xoops forums

zer0fill

Not too shy to talk
Posted on: 2004/1/2 7:16
zer0fill
zer0fill (Show more)
Not too shy to talk
Posts: 137
Since: 2003/12/2
#1

Xoops IS parsing our session objects (FIX INSIDE)

The FIX 2 posts down has been reported in the bugs forum.

I'm having one hell of a time debugging a module. whenever i serialize an object that has single quote (') attributes, the object either gets array(), unset, or never saves the info.

having tested the object right after serializing it to the session shows the single-quotes are still there, but after it finishes loading the page to be used again (it sends a header('page.php');die(); right after serializing), the error pops up.

does XOOPS perform some kind of security check on all objects in the session? i'm pretty sure it's somewhere hidden deep in my code (it's a port from a stand-alone smarty app) but thought i'd give it a shot to see if it was really XOOPS doing something so i can stop pulling my hair out.

thanks all :)

fwiw, i'm saving it like
$_SESSION['mymodule']['obj'] = serialize($obj);
header('Location: edit.php?'.SID.'&action=edit');die();

btw, it works fine if the user doesn't type in a single-quote and works fine on the pre-xoops site (with or without single-quotes).

zer0fill

Not too shy to talk
Posted on: 2004/1/2 8:04
zer0fill
zer0fill (Show more)
Not too shy to talk
Posts: 137
Since: 2003/12/2
#2

Re: Xoops parsing our session objects?

after doing some more digging, i think i might have found it. XOOPS IS probably doing something to my single quotes because it gets sent to the database.

i'll post again when/if i can fix it (unless it really was my prog, but now doubt that is the case)

[edit]
Now i'm 100% certain that it's XOOPS that is causing the problem. after commenting out
// file: include/common.php line ~160
session_set_save_handler(array(&$sess_handler'open'), array(&$sess_handler'close'), array(&$sess_handler'read'), array(&$sess_handler'write'), array(&$sess_handler'destroy'), array(&$sess_handler'gc'));
the module started working fine with single-quotes. now to figure out the fix.
*pulls more hair out*

zer0fill

Not too shy to talk
Posted on: 2004/1/2 8:46
zer0fill
zer0fill (Show more)
Not too shy to talk
Posts: 137
Since: 2003/12/2
#3

Re: Xoops parsing our session objects?

W0000H0000!!!!

this was a lot easier than i thought

find file: kernel/session.php line ~117
function write($sess_id$sess_data)
{

add the line after open brace
function write($sess_id$sess_data)
{
  
$sess_data addslashes($sess_data);


you do NOT need to add stripslashes() in the reader

now it's time for sleep

the fix has been reported in the bugs forum.

Mithrandir

XOOPS is my life!
Posted on: 2004/1/2 10:19
Mithrandir
Mithrandir (Show more)
XOOPS is my life!
Posts: 6320
Since: 2003/6/21
#4

Re: Xoops parsing our session objects?

Haven't messed about with sessions much, so it's good to see that people can figure it out for themselves

Looking forward to seeing your module when it's finished. What kind of module is it?

zer0fill

Not too shy to talk
Posted on: 2004/1/2 10:24
zer0fill
zer0fill (Show more)
Not too shy to talk
Posts: 137
Since: 2003/12/2
#5

Re: Xoops parsing our session objects?

*ducks for cover*

It's a form wizard that i'm porting to XOOPS but, unfortunately, it's for the company i work for. i doubt these guys would let me make it open source :(

Mithrandir

XOOPS is my life!
Posted on: 2004/1/2 10:25
Mithrandir
Mithrandir (Show more)
XOOPS is my life!
Posts: 6320
Since: 2003/6/21
#6

Re: Xoops parsing our session objects?

Ah, ok - just wondering why you needed to save objects in session (curiousity perhaps killed the cat... but I ain't a feline )

zer0fill

Not too shy to talk
Posted on: 2004/1/2 10:32
zer0fill
zer0fill (Show more)
Not too shy to talk
Posts: 137
Since: 2003/12/2
#7

Re: Xoops parsing our session objects?

fwiw, it was to make a "backup" object if the user decides to undo a change in a question, form info (title, inst, start/end, etc), vital (emp id, telco, etc). ex: the user added a bunch of new questions to question1 but decided to cancel all changes. the form would revert to the last "good" form object.

Mithrandir

XOOPS is my life!
Posted on: 2004/1/2 10:37
Mithrandir
Mithrandir (Show more)
XOOPS is my life!
Posts: 6320
Since: 2003/6/21
#8

Re: Xoops parsing our session objects?

Sounds nice - if you come up with something ground-breaking, do share the snippet (not the entire module, if your customer doesn't want you to) so we can use it in other modules (again, only if you deem it possible without compromising your relationship with the customer )

zer0fill

Not too shy to talk
Posted on: 2004/1/2 10:42
zer0fill
zer0fill (Show more)
Not too shy to talk
Posts: 137
Since: 2003/12/2
#9

Re: Xoops parsing our session objects?

no problem. i'll post whatever i can.