diff options
| author | Dries Buytaert <dries@buytaert.net> | 2009-06-02 06:58:17 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2009-06-02 06:58:17 +0000 |
| commit | e474fbbd6c57ed6de2ef4b0e826a6ba3b75a11c9 (patch) | |
| tree | 85d19a7a34d41f2de22770376aae166537ae9caf /modules/user | |
| parent | ec78fef144b70854d2a9b770c135960cd9ad8517 (diff) | |
| download | brdo-e474fbbd6c57ed6de2ef4b0e826a6ba3b75a11c9.tar.gz brdo-e474fbbd6c57ed6de2ef4b0e826a6ba3b75a11c9.tar.bz2 | |
- Patch #477944 by Damien Tournoud: fix and streamline page cache and session handling.
Diffstat (limited to 'modules/user')
| -rw-r--r-- | modules/user/user.admin.inc | 10 | ||||
| -rw-r--r-- | modules/user/user.module | 4 |
2 files changed, 5 insertions, 9 deletions
diff --git a/modules/user/user.admin.inc b/modules/user/user.admin.inc index 08f9b1ba5..b53f9b927 100644 --- a/modules/user/user.admin.inc +++ b/modules/user/user.admin.inc @@ -33,10 +33,7 @@ function user_admin($callback_arg = '') { * @see user_filter_form_submit() */ function user_filter_form() { - if (!isset($_SESSION['user_overview_filter'])) { - drupal_set_session('user_overview_filter', array()); - } - $session = &$_SESSION['user_overview_filter']; + $session = isset($_SESSION['user_overview_filter']) ? $_SESSION['user_overview_filter'] : array(); $filters = user_filters(); $i = 0; @@ -103,9 +100,6 @@ function user_filter_form_submit($form, &$form_state) { // Merge an array of arrays into one if necessary. $options = $filter == 'permission' ? call_user_func_array('array_merge', $filters[$filter]['options']) : $filters[$filter]['options']; if (isset($options[$form_state['values'][$filter]])) { - if (!isset($_SESSION['user_overview_filter'])) { - drupal_set_session('user_overview_filter', array()); - } $_SESSION['user_overview_filter'][] = array($filter, $form_state['values'][$filter]); } } @@ -114,7 +108,7 @@ function user_filter_form_submit($form, &$form_state) { array_pop($_SESSION['user_overview_filter']); break; case t('Reset'): - drupal_set_session('user_overview_filter', array()); + $_SESSION['user_overview_filter'] = array(); break; case t('Update'): return; diff --git a/modules/user/user.module b/modules/user/user.module index 460d6858e..089f121ab 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -1715,10 +1715,12 @@ function user_authenticate_finalize(&$edit) { ->fields(array('login' => $user->login)) ->condition('uid', $user->uid) ->execute(); + // Regenerate the session ID to prevent against session fixation attacks. // This is called before hook_user in case one of those functions fails // or incorrectly does a redirect which would leave the old session in place. drupal_session_regenerate(); + user_module_invoke('login', $edit, $user); } @@ -2482,7 +2484,7 @@ function user_build_filter_query(SelectQuery $query) { $filters = user_filters(); // Extend Query with filter conditions. - foreach ($_SESSION['user_overview_filter'] as $filter) { + foreach (isset($_SESSION['user_overview_filter']) ? $_SESSION['user_overview_filter'] : array() as $filter) { list($key, $value) = $filter; // This checks to see if this permission filter is an enabled permission for // the authenticated role. If so, then all users would be listed, and we can |