1
zer0fill
Xoops IS parsing our session objects (FIX INSIDE)
  • 2004/1/2 7:16

  • zer0fill

  • Not too shy to talk

  • Posts: 137

  • Since: 2003/12/2


The FIX 2 posts down has been reported in the bugs forum.

I'm having one hell of a time debugging a module. whenever i serialize an object that has single quote (') attributes, the object either gets array(), unset, or never saves the info.

having tested the object right after serializing it to the session shows the single-quotes are still there, but after it finishes loading the page to be used again (it sends a header('page.php');die(); right after serializing), the error pops up.

does XOOPS perform some kind of security check on all objects in the session? i'm pretty sure it's somewhere hidden deep in my code (it's a port from a stand-alone smarty app) but thought i'd give it a shot to see if it was really XOOPS doing something so i can stop pulling my hair out.

thanks all :)

fwiw, i'm saving it like
$_SESSION['mymodule']['obj'] = serialize($obj);
header('Location: edit.php?'.SID.'&action=edit');die();

btw, it works fine if the user doesn't type in a single-quote and works fine on the pre-xoops site (with or without single-quotes).

2
zer0fill
Re: Xoops parsing our session objects?
  • 2004/1/2 8:04

  • zer0fill

  • Not too shy to talk

  • Posts: 137

  • Since: 2003/12/2


after doing some more digging, i think i might have found it. XOOPS IS probably doing something to my single quotes because it gets sent to the database.

i'll post again when/if i can fix it (unless it really was my prog, but now doubt that is the case)

[edit]
Now i'm 100% certain that it's XOOPS that is causing the problem. after commenting out
// file: include/common.php line ~160
session_set_save_handler(array(&$sess_handler'open'), array(&$sess_handler'close'), array(&$sess_handler'read'), array(&$sess_handler'write'), array(&$sess_handler'destroy'), array(&$sess_handler'gc'));
the module started working fine with single-quotes. now to figure out the fix.
*pulls more hair out*

3
zer0fill
Re: Xoops parsing our session objects?
  • 2004/1/2 8:46

  • zer0fill

  • Not too shy to talk

  • Posts: 137

  • Since: 2003/12/2


W0000H0000!!!!

this was a lot easier than i thought

find file: kernel/session.php line ~117
function write($sess_id$sess_data)
{

add the line after open brace
function write($sess_id$sess_data)
{
  
$sess_data addslashes($sess_data);


you do NOT need to add stripslashes() in the reader

now it's time for sleep

the fix has been reported in the bugs forum.

4
Mithrandir
Re: Xoops parsing our session objects?

Haven't messed about with sessions much, so it's good to see that people can figure it out for themselves

Looking forward to seeing your module when it's finished. What kind of module is it?

5
zer0fill
Re: Xoops parsing our session objects?
  • 2004/1/2 10:24

  • zer0fill

  • Not too shy to talk

  • Posts: 137

  • Since: 2003/12/2


*ducks for cover*

It's a form wizard that i'm porting to XOOPS but, unfortunately, it's for the company i work for. i doubt these guys would let me make it open source :(

6
Mithrandir
Re: Xoops parsing our session objects?

Ah, ok - just wondering why you needed to save objects in session (curiousity perhaps killed the cat... but I ain't a feline )

7
zer0fill
Re: Xoops parsing our session objects?
  • 2004/1/2 10:32

  • zer0fill

  • Not too shy to talk

  • Posts: 137

  • Since: 2003/12/2


fwiw, it was to make a "backup" object if the user decides to undo a change in a question, form info (title, inst, start/end, etc), vital (emp id, telco, etc). ex: the user added a bunch of new questions to question1 but decided to cancel all changes. the form would revert to the last "good" form object.

8
Mithrandir
Re: Xoops parsing our session objects?

Sounds nice - if you come up with something ground-breaking, do share the snippet (not the entire module, if your customer doesn't want you to) so we can use it in other modules (again, only if you deem it possible without compromising your relationship with the customer )

9
zer0fill
Re: Xoops parsing our session objects?
  • 2004/1/2 10:42

  • zer0fill

  • Not too shy to talk

  • Posts: 137

  • Since: 2003/12/2


no problem. i'll post whatever i can.

Login

Who's Online

358 user(s) are online (249 user(s) are browsing Support Forums)


Members: 0


Guests: 358


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits