diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/book/book.install | 4 | ||||
| -rw-r--r-- | modules/dblog/dblog.admin.inc | 9 | ||||
| -rw-r--r-- | modules/node/node.admin.inc | 9 | ||||
| -rw-r--r-- | modules/openid/openid.module | 6 | ||||
| -rw-r--r-- | modules/simpletest/drupal_web_test_case.php | 3 | ||||
| -rw-r--r-- | modules/simpletest/simpletest.module | 2 | ||||
| -rw-r--r-- | modules/simpletest/tests/session.test | 119 | ||||
| -rw-r--r-- | modules/simpletest/tests/session.test.orig | 178 | ||||
| -rw-r--r-- | modules/simpletest/tests/session_test.module | 54 | ||||
| -rw-r--r-- | modules/system/system.admin.inc | 12 | ||||
| -rw-r--r-- | modules/system/system.install | 8 | ||||
| -rw-r--r-- | modules/user/user.admin.inc | 9 | ||||
| -rw-r--r-- | modules/user/user.module | 18 |
13 files changed, 411 insertions, 20 deletions
diff --git a/modules/book/book.install b/modules/book/book.install index dcc570116..bac5bfd2b 100644 --- a/modules/book/book.install +++ b/modules/book/book.install @@ -129,8 +129,8 @@ function book_update_6000() { db_create_table($ret, 'book', $schema['book']); - $_SESSION['book_update_6000_orphans']['from'] = 0; - $_SESSION['book_update_6000'] = array(); + drupal_set_session('book_update_6000_orphans', array('from' => 0)); + drupal_set_session('book_update_6000', array()); $result = db_query("SELECT * from {book_temp} WHERE parent = 0"); // Collect all books - top-level nodes. diff --git a/modules/dblog/dblog.admin.inc b/modules/dblog/dblog.admin.inc index 835406053..921fb7c4d 100644 --- a/modules/dblog/dblog.admin.inc +++ b/modules/dblog/dblog.admin.inc @@ -262,8 +262,10 @@ function _dblog_format_message($dblog) { * @see dblog_filter_form_validate() */ function dblog_filter_form() { + if (!isset($_SESSION['dblog_overview_filter'])) { + drupal_set_session('dblog_overview_filter', array()); + } $session = &$_SESSION['dblog_overview_filter']; - $session = is_array($session) ? $session : array(); $filters = dblog_filters(); $form['filters'] = array( @@ -319,12 +321,15 @@ function dblog_filter_form_submit($form, &$form_state) { case t('Filter'): foreach ($filters as $name => $filter) { if (isset($form_state['values'][$name])) { + if (!isset($_SESSION['dblog_overview_filter'])) { + drupal_set_session('dblog_overview_filter', array()); + } $_SESSION['dblog_overview_filter'][$name] = $form_state['values'][$name]; } } break; case t('Reset'): - $_SESSION['dblog_overview_filter'] = array(); + drupal_set_session('dblog_overview_filter', array()); break; } return 'admin/reports/dblog'; diff --git a/modules/node/node.admin.inc b/modules/node/node.admin.inc index 992134b1a..4ae27118b 100644 --- a/modules/node/node.admin.inc +++ b/modules/node/node.admin.inc @@ -204,8 +204,10 @@ function node_build_filter_query() { * Return form for node administration filters. */ function node_filter_form() { + if (!isset($_SESSION['node_overview_filter'])) { + drupal_set_session('node_overview_filter', array()); + } $session = &$_SESSION['node_overview_filter']; - $session = is_array($session) ? $session : array(); $filters = node_filters(); $i = 0; @@ -320,6 +322,9 @@ function node_filter_form_submit($form, &$form_state) { $flat_options = form_options_flatten($filters[$filter]['options']); if (isset($flat_options[$form_state['values'][$filter]])) { + if (!isset($_SESSION['node_overview_filter'])) { + drupal_set_session('node_overview_filter', array()); + } $_SESSION['node_overview_filter'][] = array($filter, $form_state['values'][$filter]); } } @@ -328,7 +333,7 @@ function node_filter_form_submit($form, &$form_state) { array_pop($_SESSION['node_overview_filter']); break; case t('Reset'): - $_SESSION['node_overview_filter'] = array(); + drupal_set_session('node_overview_filter', array()); break; } } diff --git a/modules/openid/openid.module b/modules/openid/openid.module index f7636ad29..cf5681b23 100644 --- a/modules/openid/openid.module +++ b/modules/openid/openid.module @@ -161,6 +161,9 @@ function openid_begin($claimed_id, $return_to = '', $form_values = array()) { } // Store discovered information in the users' session so we don't have to rediscover. + if (!isset($_SESSION['openid'])) { + drupal_set_session('openid', array()); + } $_SESSION['openid']['service'] = $services[0]; // Store the claimed id $_SESSION['openid']['claimed_id'] = $claimed_id; @@ -408,6 +411,9 @@ function openid_authentication($response) { // We were unable to register a valid new user, redirect to standard // user/register and prefill with the values we received. drupal_set_message(t('OpenID registration failed for the reasons listed. You may register now, or if you already have an account you can <a href="@login">log in</a> now and add your OpenID under "My Account"', array('@login' => url('user/login'))), 'error'); + if (!isset($_SESSION['openid'])) { + drupal_set_session('openid', array()); + } $_SESSION['openid']['values'] = $form_state['values']; // We'll want to redirect back to the same place. $destination = drupal_get_destination(); diff --git a/modules/simpletest/drupal_web_test_case.php b/modules/simpletest/drupal_web_test_case.php index 0894af5ee..1c1060de5 100644 --- a/modules/simpletest/drupal_web_test_case.php +++ b/modules/simpletest/drupal_web_test_case.php @@ -919,8 +919,9 @@ class DrupalWebTestCase { $user = $this->originalUser; drupal_save_session(TRUE); - // Ensure that the internal logged in variable is reset. + // Ensure that internal logged in variable and cURL options are reset. $this->isLoggedIn = FALSE; + $this->additionalCurlOptions = array(); // Reload module list and implementations to ensure that test module hooks // aren't called after tests. diff --git a/modules/simpletest/simpletest.module b/modules/simpletest/simpletest.module index 783371b54..4054696c4 100644 --- a/modules/simpletest/simpletest.module +++ b/modules/simpletest/simpletest.module @@ -436,7 +436,7 @@ function _simpletest_batch_operation($test_list_init, $test_id, &$context) { function _simpletest_batch_finished($success, $results, $operations, $elapsed) { if (isset($results['test_id'])) { - $_SESSION['test_id'] = $results['test_id']; + drupal_set_session('test_id', $results['test_id']); } if ($success) { drupal_set_message(t('The tests finished in @elapsed.', array('@elapsed' => $elapsed))); diff --git a/modules/simpletest/tests/session.test b/modules/simpletest/tests/session.test index ec27378e3..6b26c71ca 100644 --- a/modules/simpletest/tests/session.test +++ b/modules/simpletest/tests/session.test @@ -146,6 +146,89 @@ class SessionTestCase extends DrupalWebTestCase { } /** + * Test that empty anonymous sessions are destroyed. + */ + function testEmptyAnonymousSession() { + // With caching disabled, a session is always started. + $this->drupalGet(''); + $this->assertSessionCookie(FALSE); + $this->assertSessionStarted(TRUE); + $this->assertSessionEmpty(TRUE); + + variable_set('cache', CACHE_NORMAL); + + // During this request the session is destroyed in drupal_page_footer(), + // and the session cookie is unset. + $this->drupalGet(''); + $this->assertSessionCookie(TRUE); + $this->assertSessionStarted(TRUE); + $this->assertSessionEmpty(TRUE); + $this->assertFalse($this->drupalGetHeader('ETag'), t('Page was not cached.')); + // When PHP deletes a cookie, it sends "Set-Cookie: cookiename=deleted; + // expires=..." + $this->assertTrue(preg_match('/SESS\w+=deleted/', $this->drupalGetHeader('Set-Cookie')), t('Session cookie was deleted.')); + + // Verify that the session cookie was actually deleted. + $this->drupalGet(''); + $this->assertSessionCookie(FALSE); + $this->assertSessionStarted(FALSE); + $this->assertFalse($this->drupalGetHeader('Set-Cookie'), t('New session was not started.')); + + // Start a new session by setting a message. + $this->drupalGet('session-test/set-message'); + $this->assertSessionCookie(FALSE); + $this->assertSessionStarted(FALSE); + $this->assertTrue($this->drupalGetHeader('Set-Cookie'), t('New session was started.')); + + // Display the message. + $this->drupalGet(''); + $this->assertSessionCookie(TRUE); + $this->assertSessionStarted(TRUE); + $this->assertSessionEmpty(FALSE); + $this->assertFalse($this->drupalGetHeader('ETag'), t('Page was not cached.')); + $this->assertText(t('This is a dummy message.'), t('Message was displayed.')); + + // During this request the session is destroyed in _drupal_bootstrap(), + // and the session cookie is unset. + $this->drupalGet(''); + $this->assertSessionCookie(TRUE); + $this->assertSessionStarted(TRUE); + $this->assertSessionEmpty(TRUE); + $this->assertTrue($this->drupalGetHeader('ETag'), t('Page was cached.')); + $this->assertNoText(t('This is a dummy message.'), t('Message was not cached.')); + $this->assertTrue(preg_match('/SESS\w+=deleted/', $this->drupalGetHeader('Set-Cookie')), t('Session cookie was deleted.')); + + // Verify that session was destroyed. + $this->drupalGet(''); + $this->assertSessionCookie(FALSE); + $this->assertSessionStarted(FALSE); + $this->assertTrue($this->drupalGetHeader('ETag'), t('Page was cached.')); + $this->assertFalse($this->drupalGetHeader('Set-Cookie'), t('New session was not started.')); + + // Verify that modifying $_SESSION without having started a session + // generates a watchdog message, and that no messages have been generated + // so far. + $this->assertEqual($this->getWarningCount(), 0, t('No watchdog messages have been generated')); + $this->drupalGet('/session-test/set-not-started'); + $this->assertSessionCookie(FALSE); + $this->assertSessionStarted(FALSE); + $this->assertEqual($this->getWarningCount(), 1, t('1 watchdog messages has been generated')); + } + + /** + * Count watchdog messages about modifying $_SESSION without having started a + * session. + */ + function getWarningCount() { + return db_select('watchdog') + ->condition('type', 'session') + ->condition('message', '$_SESSION is non-empty yet no code has called drupal_session_start().') + ->countQuery() + ->execute() + ->fetchField(); + } + + /** * Reset the cookie file so that it refers to the specified user. * * @param $uid User id to set as the active session. @@ -161,4 +244,40 @@ class SessionTestCase extends DrupalWebTestCase { $this->drupalGet('session-test/get'); $this->assertResponse(200, t('Session test module is correctly enabled.'), t('Session')); } + + /** + * Assert whether the SimpleTest browser sent a session cookie. + */ + function assertSessionCookie($sent) { + if ($sent) { + $this->assertIdentical($this->drupalGetHeader('X-Session-Cookie'), '1', t('Session cookie was sent.')); + } + else { + $this->assertIdentical($this->drupalGetHeader('X-Session-Cookie'), '0', t('Session cookie was not sent.')); + } + } + + /** + * Assert whether session was started during the bootstrap process. + */ + function assertSessionStarted($started) { + if ($started) { + $this->assertIdentical($this->drupalGetHeader('X-Session-Started'), '1', t('Session was started.')); + } + else { + $this->assertIdentical($this->drupalGetHeader('X-Session-Started'), '0', t('Session was not started.')); + } + } + + /** + * Assert whether $_SESSION is empty at the beginning of the request. + */ + function assertSessionEmpty($empty) { + if ($empty) { + $this->assertIdentical($this->drupalGetHeader('X-Session-Empty'), '1', t('Session was empty.')); + } + else { + $this->assertIdentical($this->drupalGetHeader('X-Session-Empty'), '0', t('Session was not empty.')); + } + } } diff --git a/modules/simpletest/tests/session.test.orig b/modules/simpletest/tests/session.test.orig new file mode 100644 index 000000000..4512d9cd4 --- /dev/null +++ b/modules/simpletest/tests/session.test.orig @@ -0,0 +1,178 @@ +<?php +// $Id$ + +/** + * @file + * Provides SimpleTests for core session handling functionality. + */ + +class SessionTestCase extends DrupalWebTestCase { + protected $saved_cookie; + + function getInfo() { + return array( + 'name' => t('Session tests'), + 'description' => t('Drupal session handling tests.'), + 'group' => t('Session') + ); + } + + function setUp() { + parent::setUp('session_test'); + } + + /** + * Implementation of curlHeaderCallback(). + */ + protected function curlHeaderCallback($ch, $header) { + // Look for a Set-Cookie header. + if (preg_match('/^Set-Cookie.+$/i', $header, $matches)) { + $this->saved_cookie = $header; + } + + return parent::curlHeaderCallback($ch, $header); + } + + /** + * Tests for drupal_save_session() and drupal_session_regenerate(). + */ + function testSessionSaveRegenerate() { + $this->assertTrue(drupal_save_session(), t('drupal_save_session() correctly returns TRUE when initially called with no arguments.'), t('Session')); + $this->assertFalse(drupal_save_session(FALSE), t('drupal_save_session() correctly returns FALSE when called with FALSE.'), t('Session')); + $this->assertFalse(drupal_save_session(), t('drupal_save_session() correctly returns FALSE when saving has been disabled.'), t('Session')); + $this->assertTrue(drupal_save_session(TRUE), t('drupal_save_session() correctly returns TRUE when called with TRUE.'), t('Session')); + $this->assertTrue(drupal_save_session(), t('drupal_save_session() correctly returns TRUE when saving has been enabled.'), t('Session')); + + // Test session hardening code from SA-2008-044. + $user = $this->drupalCreateUser(array('access content')); + // Enable sessions. + $this->sessionReset($user->uid); + // Make sure the session cookie is set as HttpOnly. + $this->drupalLogin($user); + $this->assertTrue(preg_match('/HttpOnly/i', $this->saved_cookie), t('Session cookie is set as HttpOnly.')); + $this->drupalLogout(); + // Verify that the session is regenerated if a module calls exit + // in hook_user_login(). + user_save($user, array('name' => 'session_test_user')); + $user->name = 'session_test_user'; + $this->drupalGet('session-test/id'); + $matches = array(); + preg_match('/\s*session_id:(.*)\n/', $this->drupalGetContent(), $matches); + $this->assertTrue(!empty($matches[1]) , t('Found session ID before logging in.')); + $original_session = $matches[1]; + // We cannot use $this->drupalLogin($user); because we exit in + // session_test_user_login() which breaks a normal assertion. + $edit = array( + 'name' => $user->name, + 'pass' => $user->pass_raw + ); + $this->drupalPost('user', $edit, t('Log in')); + $this->drupalGet('node'); + $pass = $this->assertText($user->name, t('Found name: %name', array('%name' => $user->name)), t('User login')); + $this->_logged_in = $pass; + + $this->drupalGet('session-test/id'); + $matches = array(); + preg_match('/\s*session_id:(.*)\n/', $this->drupalGetContent(), $matches); + $this->assertTrue(!empty($matches[1]) , t('Found session ID after logging in.')); + $this->assertTrue($matches[1] != $original_session, t('Session ID changed after login.')); + } + + /** + * Test data persistence via the session_test module callbacks. Also tests + * drupal_session_count() since session data is already generated here. + */ + function testDataPersistence() { + $user = $this->drupalCreateUser(array('access content')); + // Enable sessions. + $this->sessionReset($user->uid); + + $this->drupalLogin($user); + $this->session_count_authenticated = $this->session_count++; + + $value_1 = $this->randomName(); + $this->drupalGet('session-test/set/' . $value_1); + $this->assertText($value_1, t('The session value was stored.'), t('Session')); + $this->drupalGet('session-test/get'); + $this->assertText($value_1, t('Session correctly returned the stored data for an authenticated user.'), t('Session')); + + // Attempt to write over val_1. If drupal_save_session(FALSE) is working. + // properly, val_1 will still be set. + $value_2 = $this->randomName(); + $this->drupalGet('session-test/no-set/' . $value_2); + $this->assertText($value_2, t('The session value was correctly passed to session-test/no-set.'), t('Session')); + $this->drupalGet('session-test/get'); + $this->assertText($value_1, t('Session data is not saved for drupal_save_session(FALSE).'), t('Session')); + + // Switch browser cookie to anonymous user, then back to user 1. + $this->sessionReset(); + $this->sessionReset($user->uid); + $this->assertText($value_1, t('Session data persists through browser close.'), t('Session')); + + // Logout the user and make sure the stored value no longer persists. + $this->drupalLogout(); + $this->sessionReset(); + $this->drupalGet('session-test/get'); + // Session count should go up since we're accessing anonymously now. + $this->session_count_anonymous = $this->session_count++; + $this->assertNoText($value_1, t("After logout, previous user's session data is not available."), t('Session')); + + $value_3 = $this->randomName(); + $this->drupalGet('session-test/set/' . $value_3); + $this->assertText($value_3, t('Session data stored for anonymous user.'), t('Session')); + $this->drupalGet('session-test/get'); + $this->assertText($value_3, t('Session correctly returned the stored data for an anonymous user.'), t('Session')); + + $value_4 = $this->randomName(); + $this->drupalGet('session-test/no-set/' . $value_4); + $this->assertText($value_4, t('The session value was correctly passed to session-test/no-set.'), t('Session')); + $this->drupalGet('session-test/get'); + $this->assertText($value_3, t('Session data is not saved for drupal_save_session(FALSE).'), t('Session')); + + // Logout and get first user back in. Sessions shouldn't persist through + // logout, so the data won't be on the page. + $this->drupalLogin($user); + $this->sessionReset($user->uid); + $this->drupalGet('session-test/get'); + $this->assertNoText($value_1, t('Session has persisted for an authenticated user after logging out and then back in.'), t('Session')); + + // Logout and create another user. + $user2 = $this->drupalCreateUser(array('access content')); + $this->sessionReset($user2->uid); + $this->drupalLogin($user2); + $this->session_count_authenticated = $this->session_count++; + + // Perform drupal_session_count tests here in order to use the session data already generated. + // Test absolute count. + $anonymous = drupal_session_count(0, TRUE); + $authenticated = drupal_session_count(0, FALSE); + $this->assertEqual($anonymous + $authenticated, $this->session_count, t('Correctly counted @count total sessions.', array('@count' => $this->session_count)), t('Session')); + + // Test anonymous count. + $this->assertEqual($anonymous, $this->session_count_anonymous, t('Correctly counted @count anonymous sessions.', array('@count' => $anonymous)), t('Session')); + + // Test authenticated count. + $this->assertEqual($authenticated, $this->session_count_authenticated, t('Correctly counted @count authenticated sessions.', array('@count' => $authenticated)), t('Session')); + + // Should return 0 sessions from 1 second from now. + $this->assertEqual(drupal_session_count(time() + 1), 0, t('Correctly returned 0 sessions newer than the current time.'), t('Session')); + + } + + /** + * Reset the cookie file so that it refers to the specified user. + * + * @param $uid User id to set as the active session. + */ + function sessionReset($uid = 0) { + // Close the internal browser. + $this->curlClose(); + + // Change cookie file for user. + $this->cookie_file = file_directory_temp() . '/cookie.' . $uid . '.txt'; + $this->curl_options[CURLOPT_COOKIEFILE] = $this->cookie_file; + $this->curl_options[CURLOPT_COOKIESESSION] = TRUE; + $this->drupalGet('session-test/get'); + $this->assertResponse(200, t('Session test module is correctly enabled.'), t('Session')); + } +} diff --git a/modules/simpletest/tests/session_test.module b/modules/simpletest/tests/session_test.module index 842e8f014..12eabfe34 100644 --- a/modules/simpletest/tests/session_test.module +++ b/modules/simpletest/tests/session_test.module @@ -31,11 +31,42 @@ function session_test_menu() { 'access arguments' => array('access content'), 'type' => MENU_CALLBACK, ); + $items['session-test/set-message'] = array( + 'title' => t('Session value'), + 'page callback' => '_session_test_set_message', + 'access arguments' => array('access content'), + 'type' => MENU_CALLBACK, + ); + $items['session-test/set-not-started'] = array( + 'title' => t('Session value'), + 'page callback' => '_session_test_set_not_started', + 'access arguments' => array('access content'), + 'type' => MENU_CALLBACK, + ); return $items; } /** + * Implement hook_boot(). + */ +function session_test_boot() { + header('X-Session-Cookie: ' . intval(isset($_COOKIE[session_name()]))); + header('X-Session-Started: ' . intval(drupal_session_is_started())); + header('X-Session-Empty: ' . intval(empty($_SESSION))); +} + +/** + * Implement hook_init(). + */ +function session_test_init() { + // hook_init() is called later in the bootstrap process, but not in cached + // requests. Here the header set in hook_boot() is overwritten, so the + // session state is reported as late in the bootstrap process as possible. + header('X-Session-Started: ' . intval(drupal_session_is_started())); +} + +/** * Page callback, prints the stored session value to the screen. */ function _session_test_get() { @@ -51,7 +82,7 @@ function _session_test_get() { * Page callback, stores a value in $_SESSION['session_test_value']. */ function _session_test_set($value) { - $_SESSION['session_test_value'] = $value; + drupal_set_session('session_test_value', $value); return t('The current value of the stored session variable has been set to %val', array('%val' => $value)); } @@ -73,6 +104,27 @@ function _session_test_id() { } /** + * Menu callback, sets a message to me displayed on the following page. + */ +function _session_test_set_message() { + drupal_set_message(t('This is a dummy message.')); + print t('A message was set.'); + // Do not return anything, so the current request does not result in a themed + // page with messages. The message will be displayed in the following request + // instead. +} + +/** + * Menu callback, stores a value in $_SESSION['session_test_value'] without + * having started the session in advance. + */ +function _session_test_set_not_started() { + if (!drupal_session_is_started()) { + $_SESSION['session_test_value'] = t('Session was not started'); + } +} + +/** * Implementation of hook_user(). */ function session_test_user_login($edit = array(), $user = NULL) { diff --git a/modules/system/system.admin.inc b/modules/system/system.admin.inc index 7a9a5f89e..8b1c2f0b3 100644 --- a/modules/system/system.admin.inc +++ b/modules/system/system.admin.inc @@ -1308,6 +1308,18 @@ function system_performance_settings() { $description = '<p>' . t("The normal cache mode is suitable for most sites and does not cause any side effects. The aggressive cache mode causes Drupal to skip the loading (boot) and unloading (exit) of enabled modules when serving a cached page. This results in an additional performance boost but can cause unwanted side effects.") . '</p>'; + // Check if the "Who's online" block is enabled. + $online_block_enabled = db_select('block') + ->condition('module', 'user') + ->condition('delta', 'online') + ->condition('status', 1) + ->countQuery() + ->execute() + ->fetchField(); + if ($online_block_enabled) { + $description .= '<p>' . t("When caching is enabled, anonymous user sessions are only saved to the database when needed, so the \"Who's online\" block does not display the number of anonymous users.") . '</p>'; + } + $problem_modules = array_unique(array_merge(module_implements('boot'), module_implements('exit'))); sort($problem_modules); diff --git a/modules/system/system.install b/modules/system/system.install index bef8dcb83..d24af9289 100644 --- a/modules/system/system.install +++ b/modules/system/system.install @@ -1899,10 +1899,10 @@ function system_update_6021() { // Multi-part update if (!isset($_SESSION['system_update_6021'])) { db_add_field($ret, 'menu', 'converted', array('type' => 'int', 'unsigned' => TRUE, 'not null' => TRUE, 'default' => 0, 'size' => 'tiny')); - $_SESSION['system_update_6021_max'] = db_result(db_query('SELECT COUNT(*) FROM {menu}')); - $_SESSION['menu_menu_map'] = array(1 => 'navigation'); + drupal_set_session('system_update_6021_max', db_result(db_query('SELECT COUNT(*) FROM {menu}'))); + drupal_set_session('menu_menu_map', array(1 => 'navigation')); // 0 => FALSE is for new menus, 1 => FALSE is for the navigation. - $_SESSION['menu_item_map'] = array(0 => FALSE, 1 => FALSE); + drupal_set_session('menu_item_map', array(0 => FALSE, 1 => FALSE)); $table = array( 'fields' => array( 'menu_name' => array('type' => 'varchar', 'length' => 32, 'not null' => TRUE, 'default' => ''), @@ -1913,7 +1913,7 @@ function system_update_6021() { ); db_create_table($ret, 'menu_custom', $table); db_query("INSERT INTO {menu_custom} (menu_name, title, description) VALUES ('%s', '%s', '%s')", $menus['navigation']); - $_SESSION['system_update_6021'] = 0; + drupal_set_session('system_update_6021', 0); } $limit = 50; diff --git a/modules/user/user.admin.inc b/modules/user/user.admin.inc index 83f30ea20..6a2b05136 100644 --- a/modules/user/user.admin.inc +++ b/modules/user/user.admin.inc @@ -33,8 +33,10 @@ function user_admin($callback_arg = '') { * @see user_filter_form_submit() */ function user_filter_form() { + if (!isset($_SESSION['user_overview_filter'])) { + drupal_set_session('user_overview_filter', array()); + } $session = &$_SESSION['user_overview_filter']; - $session = is_array($session) ? $session : array(); $filters = user_filters(); $i = 0; @@ -101,6 +103,9 @@ function user_filter_form_submit($form, &$form_state) { // Merge an array of arrays into one if necessary. $options = $filter == 'permission' ? call_user_func_array('array_merge', $filters[$filter]['options']) : $filters[$filter]['options']; if (isset($options[$form_state['values'][$filter]])) { + if (!isset($_SESSION['user_overview_filter'])) { + drupal_set_session('user_overview_filter', array()); + } $_SESSION['user_overview_filter'][] = array($filter, $form_state['values'][$filter]); } } @@ -109,7 +114,7 @@ function user_filter_form_submit($form, &$form_state) { array_pop($_SESSION['user_overview_filter']); break; case t('Reset'): - $_SESSION['user_overview_filter'] = array(); + drupal_set_session('user_overview_filter', array()); break; case t('Update'): return; diff --git a/modules/user/user.module b/modules/user/user.module index 092c64e71..3b9403c15 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -812,6 +812,7 @@ function user_block_configure($delta = '') { $period = drupal_map_assoc(array(30, 60, 120, 180, 300, 600, 900, 1800, 2700, 3600, 5400, 7200, 10800, 21600, 43200, 86400), 'format_interval'); $form['user_block_seconds_online'] = array('#type' => 'select', '#title' => t('User activity'), '#default_value' => variable_get('user_block_seconds_online', 900), '#options' => $period, '#description' => t('A user is considered online for this long after they have last viewed a page.')); $form['user_block_max_list_count'] = array('#type' => 'select', '#title' => t('User list length'), '#default_value' => variable_get('user_block_max_list_count', 10), '#options' => drupal_map_assoc(array(0, 5, 10, 15, 20, 25, 30, 40, 50, 75, 100)), '#description' => t('Maximum number of currently online users to display.')); + $form['user_block_cache'] = array('#markup' => '<p>If page caching is disabled, the block shows the number of anonymous and authenticated users, respectively. If page caching is enabled, only the number of authenticated users is displayed.</p>'); return $form; } } @@ -877,15 +878,22 @@ function user_block_view($delta = '') { // Perform database queries to gather online user lists. We use s.timestamp // rather than u.access because it is much faster. - $anonymous_count = drupal_session_count($interval); $authenticated_count = db_query("SELECT COUNT(DISTINCT s.uid) FROM {sessions} s WHERE s.timestamp >= :timestamp AND s.uid > 0", array(':timestamp' => $interval))->fetchField(); - // Format the output with proper grammar. - if ($anonymous_count == 1 && $authenticated_count == 1) { - $output = t('There is currently %members and %visitors online.', array('%members' => format_plural($authenticated_count, '1 user', '@count users'), '%visitors' => format_plural($anonymous_count, '1 guest', '@count guests'))); + // When page caching is enabled, sessions are only created for + // anonymous users when needed. + if (variable_get('cache', CACHE_DISABLED) == CACHE_DISABLED) { + $anonymous_count = drupal_session_count($interval); + // Format the output with proper grammar. + if ($anonymous_count == 1 && $authenticated_count == 1) { + $output = t('There is currently %members and %visitors online.', array('%members' => format_plural($authenticated_count, '1 user', '@count users'), '%visitors' => format_plural($anonymous_count, '1 guest', '@count guests'))); + } + else { + $output = t('There are currently %members and %visitors online.', array('%members' => format_plural($authenticated_count, '1 user', '@count users'), '%visitors' => format_plural($anonymous_count, '1 guest', '@count guests'))); + } } else { - $output = t('There are currently %members and %visitors online.', array('%members' => format_plural($authenticated_count, '1 user', '@count users'), '%visitors' => format_plural($anonymous_count, '1 guest', '@count guests'))); + $output = format_plural($authenticated_count, 'There is currently 1 user online.', 'There are currently @count users online.'); } // Display a list of currently online users. |