#6328 Fixed the "SESSION_DISABLE_INIT" by not initializing the sessio…

…n when doing small checks
pkp · Oct 26, 2021 · 4148b82 · 4148b82
1 parent 77d800b
commit 4148b82
Show file tree

Hide file tree

Showing 10 changed files with 89 additions and 111 deletions.
diff --git a/classes/cliTool/CommandLineTool.inc.php b/classes/cliTool/CommandLineTool.inc.php
@@ -36,8 +36,8 @@
 define('PWD', getcwd());
 chdir(dirname(INDEX_FILE_LOCATION)); /* Change to base directory */
 
-SessionManager::disable();
 require('./lib/pkp/includes/bootstrap.inc.php');
+SessionManager::disable();
 
 if (!isset($argc)) {
     // In PHP < 4.3.0 $argc/$argv are not automatically registered

diff --git a/classes/core/PKPRequest.inc.php b/classes/core/PKPRequest.inc.php
@@ -15,11 +15,16 @@
 
 namespace PKP\core;
 
+use APP\core\Application;
 use APP\facades\Repo;
 use PKP\config\Config;
 use PKP\db\DAORegistry;
 use PKP\plugins\HookRegistry;
+use PKP\security\Validation;
+use PKP\session\Session;
 use PKP\session\SessionManager;
+use PKP\site\Site;
+use PKP\user\User;
 
 class PKPRequest
 {
@@ -560,63 +565,45 @@ public function isRestfulUrlsEnabled()
 
     /**
      * Get site data.
-     *
-     * @return Site
      */
-    public function &getSite()
+    public function getSite(): ?Site
     {
         $site = & Registry::get('site', true, null);
-        if ($site === null) {
-            $siteDao = DAORegistry::getDAO('SiteDAO'); /** @var SiteDAO $siteDao */
-            $site = $siteDao->getSite();
-            // PHP bug? This is needed for some reason or extra queries results.
-            Registry::set('site', $site);
-        }
-
-        return $site;
+        return $site ?? $site = DAORegistry::getDAO('SiteDAO')->getSite();
     }
 
     /**
      * Get the user session associated with the current request.
-     *
-     * @return Session
      */
-    public function &getSession()
+    public function getSession(): Session
     {
         $session = & Registry::get('session', true, null);
-
-        if ($session === null) {
-            $sessionManager = SessionManager::getManager();
-            $session = $sessionManager->getUserSession();
-        }
-
-        return $session;
+        // Replace by ??= when PHP 8 is available
+        return $session ?? $session = SessionManager::getManager()->getUserSession();
     }
 
     /**
      * Get the user associated with the current request.
-     *
-     * @return User
      */
-    public function &getUser()
+    public function getUser(): ?User
     {
         $user = & Registry::get('user', true, null);
-
-        $router = $this->getRouter();
-        if (!is_null($handler = $router->getHandler()) && !is_null($token = $handler->getApiToken())) {
-            if ($user === null) {
-                $user = Repo::user()->getByApiKey($token);
-            }
-            if (is_null($user) || !$user->getData('apiKeyEnabled')) {
-                $user = null;
-            }
+        if ($user) {
             return $user;
         }
 
-        if ($user === null) {
-            $sessionManager = SessionManager::getManager();
-            $session = $sessionManager->getUserSession();
-            $user = $session->getUser();
+        // Attempt to load user from API token
+        if (($handler = $this->getRouter()->getHandler())
+            && ($token = $handler->getApiToken())
+            && ($apiUser = Repo::user()->getByApiKey($token))
+            && $apiUser->getData('apiKeyEnabled')
+        ) {
+            return $user = $apiUser;
+        }
+
+        // Attempts to retrieve a logged user
+        if (Validation::isLoggedIn()) {
+            $user = SessionManager::getManager()->getUserSession()->getUser();
         }
 
         return $user;

diff --git a/classes/handler/PKPHandler.inc.php b/classes/handler/PKPHandler.inc.php
@@ -450,7 +450,7 @@ public static function getRangeInfo($request, $rangeName, $contextData = null)
         $context = $request->getContext();
         $pageNum = $request->getUserVar(self::getPageParamName($rangeName));
         if (empty($pageNum)) {
-            $session = & $request->getSession();
+            $session = $request->getSession();
             $pageNum = 1; // Default to page 1
             if ($session && $contextData !== null) {
                 // See if we can get a page number from a prior request
@@ -467,7 +467,7 @@ public static function getRangeInfo($request, $rangeName, $contextData = null)
                 }
             }
         } else {
-            $session = & $request->getSession();
+            $session = $request->getSession();
             if ($session && $contextData !== null) {
                 // Store the page number
                 $contextHash = self::hashPageContext($request, $contextData);

diff --git a/classes/i18n/Locale.inc.php b/classes/i18n/Locale.inc.php
@@ -36,6 +36,7 @@
 use PKP\i18n\translation\LocaleBundle;
 use PKP\plugins\HookRegistry;
 use PKP\plugins\PluginRegistry;
+use PKP\security\Validation;
 use PKP\session\SessionManager;
 use RecursiveDirectoryIterator;
 use RecursiveIteratorIterator;
@@ -143,7 +144,7 @@ public function getLocale(): string
             $request = $this->_getRequest();
             $locale = $request->getUserVar('uiLocale')
                 ?: $request->getUserVar('setLocale')
-                ?: (SessionManager::isDisabled() ? null : SessionManager::getManager()->getUserSession()->getSessionVar('currentLocale'))
+                ?: (SessionManager::hasSession() ? SessionManager::getManager()->getUserSession()->getSessionVar('currentLocale') : null)
                 ?: $request->getCookieVar('currentLocale');
             $this->setLocale(in_array($locale, array_keys($this->getSupportedLocales())) ? $locale : $this->getPrimaryLocale());
         }

diff --git a/classes/security/Validation.inc.php b/classes/security/Validation.inc.php
@@ -413,17 +413,19 @@ public static function suggestUsername($givenName, $familyName = null)
     }
 
     /**
-     * Check if the user must change their password in order to log in.
+     * Check if the user is logged in.
      *
      * @return boolean
      */
     public static function isLoggedIn()
     {
+        if (!SessionManager::hasSession()) {
+            return false;
+        }
+
         $sessionManager = SessionManager::getManager();
         $session = $sessionManager->getUserSession();
-
-        $userId = $session->getUserId();
-        return isset($userId) && !empty($userId);
+        return !!$session->getUserId();
     }
 
     /**
@@ -433,11 +435,13 @@ public static function isLoggedIn()
      */
     public static function isLoggedInAs()
     {
+        if (!SessionManager::hasSession()) {
+            return false;
+        }
         $sessionManager = SessionManager::getManager();
         $session = $sessionManager->getUserSession();
         $signedInAs = $session->getSessionVar('signedInAs');
-
-        return isset($signedInAs) && !empty($signedInAs);
+        return !!$signedInAs;
     }
 
     /**

diff --git a/classes/session/Session.inc.php b/classes/session/Session.inc.php
@@ -221,7 +221,7 @@ public function setSessionData($data)
     /**
      * Get the domain with which the session is registered
      *
-     * @return array
+     * @return string
      */
     public function getDomain()
     {
@@ -231,7 +231,7 @@ public function getDomain()
     /**
      * Set the domain with which the session is registered
      *
-     * @param $data array
+     * @param $data string
      */
     public function setDomain($data)
     {