diff options
author | Gábor Hojtsy <gabor@hojtsy.hu> | 2007-12-05 19:12:59 +0000 |
---|---|---|
committer | Gábor Hojtsy <gabor@hojtsy.hu> | 2007-12-05 19:12:59 +0000 |
commit | afe3f4318ddee5e6273f6b84f8969006ffa58dc4 (patch) | |
tree | 5481631cb582e075dbc5f7292852468fe0e387c7 /includes | |
parent | bc0d7cb36914fd06db890854a3a45ef2b5af8902 (diff) | |
download | brdo-afe3f4318ddee5e6273f6b84f8969006ffa58dc4.tar.gz brdo-afe3f4318ddee5e6273f6b84f8969006ffa58dc4.tar.bz2 |
security fixes forward ported from Drupal 5.2 - previously not committed parts of http://drupal.org/cvs?commit=74833
Diffstat (limited to 'includes')
-rw-r--r-- | includes/session.inc | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/includes/session.inc b/includes/session.inc index f79f11736..e589c07e4 100644 --- a/includes/session.inc +++ b/includes/session.inc @@ -56,8 +56,9 @@ function sess_read($key) { function sess_write($key, $value) { global $user; - // If the client doesn't have a session, and one isn't being created ($value), do nothing. - if (empty($_COOKIE[session_name()]) && empty($value)) { + // If saving of session data is disabled or if the client doesn't have a session, + // and one isn't being created ($value), do nothing. + if (!session_save_session() || (empty($_COOKIE[session_name()]) && empty($value))) { return TRUE; } @@ -153,3 +154,23 @@ function sess_gc($lifetime) { return TRUE; } + +/** + * Determine whether to save session data of the current request. + * + * This function allows the caller to temporarily disable writing of session data, + * should the request end while performing potentially dangerous operations, such as + * manipulating the global $user object. + * + * @param $status + * Disables writing of session data when FALSE, (re-)enables writing when TRUE. + * @return + * FALSE if writing session data has been disabled. Otherwise, TRUE. + */ +function session_save_session($status = NULL) { + static $save_session = TRUE; + if (isset($status)) { + $save_session = $status; + } + return ($save_session); +} |