From 50cb99b7f83a2e446ee2ff828d3fb3938d28786d Mon Sep 17 00:00:00 2001
From: Thibault Dockx <thibault.dockx@fusiondirectory.org>
Date: Thu, 9 Jan 2025 21:41:42 +0000
Subject: [PATCH] :sparkles: Progression of non-serialization items found
Quick and dirty fix to avoid serialization of non-seria.. items
---
include/class_Combinations.inc | 10 +++---
include/class_config.inc | 2 +-
include/login/class_LoginMethod.inc | 34 ++++++++++++++++++-
.../management/class_EntrySortIterator.inc | 10 +++---
include/management/class_ListingEntry.inc | 8 ++---
.../password-methods/class_passwordMethod.inc | 2 +-
6 files changed, 49 insertions(+), 17 deletions(-)
diff --git a/include/class_Combinations.inc b/include/class_Combinations.inc
index 65027c70e..68b681f72 100755
--- a/include/class_Combinations.inc
+++ b/include/class_Combinations.inc
@@ -36,12 +36,12 @@ class Combinations implements Iterator
$this->rewind();
}
- function key ()
+ function key () : mixed
{
return $this->pos;
}
- function current ()
+ function current () : mixed
{
$r = [];
for ($i = 0; $i < $this->size; $i++) {
@@ -50,7 +50,7 @@ class Combinations implements Iterator
return $r;
}
- function next ()
+ function next () : void
{
if ($this->_next()) {
$this->pos++;
@@ -59,13 +59,13 @@ class Combinations implements Iterator
}
}
- function rewind ()
+ function rewind () : void
{
$this->current = range(0, $this->size);
$this->pos = 0;
}
- function valid ()
+ function valid () : bool
{
return ($this->pos >= 0);
}
diff --git a/include/class_config.inc b/include/class_config.inc
index e8eb7c8f0..46e8954ab 100755
--- a/include/class_config.inc
+++ b/include/class_config.inc
@@ -1004,7 +1004,7 @@ class config
}
if (!isset($this->data['CATEGORIES'][$cat]['description'])) {
$this->data['CATEGORIES'][$cat]['description'] = $infos['name'];
- preg_match_all('/objectClass=([^= \)\(]+)/', $infos['filter'], $m);
+ preg_match_all('/objectClass=([^= \)\(]+)/', $infos['filter'] ?? '', $m);
$this->data['CATEGORIES'][$cat]['objectClass'] = $m[1];
}
}
diff --git a/include/login/class_LoginMethod.inc b/include/login/class_LoginMethod.inc
index d036f488f..22465a024 100755
--- a/include/login/class_LoginMethod.inc
+++ b/include/login/class_LoginMethod.inc
@@ -152,6 +152,31 @@ class LoginMethod
return TRUE;
}
+ // ################################ Below Quick dirty fix for php8.2 for non-serializable items ######################
+ static function backupSessionToVariable()
+ {
+ $backupData = $_SESSION;
+
+ // Remove non-serializable data
+ if (isset($backupData['config']->parser)) {
+ unset($backupData['config']->parser);
+ }
+
+ return $backupData;
+ }
+
+ static function restoreSessionFromVariable($backupData)
+ {
+ $_SESSION = $backupData;
+
+ // Reinitialize non-serializable objects
+ if (isset($_SESSION['config'])) {
+ $_SESSION['config']->parser = new XMLParser();
+ }
+ }
+
+ // ################################# Above Quick dirty fix for php8.2 for non-serializable items ######################
+
/*! \brief Connect user */
static function connect ()
{
@@ -159,9 +184,16 @@ class LoginMethod
$ui = session::get('ui');
- //Create new session ID to avoir session_fixation security issues after sucess login
+ // #### QUICK AND DIRTY FIX FOR PHP 8.2
+ // Backup session to a variable
+ $sessionBackup = LoginMethod::backupSessionToVariable();
+
+ // Create new session ID in order to have session_fixation security issues after success login
session_regenerate_id();
+ // #### QUICK AND DIRTY FIX FOR PHP 8.2
+ LoginMethod::restoreSessionFromVariable($sessionBackup);
+
/* Not account expired or password forced change go to main page */
logging::log('security', 'login', $ui->uid, [], 'Logged in successfully');
session::set('connected', 1);
diff --git a/include/management/class_EntrySortIterator.inc b/include/management/class_EntrySortIterator.inc
index 158bc96e8..40e13bebb 100755
--- a/include/management/class_EntrySortIterator.inc
+++ b/include/management/class_EntrySortIterator.inc
@@ -60,7 +60,7 @@ class EntrySortIterator implements Iterator
/*!
* \brief Put the array pointer to the first element
*/
- function rewind ()
+ function rewind () : void
{
reset($this->data);
}
@@ -70,7 +70,7 @@ class EntrySortIterator implements Iterator
*
* \return The current element pointed by array pointer
*/
- function current ()
+ function current () : mixed
{
return current($this->data);
}
@@ -80,7 +80,7 @@ class EntrySortIterator implements Iterator
*
* \return the key element of the array
*/
- function key ()
+ function key () : mixed
{
return key($this->data);
}
@@ -88,7 +88,7 @@ class EntrySortIterator implements Iterator
/*!
* \brief Get the next data element
*/
- function next ()
+ function next () : void
{
next($this->data);
}
@@ -98,7 +98,7 @@ class EntrySortIterator implements Iterator
*
* \return TRUE if the array is valid, return FALSE otherwise
*/
- function valid ()
+ function valid () : bool
{
return (key($this->data) !== NULL);
}
diff --git a/include/management/class_ListingEntry.inc b/include/management/class_ListingEntry.inc
index 8fdc42aa5..759c6acb9 100755
--- a/include/management/class_ListingEntry.inc
+++ b/include/management/class_ListingEntry.inc
@@ -57,22 +57,22 @@ class ListingEntry implements ArrayAccess
$this->row = $row;
}
- public function offsetSet ($offset, $value)
+ public function offsetSet ($offset, $value) : void
{
$this->attrs[$offset] = $value;
}
- public function offsetExists ($offset)
+ public function offsetExists ($offset) : bool
{
return isset($this->attrs[$offset]);
}
- public function offsetUnset ($offset)
+ public function offsetUnset ($offset) : void
{
unset($this->attrs[$offset]);
}
- public function offsetGet ($offset)
+ public function offsetGet ($offset) : mixed
{
return (isset($this->attrs[$offset]) ? $this->attrs[$offset] : NULL);
}
diff --git a/include/password-methods/class_passwordMethod.inc b/include/password-methods/class_passwordMethod.inc
index 30a1b74d7..841a0889b 100755
--- a/include/password-methods/class_passwordMethod.inc
+++ b/include/password-methods/class_passwordMethod.inc
@@ -225,7 +225,7 @@ abstract class passwordMethod
static function get_available_methods (): array
{
global $class_mapping;
- $ret = FALSE;
+ $ret = [];
$i = 0;
if (!session::is_set('passwordMethod::get_available_methods')) {
--
GitLab