From 5300351831f710cbaea1eb8638d7948eaaf98481 Mon Sep 17 00:00:00 2001 From: "Eloy Lafuente (stronk7)" Date: Tue, 4 Jan 2022 21:06:40 +0100 Subject: [PATCH] MDL-73500 general: Remove php < 73 conditional code This commit removes code that only was being executed by php < 73 and it's 100% safe to do so because Moodle 3.11 and up require php 73, hence it was not executed ever. Removed code includes: - ldap_control_paged_result and ldap_control_paged_result_response (that were deprecated in php 73 and have been removed in php 80). - conditional code in the session manager, where some hacks were needed for php < 73. Note that this removes the private function append_samesite_cookie_attribute() completely because it was doinf nothing (first line was returning for php < 73). - Also removed the old session.hash_function ini setting because it was removed in php 71. Kept code includes: - The environmental check_igbinary322_version test has not been removed because it doesn't hurt (always returns "ok" for php 73 sites) and doing it would involve to backport the environment.xml file to 39 and 310. Instead, a note has been added to MDL-71747 in order to get rid of that check for 4.1 and up. --- auth/ldap/auth.php | 99 ++++++++--------------------- enrol/ldap/lib.php | 106 +++++++++----------------------- lib/classes/session/manager.php | 69 ++++----------------- 3 files changed, 65 insertions(+), 209 deletions(-) diff --git a/auth/ldap/auth.php b/auth/ldap/auth.php index 04ba8c94305fa..9eb3a860421fc 100644 --- a/auth/ldap/auth.php +++ b/auth/ldap/auth.php @@ -709,35 +709,18 @@ function sync_users($do_updates=true) { do { if ($ldappagedresults) { - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - // Before 7.3, use this function that was deprecated in PHP 7.4. - ldap_control_paged_result($ldapconnection, $this->config->pagesize, true, $ldapcookie); - } else { - // PHP 7.3 and up, use server controls. - $servercontrols = array(array( - 'oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => array( - 'size' => $this->config->pagesize, 'cookie' => $ldapcookie))); - } + $servercontrols = array(array( + 'oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => array( + 'size' => $this->config->pagesize, 'cookie' => $ldapcookie))); } if ($this->config->search_sub) { // Use ldap_search to find first user from subtree. - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - $ldapresult = ldap_search($ldapconnection, $context, $filter, array($this->config->user_attribute)); - } else { - $ldapresult = ldap_search($ldapconnection, $context, $filter, array($this->config->user_attribute), - 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); - } + $ldapresult = ldap_search($ldapconnection, $context, $filter, array($this->config->user_attribute), + 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); } else { // Search only in this context. - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - $ldapresult = ldap_list($ldapconnection, $context, $filter, array($this->config->user_attribute)); - } else { - $ldapresult = ldap_list($ldapconnection, $context, $filter, array($this->config->user_attribute), - 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); - } + $ldapresult = ldap_list($ldapconnection, $context, $filter, array($this->config->user_attribute), + 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); } if (!$ldapresult) { continue; @@ -745,22 +728,11 @@ function sync_users($do_updates=true) { if ($ldappagedresults) { // Get next server cookie to know if we'll need to continue searching. $ldapcookie = ''; - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - // Before 7.3, use this function that was deprecated in PHP 7.4. - $pagedresp = ldap_control_paged_result_response($ldapconnection, $ldapresult, $ldapcookie); - // Function ldap_control_paged_result_response() does not overwrite $ldapcookie if it fails, by - // setting this to null we avoid an infinite loop. - if ($pagedresp === false) { - $ldapcookie = null; - } - } else { - // Get next cookie from controls. - ldap_parse_result($ldapconnection, $ldapresult, $errcode, $matcheddn, - $errmsg, $referrals, $controls); - if (isset($controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'])) { - $ldapcookie = $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie']; - } + // Get next cookie from controls. + ldap_parse_result($ldapconnection, $ldapresult, $errcode, $matcheddn, + $errmsg, $referrals, $controls); + if (isset($controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'])) { + $ldapcookie = $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie']; } } if ($entry = @ldap_first_entry($ldapconnection, $ldapresult)) { @@ -1568,35 +1540,18 @@ function ldap_get_userlist($filter='*') { do { if ($ldap_pagedresults) { - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - // Before 7.3, use this function that was deprecated in PHP 7.4. - ldap_control_paged_result($ldapconnection, $this->config->pagesize, true, $ldap_cookie); - } else { - // PHP 7.3 and up, use server controls. - $servercontrols = array(array( - 'oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => array( - 'size' => $this->config->pagesize, 'cookie' => $ldap_cookie))); - } + $servercontrols = array(array( + 'oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => array( + 'size' => $this->config->pagesize, 'cookie' => $ldap_cookie))); } if ($this->config->search_sub) { // Use ldap_search to find first user from subtree. - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - $ldap_result = ldap_search($ldapconnection, $context, $filter, array($this->config->user_attribute)); - } else { - $ldap_result = ldap_search($ldapconnection, $context, $filter, array($this->config->user_attribute), - 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); - } + $ldap_result = ldap_search($ldapconnection, $context, $filter, array($this->config->user_attribute), + 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); } else { // Search only in this context. - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - $ldap_result = ldap_list($ldapconnection, $context, $filter, array($this->config->user_attribute)); - } else { - $ldap_result = ldap_list($ldapconnection, $context, $filter, array($this->config->user_attribute), - 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); - } + $ldap_result = ldap_list($ldapconnection, $context, $filter, array($this->config->user_attribute), + 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); } if(!$ldap_result) { continue; @@ -1604,17 +1559,11 @@ function ldap_get_userlist($filter='*') { if ($ldap_pagedresults) { // Get next server cookie to know if we'll need to continue searching. $ldap_cookie = ''; - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - // Before 7.3, use this function that was deprecated in PHP 7.4. - ldap_control_paged_result_response($ldapconnection, $ldap_result, $ldap_cookie); - } else { - // Get next cookie from controls. - ldap_parse_result($ldapconnection, $ldap_result, $errcode, $matcheddn, - $errmsg, $referrals, $controls); - if (isset($controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'])) { - $ldap_cookie = $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie']; - } + // Get next cookie from controls. + ldap_parse_result($ldapconnection, $ldap_result, $errcode, $matcheddn, + $errmsg, $referrals, $controls); + if (isset($controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'])) { + $ldap_cookie = $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie']; } } $users = ldap_get_entries_moodle($ldapconnection, $ldap_result); diff --git a/enrol/ldap/lib.php b/enrol/ldap/lib.php index 5b44a5a7f8865..df57f2ae3270f 100644 --- a/enrol/ldap/lib.php +++ b/enrol/ldap/lib.php @@ -389,40 +389,21 @@ public function sync_enrolments(progress_trace $trace, $onecourse = null) { $flat_records = array(); do { if ($ldap_pagedresults) { - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - // Before 7.3, use this function that was deprecated in PHP 7.4. - ldap_control_paged_result($this->ldapconnection, $this->config->pagesize, true, $ldap_cookie); - } else { - // PHP 7.3 and up, use server controls. - $servercontrols = array(array( - 'oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => array( - 'size' => $this->config->pagesize, 'cookie' => $ldap_cookie))); - } + $servercontrols = array(array( + 'oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => array( + 'size' => $this->config->pagesize, 'cookie' => $ldap_cookie))); } if ($this->config->course_search_sub) { // Use ldap_search to find first user from subtree - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - $ldap_result = @ldap_search($this->ldapconnection, $ldap_context, - $ldap_search_pattern, $ldap_fields_wanted); - } else { - $ldap_result = @ldap_search($this->ldapconnection, $ldap_context, - $ldap_search_pattern, $ldap_fields_wanted, - 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); - } + $ldap_result = @ldap_search($this->ldapconnection, $ldap_context, + $ldap_search_pattern, $ldap_fields_wanted, + 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); } else { // Search only in this context - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - $ldap_result = @ldap_list($this->ldapconnection, $ldap_context, - $ldap_search_pattern, $ldap_fields_wanted); - } else { - $ldap_result = @ldap_list($this->ldapconnection, $ldap_context, - $ldap_search_pattern, $ldap_fields_wanted, - 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); - } + $ldap_result = @ldap_list($this->ldapconnection, $ldap_context, + $ldap_search_pattern, $ldap_fields_wanted, + 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); } if (!$ldap_result) { continue; // Next @@ -431,17 +412,11 @@ public function sync_enrolments(progress_trace $trace, $onecourse = null) { if ($ldap_pagedresults) { // Get next server cookie to know if we'll need to continue searching. $ldap_cookie = ''; - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - // Before 7.3, use this function that was deprecated in PHP 7.4. - ldap_control_paged_result_response($this->ldapconnection, $ldap_result, $ldap_cookie); - } else { - // Get next cookie from controls. - ldap_parse_result($this->ldapconnection, $ldap_result, $errcode, $matcheddn, - $errmsg, $referrals, $controls); - if (isset($controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'])) { - $ldap_cookie = $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie']; - } + // Get next cookie from controls. + ldap_parse_result($this->ldapconnection, $ldap_result, $errcode, $matcheddn, + $errmsg, $referrals, $controls); + if (isset($controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'])) { + $ldap_cookie = $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie']; } } @@ -806,40 +781,21 @@ protected function find_ext_enrolments($memberuid, $role) { $flat_records = array(); do { if ($ldap_pagedresults) { - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - // Before 7.3, use this function that was deprecated in PHP 7.4. - ldap_control_paged_result($this->ldapconnection, $this->config->pagesize, true, $ldap_cookie); - } else { - // PHP 7.3 and up, use server controls. - $servercontrols = array(array( - 'oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => array( - 'size' => $this->config->pagesize, 'cookie' => $ldap_cookie))); - } + $servercontrols = array(array( + 'oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => array( + 'size' => $this->config->pagesize, 'cookie' => $ldap_cookie))); } if ($this->get_config('course_search_sub')) { // Use ldap_search to find first user from subtree - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - $ldap_result = @ldap_search($this->ldapconnection, $context, - $ldap_search_pattern, $ldap_fields_wanted); - } else { - $ldap_result = @ldap_search($this->ldapconnection, $context, - $ldap_search_pattern, $ldap_fields_wanted, - 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); - } + $ldap_result = @ldap_search($this->ldapconnection, $context, + $ldap_search_pattern, $ldap_fields_wanted, + 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); } else { // Search only in this context - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - $ldap_result = @ldap_list($this->ldapconnection, $context, - $ldap_search_pattern, $ldap_fields_wanted); - } else { - $ldap_result = @ldap_list($this->ldapconnection, $context, - $ldap_search_pattern, $ldap_fields_wanted, - 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); - } + $ldap_result = @ldap_list($this->ldapconnection, $context, + $ldap_search_pattern, $ldap_fields_wanted, + 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); } if (!$ldap_result) { @@ -849,17 +805,11 @@ protected function find_ext_enrolments($memberuid, $role) { if ($ldap_pagedresults) { // Get next server cookie to know if we'll need to continue searching. $ldap_cookie = ''; - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - // Before 7.3, use this function that was deprecated in PHP 7.4. - ldap_control_paged_result_response($this->ldapconnection, $ldap_result, $ldap_cookie); - } else { - // Get next cookie from controls. - ldap_parse_result($this->ldapconnection, $ldap_result, $errcode, $matcheddn, - $errmsg, $referrals, $controls); - if (isset($controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'])) { - $ldap_cookie = $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie']; - } + // Get next cookie from controls. + ldap_parse_result($this->ldapconnection, $ldap_result, $errcode, $matcheddn, + $errmsg, $referrals, $controls); + if (isset($controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'])) { + $ldap_cookie = $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie']; } } diff --git a/lib/classes/session/manager.php b/lib/classes/session/manager.php index d1a7530652e38..eb623cdcfbc1c 100644 --- a/lib/classes/session/manager.php +++ b/lib/classes/session/manager.php @@ -377,29 +377,23 @@ protected static function prepare_cookies() { // Set configuration. session_name($sessionname); - if (version_compare(PHP_VERSION, '7.3.0', '>=')) { - $sessionoptions = [ - 'lifetime' => 0, - 'path' => $CFG->sessioncookiepath, - 'domain' => $CFG->sessioncookiedomain, - 'secure' => $cookiesecure, - 'httponly' => $CFG->cookiehttponly, - ]; - - if (self::should_use_samesite_none()) { - // If $samesite is empty, we don't want there to be any SameSite attribute. - $sessionoptions['samesite'] = 'None'; - } + $sessionoptions = [ + 'lifetime' => 0, + 'path' => $CFG->sessioncookiepath, + 'domain' => $CFG->sessioncookiedomain, + 'secure' => $cookiesecure, + 'httponly' => $CFG->cookiehttponly, + ]; - session_set_cookie_params($sessionoptions); - } else { - // Once PHP 7.3 becomes our minimum, drop this in favour of the alternative call to session_set_cookie_params above, - // as that does not require a hack to work with same site settings on cookies. - session_set_cookie_params(0, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $cookiesecure, $CFG->cookiehttponly); + if (self::should_use_samesite_none()) { + // If $samesite is empty, we don't want there to be any SameSite attribute. + $sessionoptions['samesite'] = 'None'; } + + session_set_cookie_params($sessionoptions); + ini_set('session.use_trans_sid', '0'); ini_set('session.use_only_cookies', '1'); - ini_set('session.hash_function', '0'); // For now MD5 - we do not have room for sha-1 in sessions table. ini_set('session.use_strict_mode', '0'); // We have custom protection in session init. ini_set('session.serialize_handler', 'php'); // We can move to 'php_serialize' after we require PHP 5.5.4 form Moodle. @@ -559,8 +553,6 @@ protected static function initialise_user_session($newsid) { if ($timedout) { $_SESSION['SESSION']->has_timed_out = true; } - - self::append_samesite_cookie_attribute(); } /** @@ -628,7 +620,6 @@ public static function login_user(\stdClass $user) { // Setup $USER object. self::set_user($user); - self::append_samesite_cookie_attribute(); } /** @@ -652,39 +643,6 @@ private static function should_use_samesite_none(): bool { return false; } - /** - * Conditionally append the SameSite attribute to the session cookie if necessary. - * - * Contains a hack for versions of PHP lower than 7.3 as there is no API built into PHP cookie API - * for adding the SameSite setting. - * - * This won't change the Set-Cookie headers if: - * - PHP 7.3 or higher is being used. That already adds the SameSite attribute without any hacks. - * - If the samesite setting is empty. - * - If the samesite setting is None but the browser is not compatible with that setting. - */ - private static function append_samesite_cookie_attribute() { - if (version_compare(PHP_VERSION, '7.3.0', '>=')) { - // This hack is only necessary if we weren't able to set the samesite flag via the session_set_cookie_params API. - return; - } - - if (!self::should_use_samesite_none()) { - return; - } - - $cookies = headers_list(); - header_remove('Set-Cookie'); - $setcookiesession = 'Set-Cookie: ' . session_name() . '='; - - foreach ($cookies as $cookie) { - if (strpos($cookie, $setcookiesession) === 0) { - $cookie .= '; SameSite=None'; - } - header($cookie, false); - } - } - /** * Terminate current user session. * @return void @@ -718,7 +676,6 @@ public static function terminate_current() { self::init_empty_session(); self::add_session_record($_SESSION['USER']->id); // Do not use $USER here because it may not be set up yet. self::write_close(); - self::append_samesite_cookie_attribute(); } /**