From 1fa3e6ac15af5913863c2130389f28db51ccba4a Mon Sep 17 00:00:00 2001 From: vgouleau Date: Wed, 8 Sep 2021 11:05:13 +0200 Subject: [PATCH] =?UTF-8?q?Ensures=20that=20session=20values=20=E2=80=8B?= =?UTF-8?q?=E2=80=8Bouter=20of=20"CiviCRM"=20scope=20are=20not=20altered?= =?UTF-8?q?=20by=20the=20CRM.=20Ensures=20that=20CRM=5FCore=5FSession::=5F?= =?UTF-8?q?session=20is=20still=20a=20valid=20reference=20to=20$=5FSESSION?= =?UTF-8?q?.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CRM/Core/Session.php | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/CRM/Core/Session.php b/CRM/Core/Session.php index dcbe3a7823c0..57939665f424 100644 --- a/CRM/Core/Session.php +++ b/CRM/Core/Session.php @@ -41,13 +41,6 @@ class CRM_Core_Session { */ protected $_session = NULL; - /** - * Current php Session ID : needed to detect if the session is changed - * - * @var string - */ - protected $sessionID; - /** * We only need one instance of this object. So we use the singleton * pattern and cache the instance in this variable @@ -128,10 +121,9 @@ public function isEmpty() { * Is this a read operation, in this case, the session will not be touched. */ public function initialize($isRead = FALSE) { - // remove $_SESSION reference if session is changed - if (($sid = session_id()) !== $this->sessionID) { - $this->_session = NULL; - $this->sessionID = $sid; + // reset $this->_session in case if it is no longer a reference to $_SESSION; + if (isset($_SESSION) && isset($this->_session) && $_SESSION !== $this->_session) { + unset($this->_session); } // lets initialize the _session variable just before we need it // hopefully any bootstrapping code will actually load the session from the CMS @@ -171,9 +163,9 @@ public function reset($all = 1) { unset($this->_session[$this->_key]); } else { - $this->_session = []; + $this->_session[$this->_key] = []; + unset($this->_session); } - } /**