION",'1');
|
||||
|
||||
define('REQUIRE_JQUERY_MULTISELECT','select2');
|
||||
|
||||
print PHP_SESSION_DISABLED;
|
||||
print PHP_SESSION_NONE;
|
||||
print PHP_SESSION_ACTIVE;
|
||||
print '<br>';
|
||||
|
||||
print session_status();
|
||||
require '../../main.inc.php';
|
||||
print session_status();
|
||||
print '<br>';
|
||||
|
||||
//print 'a'.$_SESSION['disablemodules'].'b';
|
||||
|
||||
print 'This page is visible. It means you are not locked.';
|
||||
|
||||
//session_write_close();
|
||||
Loading…
Reference in New Issue
Block a user