Merge pull request #1511 from koreus/session

Fix problem with admin save preference
XOOPS · Feb 5, 2025 · e939add · e939add
2 parents e5dcef8 + 81a111e
commit e939add
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 22 deletions.
diff --git a/htdocs/class/xoopssecurity.php b/htdocs/class/xoopssecurity.php
@@ -69,7 +69,8 @@ public function createToken($timeout = 0, $name = 'XOOPS_TOKEN')
             'expire' => time() + (int) $timeout,
         ];
         $_SESSION[$name . '_SESSION'][] = $token_data;
-
+        // Force update of session in base
+        session_write_close();
         return md5($token_id . $_SERVER['HTTP_USER_AGENT'] . XOOPS_DB_PREFIX);
     }
 

diff --git a/htdocs/kernel/session.php b/htdocs/kernel/session.php
@@ -137,7 +137,7 @@ public function read($sessionId): string
             $this->db->quoteString($sessionId)
         );
 
-        $result = $this->db->query($sql);
+        $result = $this->db->queryF($sql);
         if ($this->db->isResultSet($result)) {
             if ([$sess_data, $sess_ip] = $this->db->fetchRow($result)) {
                 if ($this->securityLevel > 1) {
@@ -168,26 +168,22 @@ public function write($sessionId, $data): bool
         $myReturn = true;
         $remoteAddress = \Xmf\IPAddress::fromRequest()->asReadable();
         $sessionId = $this->db->quoteString($sessionId);
-        $sql = sprintf(
-            'UPDATE %s SET sess_updated = %u, sess_data = %s WHERE sess_id = %s',
-            $this->db->prefix('session'),
-            time(),
-            $this->db->quoteString($data),
-            $sessionId
+
+        $sql= sprintf('INSERT INTO %s (sess_id, sess_updated, sess_ip, sess_data)
+        VALUES (%s, %u, %s, %s)
+        ON DUPLICATE KEY UPDATE
+        sess_updated = %u, 
+        sess_data = %s
+        ',
+              $this->db->prefix('session'),
+              $sessionId,
+              time(),
+              $this->db->quote($remoteAddress),
+              $this->db->quote($data),
+              time(),
+              $this->db->quote($data),
         );
-        $this->db->queryF($sql);
-        if (!$this->db->getAffectedRows()) {
-            $sql = sprintf(
-                'INSERT INTO %s (sess_id, sess_updated, sess_ip, sess_data) VALUES (%s, %u, %s, %s)',
-                $this->db->prefix('session'),
-                $sessionId,
-                time(),
-                $this->db->quote($remoteAddress),
-                $this->db->quote($data)
-            );
-
-            $myReturn = $this->db->queryF($sql);
-        }
+        $myReturn = $this->db->queryF($sql);
         $this->update_cookie();
         return $myReturn;
     }

diff --git a/htdocs/modules/system/themes/ComposerInfo.php b/htdocs/modules/system/themes/ComposerInfo.php
@@ -1,6 +1,10 @@
 <?php
 
-header('HTTP/1.0 404 Not Found');
+// Prevent direct access
+if (basename($_SERVER['SCRIPT_FILENAME']) === 'ComposerInfo.php') {
+    header("HTTP/1.0 403 Forbidden");
+    exit('Access Denied');
+}
 
 class ComposerInfo
 {