Inaccessible Session Directory
ToDo
const CACHE_SESSION_DIR = '/tmp';
is defined in constant.php, and currently not set via the installer.
We may use ini_get('session.save_path')
as indicator where the actual directory is, but we do not use the PHP build in session -> write value, its a nuisance that the user currently has to do this on his own.
Evaluation
I'm not sure if this is the proper way to do this, because session.save_path
can be only an indicator, it even may give you invalid values like 5;/tmp
or 2;/var/tmp
back.
It is of course possible to strip the invalid parts, however it is very unlikely that you can use this path.
-
$save_path = current(array_reverse(explode(';', $path)));
- invalid save_path or path length exceeds %d characters
- Failed to write session data (%s). Please verify that the current setting of session.save_path is correct (%s)
session.save_path = "N;MODE;/path"
Perhaps we can use ini_get('session.save_path')
directly as default when CACHE_SESSION_DIR
is not set, so both options are available.
- sanitized
session.save_path
(default) -
CACHE_SESSION_DIR
(for those who want use a different dedicated dir/path)
diff --git a/src/admin/module/system_info.php b/src/admin/module/system_info.php index 1255f31..3a38a46 100644 --- a/src/admin/module/system_info.php +++ b/src/admin/module/system_info.php @@ -84,7 +84,7 @@ $sysinfo['upload_max_filesize'] = [$engine->_t('UploadFilesizeMax'), $engine->binary_multiples($upload_max_filesize * 1024 * 1024, false, true, true)]; $sysinfo['post_max_size'] = [$engine->_t('PostMaxSize'), $engine->binary_multiples($post_max_size * 1024 * 1024, false, true, true)]; $sysinfo['max_execution_time'] = [$engine->_t('MaxExecutionTime'), get_cfg_var('max_execution_time') . ' seconds']; - $sysinfo['session_save_path'] = [$engine->_t('SessionPath'), CACHE_SESSION_DIR]; // ini_get('session.save_path') + $sysinfo['session_save_path'] = [$engine->_t('SessionPath'), CACHE_SESSION_DIR ?: current(array_reverse(explode(';', ini_get('session.save_path'))))]; $sysinfo['default_charset'] = [$engine->_t('PhpDefaultCharset'), ini_get('default_charset')]; $sysinfo['gzip_compression'] = [$engine->_t('GZipCompression'), $gzip_compression]; $sysinfo['php_extensions'] = [$engine->_t('PhpExtensions'), implode(', ',get_loaded_extensions())]; diff --git a/src/class/http.php b/src/class/http.php index 665599a..6e7b12b 100644 --- a/src/class/http.php +++ b/src/class/http.php @@ -283,7 +283,7 @@ if ($this->db->session_store == 1) { $sess = new SessionFileStore; - $sess->cf_file_path = CACHE_SESSION_DIR; + $sess->cf_file_path = CACHE_SESSION_DIR ?: current(array_reverse(explode(';', ini_get('session.save_path')))); } else { diff --git a/src/config/constants.php b/src/config/constants.php index 2a2172b..020da64 100644 --- a/src/config/constants.php +++ b/src/config/constants.php @@ -28,7 +28,7 @@ const CACHE_PAGE_DIR = '_cache/page'; const CACHE_SQL_DIR = '_cache/query'; const CACHE_TEMPLATE_DIR = '_cache/template'; -const CACHE_SESSION_DIR = '/tmp'; // '_cache/session' +const CACHE_SESSION_DIR = ''; // '/tmp', '_cache/session' const CHMOD_SAFE = 0640; // better to use 0600 in production const CHMOD_FILE = 0644; // file creation mode diff --git a/src/setup/version-check.php b/src/setup/version-check.php index 5db4341..a282071 100644 --- a/src/setup/version-check.php +++ b/src/setup/version-check.php @@ -144,6 +144,7 @@ /* Check file permissions */ + $cache_session_dir = CACHE_SESSION_DIR ?: current(array_reverse(explode(';', ini_get('session.save_path')))); // [0] - directory, file // [1] - write permissions (octal integer, precede the number with a 0 (zero)!) @@ -151,7 +152,7 @@ [CACHE_CONFIG_DIR, CHMOD_DIR], [CACHE_FEED_DIR, CHMOD_DIR], [CACHE_PAGE_DIR, CHMOD_DIR], - [CACHE_SESSION_DIR, CHMOD_DIR], + [$cache_session_dir, CHMOD_DIR], [CACHE_SQL_DIR, CHMOD_DIR], [CACHE_TEMPLATE_DIR, CHMOD_DIR], [CONFIG_FILE, CHMOD_FILE],