From 864a086900b92233d7cf76747828163346eabc77 Mon Sep 17 00:00:00 2001 From: Igor Scheller Date: Tue, 7 Aug 2018 02:38:41 +0200 Subject: [PATCH] Prevent object serialization in session --- includes/model/ShiftsFilter.php | 30 +++++++++++++++++++++++++++++- includes/pages/user_shifts.php | 9 +++++---- 2 files changed, 34 insertions(+), 5 deletions(-) diff --git a/includes/model/ShiftsFilter.php b/includes/model/ShiftsFilter.php index 5ad7a9b3..fe3bfa56 100644 --- a/includes/model/ShiftsFilter.php +++ b/includes/model/ShiftsFilter.php @@ -48,7 +48,7 @@ class ShiftsFilter * @param int[] $rooms * @param int[] $types */ - public function __construct($user_shifts_admin, $rooms, $types) + public function __construct($user_shifts_admin = false, $rooms = [], $types = []) { $this->rooms = $rooms; $this->types = $types; @@ -62,6 +62,34 @@ class ShiftsFilter } } + /** + * @return array + */ + public function sessionExport() + { + return [ + 'userShiftsAdmin' => $this->userShiftsAdmin, + 'filled' => $this->filled, + 'rooms' => $this->rooms, + 'types' => $this->types, + 'startTime' => $this->startTime, + 'endTime' => $this->endTime, + ]; + } + + /** + * @param array $data + */ + public function sessionImport($data) + { + $this->userShiftsAdmin = $data['userShiftsAdmin']; + $this->filled = $data['filled']; + $this->rooms = $data['rooms']; + $this->types = $data['types']; + $this->startTime = $data['startTime']; + $this->endTime = $data['endTime']; + } + /** * @return int unix timestamp */ diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php index c158ee4a..a620d081 100644 --- a/includes/pages/user_shifts.php +++ b/includes/pages/user_shifts.php @@ -177,18 +177,19 @@ function view_user_shifts() $rooms = load_rooms(); $types = load_types(); - if (!$session->has('ShiftsFilter')) { + if (!$session->has('shifts-filter')) { $room_ids = [ $rooms[0]['id'] ]; $type_ids = array_map('get_ids_from_array', $types); $shiftsFilter = new ShiftsFilter(in_array('user_shifts_admin', $privileges), $room_ids, $type_ids); - $session->set('ShiftsFilter', $shiftsFilter); + $session->set('shifts-filter', $shiftsFilter->sessionExport()); } - /** @var ShiftsFilter $shiftsFilter */ - $shiftsFilter = $session->get('ShiftsFilter'); + $shiftsFilter = new ShiftsFilter(); + $shiftsFilter->sessionImport($session->get('shifts-filter')); update_ShiftsFilter($shiftsFilter, in_array('user_shifts_admin', $privileges), $days); + $session->set('shifts-filter', $shiftsFilter->sessionExport()); $shiftCalendarRenderer = shiftCalendarRendererByShiftFilter($shiftsFilter);