summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIgor Scheller <igor.scheller@igorshp.de>2018-08-07 02:38:41 +0200
committerIgor Scheller <igor.scheller@igorshp.de>2018-08-20 21:08:06 +0200
commitd93ace2eaef8d7077fe93f27a1528f936ffe1172 (patch)
tree58dbc82c9ae4da79f5d8eabff33c09273891d290
parentd6c8f1a61475fefa9594141aaf12a28d220bdaf8 (diff)
Prevent object serialization in session
-rw-r--r--includes/model/ShiftsFilter.php30
-rw-r--r--includes/pages/user_shifts.php9
2 files changed, 34 insertions, 5 deletions
diff --git a/includes/model/ShiftsFilter.php b/includes/model/ShiftsFilter.php
index 5ad7a9b3..fe3bfa56 100644
--- a/includes/model/ShiftsFilter.php
+++ b/includes/model/ShiftsFilter.php
@@ -48,7 +48,7 @@ class ShiftsFilter
* @param int[] $rooms
* @param int[] $types
*/
- public function __construct($user_shifts_admin, $rooms, $types)
+ public function __construct($user_shifts_admin = false, $rooms = [], $types = [])
{
$this->rooms = $rooms;
$this->types = $types;
@@ -63,6 +63,34 @@ class ShiftsFilter
}
/**
+ * @return array
+ */
+ public function sessionExport()
+ {
+ return [
+ 'userShiftsAdmin' => $this->userShiftsAdmin,
+ 'filled' => $this->filled,
+ 'rooms' => $this->rooms,
+ 'types' => $this->types,
+ 'startTime' => $this->startTime,
+ 'endTime' => $this->endTime,
+ ];
+ }
+
+ /**
+ * @param array $data
+ */
+ public function sessionImport($data)
+ {
+ $this->userShiftsAdmin = $data['userShiftsAdmin'];
+ $this->filled = $data['filled'];
+ $this->rooms = $data['rooms'];
+ $this->types = $data['types'];
+ $this->startTime = $data['startTime'];
+ $this->endTime = $data['endTime'];
+ }
+
+ /**
* @return int unix timestamp
*/
public function getStartTime()
diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php
index 8f81f542..186301db 100644
--- a/includes/pages/user_shifts.php
+++ b/includes/pages/user_shifts.php
@@ -177,18 +177,19 @@ function view_user_shifts()
$rooms = load_rooms();
$types = load_types();
- if (!$session->has('ShiftsFilter')) {
+ if (!$session->has('shifts-filter')) {
$room_ids = [
$rooms[0]['id']
];
$type_ids = array_map('get_ids_from_array', $types);
$shiftsFilter = new ShiftsFilter(in_array('user_shifts_admin', $privileges), $room_ids, $type_ids);
- $session->set('ShiftsFilter', $shiftsFilter);
+ $session->set('shifts-filter', $shiftsFilter->sessionExport());
}
- /** @var ShiftsFilter $shiftsFilter */
- $shiftsFilter = $session->get('ShiftsFilter');
+ $shiftsFilter = new ShiftsFilter();
+ $shiftsFilter->sessionImport($session->get('shifts-filter'));
update_ShiftsFilter($shiftsFilter, in_array('user_shifts_admin', $privileges), $days);
+ $session->set('shifts-filter', $shiftsFilter->sessionExport());
$shiftCalendarRenderer = shiftCalendarRendererByShiftFilter($shiftsFilter);