Index: install.php
===================================================================
RCS file: /cvs/drupal/drupal/install.php,v
retrieving revision 1.146
diff -u -9 -p -r1.146 install.php
--- install.php 24 Nov 2008 10:41:39 -0000 1.146
+++ install.php 19 Dec 2008 19:08:56 -0000
@@ -622,19 +622,19 @@ function install_already_done_error() {
*/
function install_tasks($profile, $task) {
global $base_url, $install_locale;
// Bootstrap newly installed Drupal, while preserving existing messages.
$messages = isset($_SESSION['messages']) ? $_SESSION['messages'] : '';
drupal_install_init_database();
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
- $_SESSION['messages'] = $messages;
+ drupal_set_session('messages', $messages);
// URL used to direct page requests.
$url = $base_url . '/install.php?locale=' . $install_locale . '&profile=' . $profile;
// Build a page for final tasks.
if (empty($task)) {
variable_set('install_task', 'profile-install');
$task = 'profile-install';
}
Index: update.php
===================================================================
RCS file: /cvs/drupal/drupal/update.php,v
retrieving revision 1.267
diff -u -9 -p -r1.267 update.php
--- update.php 24 Nov 2008 10:41:39 -0000 1.267
+++ update.php 19 Dec 2008 19:08:56 -0000
@@ -287,19 +287,19 @@ function update_script_selection_form()
}
return $form;
}
function update_batch() {
global $base_url;
// During the update, toggle site maintenance so that schema changes do not
// affect visiting users.
- $_SESSION['site_offline'] = variable_get('site_offline', FALSE);
+ drupal_set_session('site_offline', variable_get('site_offline', FALSE));
if ($_SESSION['site_offline'] == FALSE) {
variable_set('site_offline', TRUE);
}
$operations = array();
// Set the installed version so updates start at the correct place.
foreach ($_POST['start'] as $module => $version) {
drupal_set_installed_schema_version($module, $version - 1);
$updates = drupal_get_schema_versions($module);
@@ -321,21 +321,21 @@ function update_batch() {
);
batch_set($batch);
batch_process($base_url . '/update.php?op=results', $base_url . '/update.php');
}
function update_finished($success, $results, $operations) {
// clear the caches in case the data has been updated.
drupal_flush_all_caches();
- $_SESSION['update_results'] = $results;
- $_SESSION['update_success'] = $success;
- $_SESSION['updates_remaining'] = $operations;
+ drupal_set_session('update_results', $results);
+ drupal_set_session('update_success', $success);
+ drupal_set_session('updates_remaining', $operations);
// Now that the update is done, we can disable site maintenance if it was
// previously turned off.
if (isset($_SESSION['site_offline']) && $_SESSION['site_offline'] == FALSE) {
variable_set('site_offline', FALSE);
unset($_SESSION['site_offline']);
}
}
Index: includes/batch.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/batch.inc,v
retrieving revision 1.28
diff -u -9 -p -r1.28 batch.inc
--- includes/batch.inc 10 Nov 2008 05:22:56 -0000 1.28
+++ includes/batch.inc 19 Dec 2008 19:08:56 -0000
@@ -350,19 +350,19 @@ function _batch_finished() {
// Let drupal_redirect_form handle redirection logic.
$form = isset($batch['form']) ? $batch['form'] : array();
if (empty($_batch['form_state']['rebuild']) && empty($_batch['form_state']['storage'])) {
drupal_redirect_form($form, $redirect);
}
// We get here if $form['#redirect'] was FALSE, or if the form is a
// multi-step form. We save the final $form_state value to be retrieved
// by drupal_get_form, and we redirect to the originating page.
- $_SESSION['batch_form_state'] = $_batch['form_state'];
+ drupal_set_session('batch_form_state', $_batch['form_state']);
drupal_goto($_batch['source_page']);
}
}
/**
* Shutdown function: store the batch data for next request,
* or clear the table if the batch is finished.
*/
function _batch_shutdown() {
Index: includes/bootstrap.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/bootstrap.inc,v
retrieving revision 1.257
diff -u -9 -p -r1.257 bootstrap.inc
--- includes/bootstrap.inc 3 Dec 2008 14:51:53 -0000 1.257
+++ includes/bootstrap.inc 19 Dec 2008 19:08:56 -0000
@@ -648,35 +648,53 @@ function variable_del($name) {
cache_clear_all('variables', 'cache');
unset($conf[$name]);
}
/**
* Retrieve the current page from the cache.
*
- * Note: we do not serve cached pages when status messages are waiting (from
- * a redirected form submission which was completed).
+ * Note: we do not serve cached pages to authenticated users, or to anonymous
+ * users when $_SESSION is non-empty. $_SESSSION may contain status messages
+ * from a form submission, the contents of a shopping cart, or other user-
+ * specific content that should not be cached and displayed to other users.
+ *
+ * @param $retrieve
+ * If TRUE, look up and return the current page in the cache, or start output
+ * buffering if the conditions for caching are satisfied. If FALSE, only
+ * return a boolean value indicating whether the current request may be
+ * cached.
+ * @return
+ * The cache object, if the page was found in the cache; TRUE if the page was
+ * not found, but output buffering was started in order to possibly cache the
+ * current request; FALSE if the page was not found, and the current request
+ * may not be cached (e.g. because it belongs to an authenticated user). If
+ * $fetch is TRUE, only return either TRUE or FALSE.
*/
-function page_get_cache() {
+function page_get_cache($retrieve) {
global $user, $base_root;
+ static $ob_started = FALSE;
- $cache = NULL;
-
- if (!$user->uid && ($_SERVER['REQUEST_METHOD'] == 'GET' || $_SERVER['REQUEST_METHOD'] == 'HEAD') && count(drupal_set_message()) == 0) {
+ if ($user->uid || ($_SERVER['REQUEST_METHOD'] != 'GET' && $_SERVER['REQUEST_METHOD'] != 'HEAD') || count(drupal_get_messages(NULL, FALSE))) {
+ return FALSE;
+ }
+ if ($retrieve) {
$cache = cache_get($base_root . request_uri(), 'cache_page');
-
- if (empty($cache)) {
+ if ($cache) {
+ return $cache;
+ }
+ else {
ob_start();
+ $ob_started = TRUE;
}
}
-
- return $cache;
+ return $ob_started;
}
/**
* Includes a file with the provided type and name. This prevents
* including a theme, engine, module, etc., more than once.
*
* @param $type
* The type of item to load (i.e. theme, theme_engine, module).
* @param $name
@@ -932,19 +950,19 @@ function watchdog($type, $message, $vari
* - 'warning'
* - 'error'
* @param $repeat
* If this is FALSE and the message is already set, then the message won't
* be repeated.
*/
function drupal_set_message($message = NULL, $type = 'status', $repeat = TRUE) {
if ($message) {
if (!isset($_SESSION['messages'])) {
- $_SESSION['messages'] = array();
+ drupal_set_session('messages', array());
}
if (!isset($_SESSION['messages'][$type])) {
$_SESSION['messages'][$type] = array();
}
if ($repeat || !in_array($message, $_SESSION['messages'][$type])) {
$_SESSION['messages'][$type][] = $message;
}
@@ -1069,19 +1087,19 @@ function drupal_bootstrap($phase = NULL)
* drupal_bootstrap().
*
* @see drupal_bootstrap
*/
function drupal_get_bootstrap_phase() {
return drupal_bootstrap();
}
function _drupal_bootstrap($phase) {
- global $conf;
+ global $conf, $user;
switch ($phase) {
case DRUPAL_BOOTSTRAP_CONFIGURATION:
drupal_initialize_variables();
// Start a page timer:
timer_start('page');
// Initialize the configuration
conf_init();
@@ -1115,48 +1133,68 @@ function _drupal_bootstrap($phase) {
header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
print 'Sorry, ' . check_plain(ip_address()) . ' has been banned.';
exit();
}
break;
case DRUPAL_BOOTSTRAP_SESSION:
require_once DRUPAL_ROOT . '/' . variable_get('session_inc', 'includes/session.inc');
session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy_sid', '_sess_gc');
- session_start();
+ // If a session cookie exists, initialize the session. Otherwise the
+ // session is only started on demand in drupal_session_start(), making
+ // anonymous users not use a session cookie unless something is stored in
+ // $_SESSION. This allows HTTP proxies to cache anonymous pageviews.
+ if (isset($_COOKIE[session_name()])) {
+ drupal_session_start();
+ }
+ else {
+ $user = drupal_anonymous_user();
+ }
break;
case DRUPAL_BOOTSTRAP_VARIABLES:
// Initialize configuration variables, using values from settings.php if available.
$conf = variable_init(isset($conf) ? $conf : array());
break;
case DRUPAL_BOOTSTRAP_LATE_PAGE_CACHE:
$cache_mode = variable_get('cache', CACHE_DISABLED);
// Get the page from the cache.
- $cache = $cache_mode == CACHE_DISABLED ? '' : page_get_cache();
+ $cache = $cache_mode == CACHE_DISABLED ? FALSE : page_get_cache(TRUE);
// If the skipping of the bootstrap hooks is not enforced, call hook_boot.
- if (!$cache || $cache_mode != CACHE_AGGRESSIVE) {
+ if (!is_object($cache) || $cache_mode != CACHE_AGGRESSIVE) {
// Load module handling.
require_once DRUPAL_ROOT . '/includes/module.inc';
module_invoke_all('boot');
}
// If there is a cached page, display it.
- if ($cache) {
+ if (is_object($cache)) {
+ // Destroy empty anonymous sessions.
+ if (drupal_session_is_started() && empty($_SESSION)) {
+ session_destroy();
+ }
drupal_page_cache_header($cache);
// If the skipping of the bootstrap hooks is not enforced, call hook_exit.
if ($cache_mode != CACHE_AGGRESSIVE) {
module_invoke_all('exit');
}
// We are done.
exit;
}
// Prepare for non-cached page workflow.
drupal_page_header();
+ // If the session has not already been started and output buffering is
+ // not enabled, the session must be started now before the HTTP headers
+ // are sent. If output buffering is enabled, the session may be started
+ // at any time using drupal_session_start().
+ if ($cache === FALSE) {
+ drupal_session_start();
+ }
break;
case DRUPAL_BOOTSTRAP_LANGUAGE:
drupal_init_language();
break;
case DRUPAL_BOOTSTRAP_PATH:
require_once DRUPAL_ROOT . '/includes/path.inc';
// Initialize $_GET['q'] prior to loading modules and invoking hook_init().
Index: includes/common.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/common.inc,v
retrieving revision 1.837
diff -u -9 -p -r1.837 common.inc
--- includes/common.inc 12 Dec 2008 16:07:13 -0000 1.837
+++ includes/common.inc 19 Dec 2008 19:08:56 -0000
@@ -333,21 +333,23 @@ function drupal_goto($path = '', $query
// Remove newlines from the URL to avoid header injection attacks.
$url = str_replace(array("\n", "\r"), '', $url);
// Allow modules to react to the end of the page request before redirecting.
// We do not want this while running update.php.
if (!defined('MAINTENANCE_MODE') || MAINTENANCE_MODE != 'update') {
module_invoke_all('exit', $url);
}
- // Even though session_write_close() is registered as a shutdown function, we
- // need all session data written to the database before redirecting.
- session_write_close();
+ if (drupal_session_start(FALSE)) {
+ // Even though session_write_close() is registered as a shutdown function,
+ // we need all session data written to the database before redirecting.
+ session_write_close();
+ }
header('Location: ' . $url, TRUE, $http_response_code);
// The "Location" header sends a redirect status code to the HTTP daemon. In
// some cases this can be wrong, so we make sure none of the code below the
// drupal_goto() call gets executed upon redirection.
exit();
}
@@ -1765,18 +1767,24 @@ function l($text, $path, array $options
}
/**
* Perform end-of-request tasks.
*
* This function sets the page cache if appropriate, and allows modules to
* react to the closing of the page by calling hook_exit().
*/
function drupal_page_footer() {
+ global $user;
+
+ // Destroy empty anonymous sessions if possible.
+ if (!headers_sent() && drupal_session_is_started() && empty($_SESSION) && !$user->uid) {
+ session_destroy();
+ }
if (variable_get('cache', CACHE_DISABLED) != CACHE_DISABLED) {
page_set_cache();
}
module_invoke_all('exit');
module_implements(MODULE_IMPLEMENTS_WRITE_CACHE);
_registry_check_code(REGISTRY_WRITE_LOOKUP_CACHE);
@@ -2905,38 +2913,36 @@ function _drupal_bootstrap_full() {
* The majority of all modern browsers support gzip or both of them.
* We thus only deal with the gzip variant and unzip the cache in case
* the browser does not accept gzip encoding.
*
* @see drupal_page_header
*/
function page_set_cache() {
global $user, $base_root;
- if (!$user->uid && ($_SERVER['REQUEST_METHOD'] == 'GET' || $_SERVER['REQUEST_METHOD'] == 'HEAD') && count(drupal_get_messages(NULL, FALSE)) == 0) {
- // This will fail in some cases, see page_get_cache() for the explanation.
- if ($data = ob_get_contents()) {
- $cache = TRUE;
- if (variable_get('page_compression', TRUE) && function_exists('gzencode')) {
- // We do not store the data in case the zlib mode is deflate.
- // This should be rarely happening.
- if (zlib_get_coding_type() == 'deflate') {
- $cache = FALSE;
- }
- elseif (zlib_get_coding_type() == FALSE) {
- $data = gzencode($data, 9, FORCE_GZIP);
- }
- // The remaining case is 'gzip' which means the data is
- // already compressed and nothing left to do but to store it.
- }
- ob_end_flush();
- if ($cache && $data) {
- cache_set($base_root . request_uri(), $data, 'cache_page', CACHE_TEMPORARY, drupal_get_headers());
- }
+ if (page_get_cache(FALSE)) {
+ $cache = TRUE;
+ $data = ob_get_contents();
+ if (variable_get('page_compression', TRUE) && function_exists('gzencode')) {
+ // We do not store the data in case the zlib mode is deflate. This should
+ // be rarely happening.
+ if (zlib_get_coding_type() == 'deflate') {
+ $cache = FALSE;
+ }
+ elseif (zlib_get_coding_type() == FALSE) {
+ $data = gzencode($data, 9, FORCE_GZIP);
+ }
+ // The remaining case is 'gzip' which means the data is already
+ // compressed and nothing left to do but to store it.
+ }
+ ob_end_flush();
+ if ($cache && $data) {
+ cache_set($base_root . request_uri(), $data, 'cache_page', CACHE_TEMPORARY, drupal_get_headers());
}
}
}
/**
* Executes a cron run when called
* @return
* Returns TRUE if ran successfully
*/
Index: includes/form.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/form.inc,v
retrieving revision 1.308
diff -u -9 -p -r1.308 form.inc
--- includes/form.inc 3 Dec 2008 16:32:21 -0000 1.308
+++ includes/form.inc 19 Dec 2008 19:08:57 -0000
@@ -2471,19 +2471,19 @@ function form_clean_id($id = NULL, $flus
* }
* else {
* $message = t('Finished with an error.');
* }
* drupal_set_message($message);
* // Providing data for the redirected page is done through $_SESSION.
* foreach ($results as $result) {
* $items[] = t('Loaded node %title.', array('%title' => $result));
* }
- * $_SESSION['my_batch_results'] = $items;
+ * drupal_set_session('my_batch_results', $items);
* }
* @endcode
*/
/**
* Open a new batch.
*
* @param $batch
* An array defining the batch. The following keys can be used:
Index: includes/session.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/session.inc,v
retrieving revision 1.64
diff -u -9 -p -r1.64 session.inc
--- includes/session.inc 24 Nov 2008 06:12:45 -0000 1.64
+++ includes/session.inc 19 Dec 2008 19:08:57 -0000
@@ -118,23 +118,22 @@ function _sess_read($key) {
* Session ID.
* @param $value
* Serialized array of the session data.
* @return
* This function will always return TRUE.
*/
function _sess_write($key, $value) {
global $user;
- // If saving of session data is disabled or if the client doesn't have a session,
- // and one isn't being created ($value), do nothing. This keeps crawlers out of
- // the session table. This reduces memory and server load, and gives more useful
- // statistics. We can't eliminate anonymous session table rows without breaking
- // the "Who's Online" block.
+ // If saving of session data is disabled, or if a new empty anonymous session
+ // has been started, do nothing. This keeps anonymous users, including
+ // crawlers, out of the session table, unless they actually have something
+ // stored in $_SESSION.
if (!drupal_save_session() || ($user->uid == 0 && empty($_COOKIE[session_name()]) && empty($value))) {
return TRUE;
}
db_merge('sessions')
->key(array('sid' => $key))
->fields(array(
'uid' => $user->uid,
'cache' => isset($user->cache) ? $user->cache : 0,
@@ -153,18 +152,77 @@ function _sess_write($key, $value) {
))
->condition('uid', $user->uid)
->execute();
}
return TRUE;
}
/**
+ * Propagate $_SESSION and set session cookie if not already set. This function
+ * should be called before writing to $_SESSION, usually via
+ * drupal_set_session().
+ *
+ * @param $start
+ * If FALSE, the session is not actually started. This is only used by
+ * drupal_session_is_started().
+ * @return
+ * TRUE if session has already been started, or FALSE if it has not.
+ */
+function drupal_session_start($start = TRUE) {
+ static $started = FALSE;
+ if ($start && !$started) {
+ $started = TRUE;
+ session_start();
+ }
+ return $started;
+}
+
+/**
+ * Return whether a session has been started and the $_SESSION variable is
+ * available.
+ */
+function drupal_session_is_started() {
+ return drupal_session_start(FALSE);
+}
+
+/**
+ * Get a session variable. The variable is also accessible via
+ * $_SESSION[$name].
+ *
+ * @param $name
+ * The name of the variable to set.
+ * @return
+ * The value of the variable, or FALSE if the variable is not set.
+ */
+function drupal_get_session($name) {
+ return isset($_SESSION[$name]) ? $_SESSION[$name] : FALSE;
+}
+
+/**
+ * Set a session variable. The variable becomes accessible via $_SESSION[$name]
+ * in the current and later requests. If there is no active PHP session prior
+ * to the call, one is started automatically.
+ *
+ * Anonymous users generate less server load if their $_SESSION variable is
+ * empty, so unused entries should be unset using unset($_SESSION['foo']).
+ *
+ * @param $name
+ * The name of the variable to set.
+ * @param $value
+ * The value to set.
+ */
+function drupal_set_session($name, $value) {
+ drupal_session_start();
+ $_SESSION[$name] = $value;
+}
+
+/**
* Called when an anonymous user becomes authenticated or vice-versa.
*/
function drupal_session_regenerate() {
$old_session_id = session_id();
extract(session_get_cookie_params());
// Set "httponly" to TRUE to reduce the risk of session stealing via XSS.
session_set_cookie_params($lifetime, $path, $domain, $secure, TRUE);
session_regenerate_id();
db_update('sessions')
@@ -205,18 +263,21 @@ function drupal_session_count($timestamp
* Cleanup a specific session.
*
* @param string $sid
* Session ID.
*/
function _sess_destroy_sid($sid) {
db_delete('sessions')
->condition('sid', $sid)
->execute();
+ // Unset cookie.
+ extract(session_get_cookie_params());
+ setcookie(session_name(), '', time() - 3600, $path, $domain, $secure, $httponly);
}
/**
* End a specific user's session(s).
*
* @param string $uid
* User ID.
*/
function drupal_session_destroy_uid($uid) {
Index: modules/book/book.install
===================================================================
RCS file: /cvs/drupal/drupal/modules/book/book.install,v
retrieving revision 1.24
diff -u -9 -p -r1.24 book.install
--- modules/book/book.install 15 Nov 2008 13:01:05 -0000 1.24
+++ modules/book/book.install 19 Dec 2008 19:08:57 -0000
@@ -123,20 +123,20 @@ function book_update_6000() {
db_create_table($ret, 'book_temp', $schema['book_temp']);
// Insert each node in the old table into the temporary table.
$ret[] = update_sql("INSERT INTO {book_temp} (nid, parent, weight) SELECT b.nid, b.parent, b.weight FROM {book} b INNER JOIN {node} n on b.vid = n.vid");
$ret[] = update_sql("DROP TABLE {book}");
db_create_table($ret, 'book', $schema['book']);
- $_SESSION['book_update_6000_orphans']['from'] = 0;
- $_SESSION['book_update_6000'] = array();
+ drupal_set_session('book_update_6000_orphans', array('from' => 0));
+ drupal_set_session('book_update_6000', array());
$result = db_query("SELECT * from {book_temp} WHERE parent = 0");
// Collect all books - top-level nodes.
while ($a = db_fetch_array($result)) {
$_SESSION['book_update_6000'][] = $a;
}
$ret['#finished'] = FALSE;
return $ret;
}
Index: modules/dblog/dblog.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/dblog/dblog.admin.inc,v
retrieving revision 1.8
diff -u -9 -p -r1.8 dblog.admin.inc
--- modules/dblog/dblog.admin.inc 19 Jul 2008 07:44:45 -0000 1.8
+++ modules/dblog/dblog.admin.inc 19 Dec 2008 19:08:57 -0000
@@ -255,20 +255,22 @@ function _dblog_format_message($dblog) {
/**
* Return form for dblog administration filters.
*
* @ingroup forms
* @see dblog_filter_form_submit()
* @see dblog_filter_form_validate()
*/
function dblog_filter_form() {
+ if (!isset($_SESSION['dblog_overview_filter'])) {
+ drupal_set_session('dblog_overview_filter', array());
+ }
$session = &$_SESSION['dblog_overview_filter'];
- $session = is_array($session) ? $session : array();
$filters = dblog_filters();
$form['filters'] = array(
'#type' => 'fieldset',
'#title' => t('Filter log messages'),
'#theme' => 'dblog_filters',
'#collapsible' => TRUE,
'#collapsed' => empty($session),
);
@@ -312,19 +314,22 @@ function dblog_filter_form_validate($for
* Process result from dblog administration filter form.
*/
function dblog_filter_form_submit($form, &$form_state) {
$op = $form_state['values']['op'];
$filters = dblog_filters();
switch ($op) {
case t('Filter'):
foreach ($filters as $name => $filter) {
if (isset($form_state['values'][$name])) {
+ if (!isset($_SESSION['dblog_overview_filter'])) {
+ drupal_set_session('dblog_overview_filter', array());
+ }
$_SESSION['dblog_overview_filter'][$name] = $form_state['values'][$name];
}
}
break;
case t('Reset'):
- $_SESSION['dblog_overview_filter'] = array();
+ drupal_set_session('dblog_overview_filter', array());
break;
}
return 'admin/reports/dblog';
}
Index: modules/node/node.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/node/node.admin.inc,v
retrieving revision 1.30
diff -u -9 -p -r1.30 node.admin.inc
--- modules/node/node.admin.inc 22 Nov 2008 14:09:41 -0000 1.30
+++ modules/node/node.admin.inc 19 Dec 2008 19:08:57 -0000
@@ -196,20 +196,22 @@ function node_build_filter_query() {
$where = count($where) ? 'WHERE ' . implode(' AND ', $where) : '';
return array('where' => $where, 'join' => $join, 'args' => $args);
}
/**
* Return form for node administration filters.
*/
function node_filter_form() {
+ if (!isset($_SESSION['node_overview_filter'])) {
+ drupal_set_session('node_overview_filter', array());
+ }
$session = &$_SESSION['node_overview_filter'];
- $session = is_array($session) ? $session : array();
$filters = node_filters();
$i = 0;
$form['filters'] = array(
'#type' => 'fieldset',
'#title' => t('Show only items where'),
'#theme' => 'node_filters',
);
$form['#submit'][] = 'node_filter_form_submit';
@@ -312,27 +314,30 @@ function node_filter_form_submit($form,
case t('Filter'):
case t('Refine'):
if (isset($form_state['values']['filter'])) {
$filter = $form_state['values']['filter'];
// Flatten the options array to accommodate hierarchical/nested options.
$flat_options = form_options_flatten($filters[$filter]['options']);
if (isset($flat_options[$form_state['values'][$filter]])) {
+ if (!isset($_SESSION['node_overview_filter'])) {
+ drupal_set_session('node_overview_filter', array());
+ }
$_SESSION['node_overview_filter'][] = array($filter, $form_state['values'][$filter]);
}
}
break;
case t('Undo'):
array_pop($_SESSION['node_overview_filter']);
break;
case t('Reset'):
- $_SESSION['node_overview_filter'] = array();
+ drupal_set_session('node_overview_filter', array());
break;
}
}
/**
* Make mass update of nodes, changing all nodes in the $nodes array
* to update them with the field values in $updates.
*
* IMPORTANT NOTE: This function is intended to work when called
Index: modules/openid/openid.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/openid/openid.module,v
retrieving revision 1.33
diff -u -9 -p -r1.33 openid.module
--- modules/openid/openid.module 22 Nov 2008 10:32:42 -0000 1.33
+++ modules/openid/openid.module 19 Dec 2008 19:08:57 -0000
@@ -155,18 +155,21 @@ function openid_begin($claimed_id, $retu
$claimed_id = _openid_normalize($claimed_id);
$services = openid_discovery($claimed_id);
if (count($services) == 0) {
form_set_error('openid_identifier', t('Sorry, that is not a valid OpenID. Please ensure you have spelled your ID correctly.'));
return;
}
// Store discovered information in the users' session so we don't have to rediscover.
+ if (!isset($_SESSION['openid'])) {
+ drupal_set_session('openid', array());
+ }
$_SESSION['openid']['service'] = $services[0];
// Store the claimed id
$_SESSION['openid']['claimed_id'] = $claimed_id;
// Store the login form values so we can pass them to
// user_exteral_login later.
$_SESSION['openid']['user_login_values'] = $form_values;
$op_endpoint = $services[0]['uri'];
// If bcmath is present, then create an association
@@ -403,18 +406,21 @@ function openid_authentication($response
$form_state['values']['status'] = variable_get('user_register', 1) == 1;
$form_state['values']['response'] = $response;
$form = drupal_retrieve_form('user_register', $form_state);
drupal_prepare_form('user_register', $form, $form_state);
drupal_validate_form('user_register', $form, $form_state);
if (form_get_errors()) {
// We were unable to register a valid new user, redirect to standard
// user/register and prefill with the values we received.
drupal_set_message(t('OpenID registration failed for the reasons listed. You may register now, or if you already have an account you can log in now and add your OpenID under "My Account"', array('@login' => url('user/login'))), 'error');
+ if (!isset($_SESSION['openid'])) {
+ drupal_set_session('openid', array());
+ }
$_SESSION['openid']['values'] = $form_state['values'];
// We'll want to redirect back to the same place.
$destination = drupal_get_destination();
unset($_REQUEST['destination']);
drupal_goto('user/register', $destination);
}
else {
unset($form_state['values']['response']);
$account = user_save('', $form_state['values']);
Index: modules/simpletest/drupal_web_test_case.php
===================================================================
RCS file: /cvs/drupal/drupal/modules/simpletest/drupal_web_test_case.php,v
retrieving revision 1.75
diff -u -9 -p -r1.75 drupal_web_test_case.php
--- modules/simpletest/drupal_web_test_case.php 18 Dec 2008 00:42:55 -0000 1.75
+++ modules/simpletest/drupal_web_test_case.php 19 Dec 2008 19:08:57 -0000
@@ -886,20 +886,21 @@ class DrupalWebTestCase {
}
// Return the database prefix to the original.
$db_prefix = $this->originalPrefix;
// Return the user to the original one.
$user = $this->originalUser;
drupal_save_session(TRUE);
- // Ensure that the internal logged in variable is reset.
+ // Ensure that internal logged in variable and cURL options are reset.
$this->isLoggedIn = FALSE;
+ $this->additionalCurlOptions = array();
// Reload module list and implementations to ensure that test module hooks
// aren't called after tests.
module_list(TRUE);
module_implements(MODULE_IMPLEMENTS_CLEAR_CACHE);
// Rebuild caches.
$this->refreshVariables();
Index: modules/simpletest/simpletest.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/simpletest/simpletest.module,v
retrieving revision 1.29
diff -u -9 -p -r1.29 simpletest.module
--- modules/simpletest/simpletest.module 26 Nov 2008 13:48:49 -0000 1.29
+++ modules/simpletest/simpletest.module 19 Dec 2008 19:08:57 -0000
@@ -431,19 +431,19 @@ function _simpletest_batch_operation($te
// The test_id is the only thing we need to save for the report page.
$context['results']['test_id'] = $test_id;
// Multistep processing: report progress.
$context['finished'] = 1 - $size / $max;
}
function _simpletest_batch_finished($success, $results, $operations) {
if (isset($results['test_id'])) {
- $_SESSION['test_id'] = $results['test_id'];
+ drupal_set_session('test_id', $results['test_id']);
}
if ($success) {
drupal_set_message(t('The tests have finished running.'));
}
else {
drupal_set_message(t('The tests did not successfully finish.'), 'error');
}
}
Index: modules/simpletest/tests/session.test
===================================================================
RCS file: /cvs/drupal/drupal/modules/simpletest/tests/session.test,v
retrieving revision 1.9
diff -u -9 -p -r1.9 session.test
--- modules/simpletest/tests/session.test 18 Dec 2008 00:42:55 -0000 1.9
+++ modules/simpletest/tests/session.test 19 Dec 2008 19:08:57 -0000
@@ -140,25 +140,122 @@ class SessionTestCase extends DrupalWebT
// Test authenticated count.
$this->assertEqual($authenticated, $this->session_count_authenticated, t('Correctly counted @count authenticated sessions.', array('@count' => $authenticated)), t('Session'));
// Should return 0 sessions from 1 second from now.
$this->assertEqual(drupal_session_count(time() + 1), 0, t('Correctly returned 0 sessions newer than the current time.'), t('Session'));
}
/**
+ * Test that empty anonymous sessions are destroyed.
+ */
+ function testEmptyAnonymousSession() {
+ // With caching disabled, a session is always started.
+ $this->drupalGet('');
+ $this->assertSessionCookie(FALSE);
+ $this->assertSessionStarted(TRUE);
+ $this->assertSessionEmpty(TRUE);
+
+ variable_set('cache', CACHE_NORMAL);
+
+ // During this request the session is destroyed in drupal_page_footer(),
+ // and the session cookie is unset.
+ $this->drupalGet('');
+ $this->assertSessionCookie(TRUE);
+ $this->assertSessionStarted(TRUE);
+ $this->assertSessionEmpty(TRUE);
+ $this->assertFalse($this->drupalGetHeader('ETag'), t('Page was not cached.'));
+ // When PHP deletes a cookie, it sends "Set-Cookie: cookiename=deleted;
+ // expires=..."
+ $this->assertTrue(preg_match('/SESS\w+=deleted/', $this->drupalGetHeader('Set-Cookie')), t('Session cookie was deleted.'));
+
+ // Verify that the session cookie was actually deleted.
+ $this->drupalGet('');
+ $this->assertSessionCookie(FALSE);
+ $this->assertSessionStarted(FALSE);
+ $this->assertFalse($this->drupalGetHeader('Set-Cookie'), t('New session was not started.'));
+
+ // Start a new session by setting a message.
+ $this->drupalGet('session-test/set-message');
+ $this->assertSessionCookie(FALSE);
+ $this->assertSessionStarted(FALSE);
+ $this->assertTrue($this->drupalGetHeader('Set-Cookie'), t('New session was started.'));
+
+ // Display the message.
+ $this->drupalGet('');
+ $this->assertSessionCookie(TRUE);
+ $this->assertSessionStarted(TRUE);
+ $this->assertSessionEmpty(FALSE);
+ $this->assertFalse($this->drupalGetHeader('ETag'), t('Page was not cached.'));
+ $this->assertText(t('This is a dummy message.'), t('Message was displayed.'));
+
+ // During this request the session is destroyed in _drupal_bootstrap(),
+ // and the session cookie is unset.
+ $this->drupalGet('');
+ $this->assertSessionCookie(TRUE);
+ $this->assertSessionStarted(TRUE);
+ $this->assertSessionEmpty(TRUE);
+ $this->assertTrue($this->drupalGetHeader('ETag'), t('Page was cached.'));
+ $this->assertNoText(t('This is a dummy message.'), t('Message was not cached.'));
+ $this->assertTrue(preg_match('/SESS\w+=deleted/', $this->drupalGetHeader('Set-Cookie')), t('Session cookie was deleted.'));
+
+ // Verify that session was destroyed.
+ $this->drupalGet('');
+ $this->assertSessionCookie(FALSE);
+ $this->assertSessionStarted(FALSE);
+ $this->assertTrue($this->drupalGetHeader('ETag'), t('Page was cached.'));
+ $this->assertFalse($this->drupalGetHeader('Set-Cookie'), t('New session was not started.'));
+ }
+
+ /**
* Reset the cookie file so that it refers to the specified user.
*
* @param $uid User id to set as the active session.
*/
function sessionReset($uid = 0) {
// Close the internal browser.
$this->curlClose();
// Change cookie file for user.
$this->cookieFile = file_directory_temp() . '/cookie.' . $uid . '.txt';
$this->additionalCurlOptions[CURLOPT_COOKIEFILE] = $this->cookieFile;
$this->additionalCurlOptions[CURLOPT_COOKIESESSION] = TRUE;
$this->drupalGet('session-test/get');
$this->assertResponse(200, t('Session test module is correctly enabled.'), t('Session'));
}
+
+ /**
+ * Assert whether the SimpleTest browser sent a session cookie.
+ */
+ function assertSessionCookie($sent) {
+ if ($sent) {
+ $this->assertIdentical($this->drupalGetHeader('X-Session-Cookie'), '1', t('Session cookie was sent.'));
+ }
+ else {
+ $this->assertIdentical($this->drupalGetHeader('X-Session-Cookie'), '0', t('Session cookie was not sent.'));
+ }
+ }
+
+ /**
+ * Assert whether session was started during the bootstrap process.
+ */
+ function assertSessionStarted($started) {
+ if ($started) {
+ $this->assertIdentical($this->drupalGetHeader('X-Session-Started'), '1', t('Session was started.'));
+ }
+ else {
+ $this->assertIdentical($this->drupalGetHeader('X-Session-Started'), '0', t('Session was not started.'));
+ }
+ }
+
+ /**
+ * Assert whether $_SESSION is empty at the beginning of the request.
+ */
+ function assertSessionEmpty($empty) {
+ if ($empty) {
+ $this->assertIdentical($this->drupalGetHeader('X-Session-Empty'), '1', t('Session was empty.'));
+ }
+ else {
+ $this->assertIdentical($this->drupalGetHeader('X-Session-Empty'), '0', t('Session was not empty.'));
+ }
+ }
}
Index: modules/simpletest/tests/session_test.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/simpletest/tests/session_test.module,v
retrieving revision 1.4
diff -u -9 -p -r1.4 session_test.module
--- modules/simpletest/tests/session_test.module 24 Nov 2008 06:12:45 -0000 1.4
+++ modules/simpletest/tests/session_test.module 19 Dec 2008 19:08:57 -0000
@@ -25,39 +25,64 @@ function session_test_menu() {
'type' => MENU_CALLBACK,
);
$items['session-test/no-set/%'] = array(
'title' => t('Disabled session set value'),
'page callback' => '_session_test_no_set',
'page arguments' => array(2),
'access arguments' => array('access content'),
'type' => MENU_CALLBACK,
);
+ $items['session-test/set-message'] = array(
+ 'title' => t('Session value'),
+ 'page callback' => '_session_test_set_message',
+ 'access arguments' => array('access content'),
+ 'type' => MENU_CALLBACK,
+ );
return $items;
}
/**
+ * Implement hook_boot().
+ */
+function session_test_boot() {
+ header('X-Session-Cookie: ' . intval(isset($_COOKIE[session_name()])));
+ header('X-Session-Started: ' . intval(drupal_session_is_started()));
+ header('X-Session-Empty: ' . intval(empty($_SESSION)));
+}
+
+/**
+ * Implement hook_init().
+ */
+function session_test_init() {
+ // hook_init() is called latter in the bootstrap process, but not in cached
+ // requests. Here the header set in hook_boot() is overwritten, so the
+ // session state is reported as late in the bootstrap process as possible.
+ header('X-Session-Started: ' . intval(drupal_session_is_started()));
+}
+
+/**
* Page callback, prints the stored session value to the screen.
*/
function _session_test_get() {
if (!empty($_SESSION['session_test_value'])) {
return t('The current value of the stored session variable is: %val', array('%val' => $_SESSION['session_test_value']));
}
else {
return "";
}
}
/**
* Page callback, stores a value in $_SESSION['session_test_value'].
*/
function _session_test_set($value) {
- $_SESSION['session_test_value'] = $value;
+ drupal_set_session('session_test_value', $value);
return t('The current value of the stored session variable has been set to %val', array('%val' => $value));
}
/**
* Menu callback: turns off session saving and then tries to save a value
* anyway.
*/
function _session_test_no_set($value) {
drupal_save_session(FALSE);
@@ -67,18 +92,29 @@ function _session_test_no_set($value) {
/**
* Menu callback: print the current session ID.
*/
function _session_test_id() {
return 'session_id:' . session_id() . "\n";
}
/**
+ * Menu callback, sets a message to me displayed on the following page.
+ */
+function _session_test_set_message() {
+ drupal_set_message(t('This is a dummy message.'));
+ print t('A message was set.');
+ // Do not return anything, so the current request does not result in a themed
+ // page with messages. The message will be displayed in the following request
+ // instead.
+}
+
+/**
* Implementation of hook_user().
*/
function session_test_user_login($edit = array(), $user = NULL) {
if ($edit['name'] == 'session_test_user') {
// Exit so we can verify that the session was regenerated
// before hook_user() was called.
exit;
}
}
Index: modules/system/system.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.admin.inc,v
retrieving revision 1.110
diff -u -9 -p -r1.110 system.admin.inc
--- modules/system/system.admin.inc 26 Nov 2008 13:54:05 -0000 1.110
+++ modules/system/system.admin.inc 19 Dec 2008 19:08:57 -0000
@@ -1318,18 +1318,30 @@ function system_logging_overview() {
* Form builder; Configure site performance settings.
*
* @ingroup forms
* @see system_settings_form()
*/
function system_performance_settings() {
$description = '' . t("The normal cache mode is suitable for most sites and does not cause any side effects. The aggressive cache mode causes Drupal to skip the loading (boot) and unloading (exit) of enabled modules when serving a cached page. This results in an additional performance boost but can cause unwanted side effects.") . '
';
+ // Check if the "Who's online" block is enabled.
+ $online_block_enabled = db_select('block')
+ ->condition('module', 'user')
+ ->condition('delta', 'online')
+ ->condition('status', 1)
+ ->countQuery()
+ ->execute()
+ ->fetchField();
+ if ($online_block_enabled) {
+ $description .= '' . t("When caching is enabled, anonymous user sessions are only saved to the database when needed, so the \"Who's online\" block does not display the number of anonymous users.") . '
';
+ }
+
$problem_modules = array_unique(array_merge(module_implements('boot'), module_implements('exit')));
sort($problem_modules);
if (count($problem_modules) > 0) {
$description .= '' . t('The following enabled modules are incompatible with aggressive mode caching and will not function properly: %modules', array('%modules' => implode(', ', $problem_modules))) . '.
';
}
else {
$description .= '' . t('Currently, all enabled modules are compatible with the aggressive caching policy. Please note, if you use aggressive caching and enable new modules, you will need to check this page again to ensure compatibility.') . '
';
}
Index: modules/system/system.install
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.install,v
retrieving revision 1.292
diff -u -9 -p -r1.292 system.install
--- modules/system/system.install 19 Dec 2008 03:55:23 -0000 1.292
+++ modules/system/system.install 19 Dec 2008 19:08:57 -0000
@@ -1902,33 +1902,33 @@ function system_update_6021() {
'secondary-links' => array(
'menu_name' => 'secondary-links',
'title' => 'Secondary links',
'description' => 'Secondary links are often used for pages like legal notices, contact details, and other secondary navigation items that play a lesser role than primary links.',
),
);
// Multi-part update
if (!isset($_SESSION['system_update_6021'])) {
db_add_field($ret, 'menu', 'converted', array('type' => 'int', 'unsigned' => TRUE, 'not null' => TRUE, 'default' => 0, 'size' => 'tiny'));
- $_SESSION['system_update_6021_max'] = db_result(db_query('SELECT COUNT(*) FROM {menu}'));
- $_SESSION['menu_menu_map'] = array(1 => 'navigation');
+ drupal_set_session('system_update_6021_max', db_result(db_query('SELECT COUNT(*) FROM {menu}')));
+ drupal_set_session('menu_menu_map', array(1 => 'navigation'));
// 0 => FALSE is for new menus, 1 => FALSE is for the navigation.
- $_SESSION['menu_item_map'] = array(0 => FALSE, 1 => FALSE);
+ drupal_set_session('menu_item_map', array(0 => FALSE, 1 => FALSE));
$table = array(
'fields' => array(
'menu_name' => array('type' => 'varchar', 'length' => 32, 'not null' => TRUE, 'default' => ''),
'title' => array('type' => 'varchar', 'length' => 255, 'not null' => TRUE, 'default' => ''),
'description' => array('type' => 'text', 'not null' => FALSE),
),
'primary key' => array('menu_name'),
);
db_create_table($ret, 'menu_custom', $table);
db_query("INSERT INTO {menu_custom} (menu_name, title, description) VALUES ('%s', '%s', '%s')", $menus['navigation']);
- $_SESSION['system_update_6021'] = 0;
+ drupal_set_session('system_update_6021', 0);
}
$limit = 50;
while ($limit-- && ($item = db_fetch_array(db_query_range('SELECT * FROM {menu} WHERE converted = 0', 0, 1)))) {
// If it's not a menu...
if ($item['pid']) {
// Let's climb up until we find an item with a converted parent.
$item_original = $item;
while ($item && !isset($_SESSION['menu_item_map'][$item['pid']])) {
Index: modules/user/user.admin.inc
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.admin.inc,v
retrieving revision 1.33
diff -u -9 -p -r1.33 user.admin.inc
--- modules/user/user.admin.inc 16 Nov 2008 15:10:49 -0000 1.33
+++ modules/user/user.admin.inc 19 Dec 2008 19:08:57 -0000
@@ -27,20 +27,22 @@ function user_admin($callback_arg = '')
}
/**
* Form builder; Return form for user administration filters.
*
* @ingroup forms
* @see user_filter_form_submit()
*/
function user_filter_form() {
+ if (!isset($_SESSION['user_overview_filter'])) {
+ drupal_set_session('user_overview_filter', array());
+ }
$session = &$_SESSION['user_overview_filter'];
- $session = is_array($session) ? $session : array();
$filters = user_filters();
$i = 0;
$form['filters'] = array(
'#type' => 'fieldset',
'#title' => t('Show only users where'),
'#theme' => 'user_filters',
);
foreach ($session as $filter) {
@@ -95,27 +97,30 @@ function user_filter_form_submit($form,
$op = $form_state['values']['op'];
$filters = user_filters();
switch ($op) {
case t('Filter'): case t('Refine'):
if (isset($form_state['values']['filter'])) {
$filter = $form_state['values']['filter'];
// Merge an array of arrays into one if necessary.
$options = $filter == 'permission' ? call_user_func_array('array_merge', $filters[$filter]['options']) : $filters[$filter]['options'];
if (isset($options[$form_state['values'][$filter]])) {
+ if (!isset($_SESSION['user_overview_filter'])) {
+ drupal_set_session('user_overview_filter', array());
+ }
$_SESSION['user_overview_filter'][] = array($filter, $form_state['values'][$filter]);
}
}
break;
case t('Undo'):
array_pop($_SESSION['user_overview_filter']);
break;
case t('Reset'):
- $_SESSION['user_overview_filter'] = array();
+ drupal_set_session('user_overview_filter', array());
break;
case t('Update'):
return;
}
$form_state['redirect'] = 'admin/user/user';
return;
}
Index: modules/user/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.module,v
retrieving revision 1.946
diff -u -9 -p -r1.946 user.module
--- modules/user/user.module 16 Dec 2008 23:57:33 -0000 1.946
+++ modules/user/user.module 19 Dec 2008 19:08:57 -0000
@@ -771,18 +771,19 @@ function user_block_configure($delta = '
'#default_value' => variable_get('user_block_whois_new_count', 5),
'#options' => drupal_map_assoc(array(1, 2, 3, 4, 5, 6, 7, 8, 9, 10)),
);
return $form;
case 'online':
$period = drupal_map_assoc(array(30, 60, 120, 180, 300, 600, 900, 1800, 2700, 3600, 5400, 7200, 10800, 21600, 43200, 86400), 'format_interval');
$form['user_block_seconds_online'] = array('#type' => 'select', '#title' => t('User activity'), '#default_value' => variable_get('user_block_seconds_online', 900), '#options' => $period, '#description' => t('A user is considered online for this long after they have last viewed a page.'));
$form['user_block_max_list_count'] = array('#type' => 'select', '#title' => t('User list length'), '#default_value' => variable_get('user_block_max_list_count', 10), '#options' => drupal_map_assoc(array(0, 5, 10, 15, 20, 25, 30, 40, 50, 75, 100)), '#description' => t('Maximum number of currently online users to display.'));
+ $form['user_block_cache'] = array('#markup' => 'If page caching is disabled, the block shows the number of anonymous and authenticated users, respectively. If page caching is enabled, only the number of authenticated users is displayed.
');
return $form;
}
}
/**
* Implementation of hook_block_save().
*/
function user_block_save($delta = '', $edit = array()) {
global $user;
@@ -836,27 +837,33 @@ function user_block_view($delta = '') {
return $block;
case 'online':
if (user_access('access content')) {
// Count users active within the defined period.
$interval = REQUEST_TIME - variable_get('user_block_seconds_online', 900);
// Perform database queries to gather online user lists. We use s.timestamp
// rather than u.access because it is much faster.
- $anonymous_count = drupal_session_count($interval);
$authenticated_count = db_query("SELECT COUNT(DISTINCT s.uid) FROM {sessions} s WHERE s.timestamp >= :timestamp AND s.uid > 0", array(':timestamp' => $interval))->fetchField();
- // Format the output with proper grammar.
- if ($anonymous_count == 1 && $authenticated_count == 1) {
- $output = t('There is currently %members and %visitors online.', array('%members' => format_plural($authenticated_count, '1 user', '@count users'), '%visitors' => format_plural($anonymous_count, '1 guest', '@count guests')));
- }
- else {
- $output = t('There are currently %members and %visitors online.', array('%members' => format_plural($authenticated_count, '1 user', '@count users'), '%visitors' => format_plural($anonymous_count, '1 guest', '@count guests')));
+ // When page caching is enabled, sessions are only created for
+ // anonymous users when needed.
+ if (variable_get('cache', CACHE_DISABLED) == CACHE_DISABLED) {
+ $anonymous_count = drupal_session_count($interval);
+ // Format the output with proper grammar.
+ if ($anonymous_count == 1 && $authenticated_count == 1) {
+ $output = t('There is currently %members and %visitors online.', array('%members' => format_plural($authenticated_count, '1 user', '@count users'), '%visitors' => format_plural($anonymous_count, '1 guest', '@count guests')));
+ }
+ else {
+ $output = t('There are currently %members and %visitors online.', array('%members' => format_plural($authenticated_count, '1 user', '@count users'), '%visitors' => format_plural($anonymous_count, '1 guest', '@count guests')));
+ }
+ } else {
+ $output = format_plural($authenticated_count, 'There is currently 1 user online.', 'There are currently @count users online.');
}
// Display a list of currently online users.
$max_users = variable_get('user_block_max_list_count', 10);
if ($authenticated_count && $max_users) {
$items = db_query_range('SELECT u.uid, u.name, MAX(s.timestamp) AS max_timestamp FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.timestamp >= :interval AND s.uid > 0 GROUP BY u.uid, u.name ORDER BY max_timestamp DESC', array(':interval' => $interval), 0, $max_users)->fetchAll();
$output .= theme('user_list', $items, t('Online users'));
}