Skip to content
Snippets Groups Projects

Issue #337534 Use of unhashed session IDs will break stale session cleanup

Open Issue #337534 Use of unhashed session IDs will break stale session cleanup
issue/masquerade-3375341:3375341-use-of-unhashed into 7.x-1.x
Open Volha requested to merge issue/masquerade-3375341:3375341-use-of-unhashed into 7.x-1.x
Compare
and
1 file
+ 23
7
Compare changes
  • Side-by-side
  • Inline
masquerade.module
+ 23
7
@@ -54,7 +54,7 @@ function masquerade_init() {
// Try to load masqing uid from masquerade table.
$uid = db_query("SELECT uid_from FROM {masquerade} WHERE sid = :sid AND uid_as = :uid_as", array(
':sid' => session_id(),
':sid' => masquerade_session_id(),
':uid_as' => $user->uid,
))->fetchField();
@@ -371,7 +371,7 @@ function masquerade_user_logout($account) {
watchdog('masquerade', "User %user no longer masquerading as %masq_as.", array('%user' => $real_user->name, '%masq_as' => $user->name), WATCHDOG_INFO);
$query = db_delete('masquerade');
$query->condition('sid', session_id());
$query->condition('sid', masquerade_session_id());
$query->condition('uid_as', $account->uid);
$query->execute();
}
@@ -490,7 +490,7 @@ function masquerade_user_validate(&$form, $form_state) {
*/
function masquerade_user_submit(&$form, $form_state) {
global $_masquerade_old_session_id;
$_masquerade_old_session_id = session_id();
$_masquerade_old_session_id = masquerade_session_id();
}
/**
@@ -521,7 +521,7 @@ function masquerade_user_update(&$edit, $account, $category) {
if (!empty($_masquerade_old_session_id)) {
$query = db_update('masquerade');
$query->fields(array(
'sid' => session_id(),
'sid' => masquerade_session_id(),
));
$query->condition('sid', $_masquerade_old_session_id);
$query->execute();
@@ -851,7 +851,7 @@ function masquerade_switch_user($uid) {
$query->fields(array(
'uid_from' => $user->uid,
'uid_as' => $new_user->uid,
'sid' => session_id(),
'sid' => masquerade_session_id(),
));
$query->execute();
// switch user
@@ -892,12 +892,12 @@ function masquerade_switch_back() {
global $user;
cache_clear_all($user->uid, 'cache_menu', TRUE);
$uid = db_query("SELECT m.uid_from FROM {masquerade} m WHERE m.sid = :sid AND m.uid_as = :uid_as ", array(
':sid' => session_id(),
':sid' => masquerade_session_id(),
':uid_as' => $user->uid,
))->fetchField();
// erase record
db_delete('masquerade')
->condition('sid', session_id())
->condition('sid', masquerade_session_id())
->condition('uid_as', $user->uid)
->execute();
@@ -915,3 +915,19 @@ function masquerade_switch_back() {
watchdog('masquerade', 'User %user no longer masquerading as %masq_as.', array('%user' => $user->name, '%masq_as' => $oldname), WATCHDOG_INFO);
}
/**
* Returns default session_id or hashed session_id if hashing for sessions is enabled.
* See https://www.drupal.org/node/3364841.
*
* @return
* A default session_id or hashed session_id.
*/
function masquerade_session_id() {
if (function_exists('drupal_session_id')) {
return drupal_session_id(session_id());
}
else {
return session_id();
}
}