Skip to content

Commit

Permalink
Merge pull request #8388 from Sesquipedalian/2.1/sid
Browse files Browse the repository at this point in the history 
Does a better job dealing with deprecation of SID constant
  • Loading branch information
@Sesquipedalian
Sesquipedalian authored Dec 31, 2024
2 parents 3fad4d5 + b4dce4e commit b52a4ab
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 12 deletions.
17 changes: 10 additions & 7 deletions Sources/QueryString.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -648,14 +648,17 @@ function ob_sessrewrite($buffer)
{
global $scripturl, $modSettings, $context;

// If $scripturl is set to nothing, or the session ID is not defined (SSI?) just quit.
if ($scripturl == '' || session_id() === false)
// PHP 8.4 deprecated SID. A better long-term solution is needed, but this works for now.
$sid = defined('SID') ? @constant('SID') : null;

// If $scripturl is set to nothing, or the SID is not defined (SSI?) just quit.
if ($scripturl == '' || !isset($sid))
return $buffer;

// Do nothing if the session is cookied, or they are a crawler - guests are caught by redirectexit(). This doesn't work below PHP 4.3.0, because it makes the output buffer bigger.
// @todo smflib
if (empty($_COOKIE) && session_id() != '' && !isBrowser('possibly_robot'))
$buffer = preg_replace('/(?<!<link rel="canonical" href=)"' . preg_quote($scripturl, '/') . '(?!\?' . preg_quote(session_id(), '/') . ')\\??/', '"' . $scripturl . '?' . session_id() . '&amp;', $buffer);
if (empty($_COOKIE) && $sid != '' && !isBrowser('possibly_robot'))
$buffer = preg_replace('/(?<!<link rel="canonical" href=)"' . preg_quote($scripturl, '/') . '(?!\?' . preg_quote($sid, '/') . ')\\??/', '"' . $scripturl . '?' . $sid . '&amp;', $buffer);
// Debugging templates, are we?
elseif (isset($_GET['debug']))
$buffer = preg_replace('/(?<!<link rel="canonical" href=)"' . preg_quote($scripturl, '/') . '\\??/', '"' . $scripturl . '?debug;', $buffer);
Expand All @@ -664,14 +667,14 @@ function ob_sessrewrite($buffer)
if (!empty($modSettings['queryless_urls']) && (!$context['server']['is_cgi'] || ini_get('cgi.fix_pathinfo') == 1 || @get_cfg_var('cgi.fix_pathinfo') == 1) && ($context['server']['is_apache'] || $context['server']['is_lighttpd'] || $context['server']['is_litespeed']))
{
// Let's do something special for session ids!
if (session_id() != '')
if (isset($sid) && $sid != '')
$buffer = preg_replace_callback(
'~"' . preg_quote($scripturl, '~') . '\?(?:' . session_id() . '(?:;|&|&amp;))((?:board|topic)=[^#"]+?)(#[^"]*?)?"~',
'~"' . preg_quote($scripturl, '~') . '\?(?:' . $sid . '(?:;|&|&amp;))((?:board|topic)=[^#"]+?)(#[^"]*?)?"~',
function($m)
{
global $scripturl;

return '"' . $scripturl . "/" . strtr("$m[1]", '&;=', '//,') . ".html?" . session_id() . (isset($m[2]) ? $m[2] : "") . '"';
return '"' . $scripturl . "/" . strtr("$m[1]", '&;=', '//,') . ".html?" . $sid . (isset($m[2]) ? $m[2] : "") . '"';
},
$buffer
);
Expand Down
13 changes: 8 additions & 5 deletions Sources/Subs.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4065,21 +4065,24 @@ function redirectexit($setLocation = '', $refresh = false, $permanent = false)
if ($add)
$setLocation = $scripturl . ($setLocation != '' ? '?' . $setLocation : '');

// PHP 8.4 deprecated SID. A better long-term solution is needed, but this works for now.
$sid = defined('SID') ? @constant('SID') : null;

// Put the session ID in.
if (session_id() != '')
$setLocation = preg_replace('/^' . preg_quote($scripturl, '/') . '(?!\?' . preg_quote(session_id(), '/') . ')\\??/', $scripturl . '?' . session_id() . ';', $setLocation);
if (isset($sid) && $sid != '')
$setLocation = preg_replace('/^' . preg_quote($scripturl, '/') . '(?!\?' . preg_quote($sid, '/') . ')\\??/', $scripturl . '?' . $sid . ';', $setLocation);
// Keep that debug in their for template debugging!
elseif (isset($_GET['debug']))
$setLocation = preg_replace('/^' . preg_quote($scripturl, '/') . '\\??/', $scripturl . '?debug;', $setLocation);

if (!empty($modSettings['queryless_urls']) && (empty($context['server']['is_cgi']) || ini_get('cgi.fix_pathinfo') == 1 || @get_cfg_var('cgi.fix_pathinfo') == 1) && (!empty($context['server']['is_apache']) || !empty($context['server']['is_lighttpd']) || !empty($context['server']['is_litespeed'])))
{
if (session_id() != '')
if (isset($sid) && $sid != '')
$setLocation = preg_replace_callback(
'~^' . preg_quote($scripturl, '~') . '\?(?:' . session_id() . '(?:;|&|&amp;))((?:board|topic)=[^#]+?)(#[^"]*?)?$~',
'~^' . preg_quote($scripturl, '~') . '\?(?:' . $sid . '(?:;|&|&amp;))((?:board|topic)=[^#]+?)(#[^"]*?)?$~',
function($m) use ($scripturl)
{
return $scripturl . '/' . strtr("$m[1]", '&;=', '//,') . '.html?' . session_id() . (isset($m[2]) ? "$m[2]" : "");
return $scripturl . '/' . strtr("$m[1]", '&;=', '//,') . '.html?' . $sid . (isset($m[2]) ? "$m[2]" : "");
},
$setLocation
);
Expand Down

0 comments on commit b52a4ab

Please sign in to comment.