diff options
author | Igor Scheller <igor.scheller@igorshp.de> | 2018-08-07 02:38:41 +0200 |
---|---|---|
committer | Igor Scheller <igor.scheller@igorshp.de> | 2018-08-20 21:08:06 +0200 |
commit | d93ace2eaef8d7077fe93f27a1528f936ffe1172 (patch) | |
tree | 58dbc82c9ae4da79f5d8eabff33c09273891d290 | |
parent | d6c8f1a61475fefa9594141aaf12a28d220bdaf8 (diff) |
Prevent object serialization in session
-rw-r--r-- | includes/model/ShiftsFilter.php | 30 | ||||
-rw-r--r-- | includes/pages/user_shifts.php | 9 |
2 files changed, 34 insertions, 5 deletions
diff --git a/includes/model/ShiftsFilter.php b/includes/model/ShiftsFilter.php index 5ad7a9b3..fe3bfa56 100644 --- a/includes/model/ShiftsFilter.php +++ b/includes/model/ShiftsFilter.php @@ -48,7 +48,7 @@ class ShiftsFilter * @param int[] $rooms * @param int[] $types */ - public function __construct($user_shifts_admin, $rooms, $types) + public function __construct($user_shifts_admin = false, $rooms = [], $types = []) { $this->rooms = $rooms; $this->types = $types; @@ -63,6 +63,34 @@ class ShiftsFilter } /** + * @return array + */ + public function sessionExport() + { + return [ + 'userShiftsAdmin' => $this->userShiftsAdmin, + 'filled' => $this->filled, + 'rooms' => $this->rooms, + 'types' => $this->types, + 'startTime' => $this->startTime, + 'endTime' => $this->endTime, + ]; + } + + /** + * @param array $data + */ + public function sessionImport($data) + { + $this->userShiftsAdmin = $data['userShiftsAdmin']; + $this->filled = $data['filled']; + $this->rooms = $data['rooms']; + $this->types = $data['types']; + $this->startTime = $data['startTime']; + $this->endTime = $data['endTime']; + } + + /** * @return int unix timestamp */ public function getStartTime() diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php index 8f81f542..186301db 100644 --- a/includes/pages/user_shifts.php +++ b/includes/pages/user_shifts.php @@ -177,18 +177,19 @@ function view_user_shifts() $rooms = load_rooms(); $types = load_types(); - if (!$session->has('ShiftsFilter')) { + if (!$session->has('shifts-filter')) { $room_ids = [ $rooms[0]['id'] ]; $type_ids = array_map('get_ids_from_array', $types); $shiftsFilter = new ShiftsFilter(in_array('user_shifts_admin', $privileges), $room_ids, $type_ids); - $session->set('ShiftsFilter', $shiftsFilter); + $session->set('shifts-filter', $shiftsFilter->sessionExport()); } - /** @var ShiftsFilter $shiftsFilter */ - $shiftsFilter = $session->get('ShiftsFilter'); + $shiftsFilter = new ShiftsFilter(); + $shiftsFilter->sessionImport($session->get('shifts-filter')); update_ShiftsFilter($shiftsFilter, in_array('user_shifts_admin', $privileges), $days); + $session->set('shifts-filter', $shiftsFilter->sessionExport()); $shiftCalendarRenderer = shiftCalendarRendererByShiftFilter($shiftsFilter); |