MDL-14992 refactored use of session_write_close()

mvaraujo · Jan 17, 2009 · 56949c1 · 56949c1
1 parent ef159e5
commit 56949c1
Show file tree

Hide file tree

Showing 15 changed files with 81 additions and 51 deletions.
diff --git a/admin/cron.php b/admin/cron.php
@@ -37,7 +37,7 @@
     }
 
 /// extra safety
-    @session_write_close();
+    @session_get_instance()->write_close();
 
 /// check if execution allowed
     if (isset($_SERVER['REMOTE_ADDR'])) { // if the script is accessed via the web.

diff --git a/admin/dbtransfer/lib.php b/admin/dbtransfer/lib.php
@@ -24,7 +24,7 @@
 function dbtransfer_export_xml_database($description, $mdb) {
     @set_time_limit(0);
 
-    session_write_close(); // release session
+    session_get_instance()->write_close(); // release session
 
     header('Content-Type: application/xhtml+xml');
     header('Content-Disposition: attachment; filename=database.xml');
@@ -45,7 +45,7 @@ function dbtransfer_export_xml_database($description, $mdb) {
 function dbtransfer_transfer_database($sourcedb, $targetdb) {
     @set_time_limit(0);
 
-    session_write_close(); // release session
+    session_get_instance()->write_close(); // release session
 
     $var = new database_mover($sourcedb, $targetdb);
     $var->export_database(null);

diff --git a/course/report/log/index.php b/course/report/log/index.php
@@ -56,7 +56,7 @@
     $stradministration = get_string('administration');
     $strreports = get_string('reports');
 
-    session_write_close();
+    session_get_instance()->write_close();
 
     $navlinks = array();
 

diff --git a/course/report/log/live.php b/course/report/log/live.php
@@ -18,7 +18,7 @@
 
     add_to_log($course->id, "course", "report live", "report/log/live.php?id=$course->id", $course->id); 
 
-    session_write_close();
+    session_get_instance()->write_close();
 
     // we override the default framename so header/footer
     // links open in a new window 

diff --git a/draftfile.php b/draftfile.php
@@ -62,5 +62,5 @@
     // ========================================
     // finally send the file
     // ========================================
-    session_write_close(); // unlock session during fileserving
+    session_get_instance()->write_close(); // unlock session during fileserving
     send_stored_file($file, 0, false, true); // force download - security first!
diff --git a/file.php b/file.php
@@ -93,7 +93,7 @@
     // ========================================
     // finally send the file
     // ========================================
-    session_write_close(); // unlock session during fileserving
+    session_get_instance()->write_close(); // unlock session during fileserving
     send_stored_file($file, $lifetime, $CFG->filteruploadedfiles, $forcedownload);
 
 
diff --git a/lib/dml/moodle_database.php b/lib/dml/moodle_database.php
@@ -246,7 +246,7 @@ public function create_database($dbhost, $dbuser, $dbpass, $dbname) {
     public function dispose() {
         if ($this->used_for_db_sessions) {
             // this is needed because we need to save session to db before closing it
-            session_write_close();
+            session_get_instance()->write_close();
             $this->used_for_db_sessions = false;
         }
         if ($this->database_manager) {

diff --git a/lib/filelib.php b/lib/filelib.php
@@ -787,7 +787,7 @@ function send_temp_file($path, $filename, $pathisstring=false) {
     global $CFG;
 
     // close session - not needed anymore
-    @session_write_close();
+    @session_get_instance()->write_close();
 
     if (!$pathisstring) {
         if (!file_exists($path)) {
@@ -874,7 +874,7 @@ function send_file($path, $filename, $lifetime = 'default' , $filter=0, $pathiss
         }
     }
 
-    session_write_close(); // unlock session during fileserving
+    session_get_instance()->write_close(); // unlock session during fileserving
 
     // Use given MIME type if specified, otherwise guess it using mimeinfo.
     // IE, Konqueror and Opera open html file directly in browser from web even when directed to save it to disk :-O
@@ -1078,7 +1078,7 @@ function send_stored_file($stored_file, $lifetime=86400 , $filter=0, $forcedownl
         ignore_user_abort(true);
     }
 
-    session_write_close(); // unlock session during fileserving
+    session_get_instance()->write_close(); // unlock session during fileserving
 
     // Use given MIME type if specified, otherwise guess it using mimeinfo.
     // IE, Konqueror and Opera open html file directly in browser from web even when directed to save it to disk :-O

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
@@ -2182,7 +2182,7 @@ function require_logout() {
         }
     }
 
-    session_get_instance()->terminate();
+    session_get_instance()->terminate_current();
 }
 
 /**

diff --git a/lib/sessionlib.php b/lib/sessionlib.php
@@ -33,7 +33,19 @@ function session_get_instance() {
 }
 
 interface moodle_session {
-    public function terminate();
+    /**
+     * Terminate current session
+     * @return void
+     */
+    public function terminate_current();
+
+    /**
+     * No more changes in session expected.
+     * Unblocks the sesions, other scripts may start executing in parallel.
+     * @return void
+     */
+    public function write_close();
+
 }
 
 /**
@@ -87,6 +99,52 @@ public function __construct() {
         $this->check_security();
     }
 
+    /**
+     * Terminates active moodle session
+     */
+    public function terminate_current() {
+        global $CFG, $SESSION, $USER;
+
+        if (NO_MOODLE_COOKIES) {
+            return;
+        }
+
+        $_SESSION = array();
+
+        $SESSION  = new object();
+        $USER     = new object();
+        $USER->id = 0;
+        if (isset($CFG->mnet_localhost_id)) {
+            $USER->mnethostid = $CFG->mnet_localhost_id;
+        }
+
+        // Initialize variable to pass-by-reference to headers_sent(&$file, &$line)
+        $file = null;
+        $line = null;
+        if (headers_sent($file, $line)) {
+            error_log('Can not terminate session properly - headers were already sent in file: '.$file.' on line '.$line);
+        }
+
+        // now let's try to get a new session id and destroy the old one
+        @session_regenerate_id(true);
+
+        // close the session
+        @session_write_close();
+    }
+
+    /**
+     * No more changes in session expected.
+     * Unblocks the sesions, other scripts may start executing in parallel.
+     * @return void
+     */
+    public function write_close() {
+        if (NO_MOODLE_COOKIES) {
+            return;
+        }
+
+        session_write_close();
+    }
+
     /**
      * Initialise $USER object, handles google access.
      *
@@ -158,41 +216,12 @@ protected function check_security() {
 
             if ($_SESSION['USER']->sessionip != $remoteaddr) {
                 // this is a security feature - terminate the session in case of any doubt
-                $this->terminate();
+                $this->terminate_current();
                 print_error('sessionipnomatch2', 'error');
             }
         }
     }
 
-    /**
-     * Terminates active moodle session
-     */
-    public function terminate() {
-        global $CFG, $SESSION, $USER;
-
-        $_SESSION = array();
-
-        $SESSION  = new object();
-        $USER     = new object();
-        $USER->id = 0;
-        if (isset($CFG->mnet_localhost_id)) {
-            $USER->mnethostid = $CFG->mnet_localhost_id;
-        }
-
-        // Initialize variable to pass-by-reference to headers_sent(&$file, &$line)
-        $file = null;
-        $line = null;
-        if (headers_sent($file, $line)) {
-            error_log('Can not terminate session properly - headers were already sent in file: '.$file.' on line '.$line);
-        }
-
-        // now let's try to get a new session id and destroy the old one
-        @session_regenerate_id(true);
-
-        // close the session
-        @session_write_close();
-    }
-
     /**
      * Prepare cookies and varions system settings
      */
@@ -268,6 +297,7 @@ protected function init_session_storage() {
         }
         ini_set('session.save_path', $CFG->dataroot .'/sessions');
     }
+
 }
 
 /**

diff --git a/mod/chat/gui_ajax/post.php b/mod/chat/gui_ajax/post.php
@@ -29,7 +29,7 @@
 if (isguest()) {
     chat_print_error('ERROR', get_string('notlogged','chat'));
 }
-session_write_close();
+session_get_instance()->write_close();
 chat_delete_old_users();
 $chat_message = clean_text($chat_message, FORMAT_MOODLE);
 

diff --git a/mod/chat/gui_header_js/insert.php b/mod/chat/gui_header_js/insert.php
@@ -28,7 +28,7 @@
         print_error('noguests');
     }
 
-    session_write_close();
+    session_get_instance()->write_close();
 
 /// Delete old users now
 

diff --git a/pluginfile.php b/pluginfile.php
@@ -103,7 +103,7 @@
             send_file_not_found();
         }
 
-        session_write_close(); // unlock session during fileserving
+        session_get_instance()->write_close(); // unlock session during fileserving
         send_stored_file($file, 60*60, 0, $forcedownload);
 
 
@@ -123,7 +123,7 @@
                 send_file_not_found();
             }
 
-            session_write_close(); // unlock session during fileserving
+            session_get_instance()->write_close(); // unlock session during fileserving
             send_stored_file($file, 0, 0, true);
 
         } else if ($filearea === 'course_intro') {
@@ -138,7 +138,7 @@
                 send_file_not_found();
             }
 
-            session_write_close(); // unlock session during fileserving
+            session_get_instance()->write_close(); // unlock session during fileserving
             send_stored_file($file, 60*60, 0, false); // TODO: change timeout?
 
         } else if ($filearea === 'user_profile') {
@@ -175,7 +175,7 @@
                 send_file_not_found();
             }
 
-            session_write_close(); // unlock session during fileserving
+            session_get_instance()->write_close(); // unlock session during fileserving
             send_stored_file($file, 0, 0, true); // must force download - security!
 
         } else {

diff --git a/question/file.php b/question/file.php
@@ -71,7 +71,7 @@
         }
 
         // send the file
-        session_write_close(); // unlock session during fileserving
+        session_get_instance()->write_close(); // unlock session during fileserving
         $filename = $args[count($args)-1];
         send_file($pathname, $filename, $lifetime, $CFG->filteruploadedfiles, false, $forcedownload);
     } else {

diff --git a/userfile.php b/userfile.php
@@ -83,5 +83,5 @@
     // ========================================
     // finally send the file
     // ========================================
-    session_write_close(); // unlock session during fileserving
+    session_get_instance()->write_close(); // unlock session during fileserving
     send_stored_file($file, 0, false, $forcedownload);
-Original file line number
+Diff line change
@@ Expand Up / @@ -2182,7 +2182,7 @@ function require_logout() { @@
             }
         }
-        session_get_instance()->terminate();
+        session_get_instance()->terminate_current();
     }
     /**
@@ Expand Down @@