Bugfix: Avoid dba error message

[friendica.git] / include / session.php

diff --git a/include/session.php b/include/session.php
index 055bfcb4ef3cf3ff48e3a6da7b330ed02d35ccf1..a1412ad9b445079b7ecfc00d8310f80e44f18342 100644 (file)
--- a/include/session.php
+++ b/include/session.php
@@ -2,6 +2,8 @@
 // Session management functions. These provide database storage of PHP
 // session info.
 
+use Friendica\Core\Config;
+
 require_once('include/cache.php');
 
 $session_exists = 0;
@@ -22,17 +24,17 @@ function ref_session_read($id) {
        if (is_object($memcache)) {
                $data = $memcache->get(get_app()->get_hostname().":session:".$id);
                if (!is_bool($data)) {
+                       $session_exists = true;
                        return $data;
                }
                logger("no data for session $id", LOGGER_TRACE);
                return '';
        }
 
-       $r = q("SELECT `data` FROM `session` WHERE `sid`= '%s'", dbesc($id));
-
+       $r = dba::select('session', array('data'), array('sid' => $id), array('limit' => 1));
        if (dbm::is_result($r)) {
                $session_exists = true;
-               return $r[0]['data'];
+               return $r['data'];
        } else {
                logger("no data for session $id", LOGGER_TRACE);
        }
@@ -65,21 +67,18 @@ function ref_session_write($id, $data) {
 
        $memcache = cache::memcache();
        $a = get_app();
-       if (is_object($memcache) AND is_object($a)) {
+       if (is_object($memcache) && is_object($a)) {
                $memcache->set($a->get_hostname().":session:".$id, $data, MEMCACHE_COMPRESSED, $expire);
                return true;
        }
 
        if ($session_exists) {
-               $r = q("UPDATE `session`
-                               SET `data` = '%s', `expire` = '%s'
-                               WHERE `sid` = '%s'
-                               AND (`data` != '%s' OR `expire` != '%s')",
-                               dbesc($data), dbesc($expire), dbesc($id), dbesc($data), dbesc($expire));
+               $fields = array('data' => $data, 'expire' => $expire);
+               $condition = array("`sid` = ? AND (`data` != ? OR `expire` != ?)", $id, $data, $expire);
+               dba::update('session', $fields, $condition);
        } else {
-               $r = q("INSERT INTO `session`
-                               SET `sid` = '%s', `expire` = '%s', `data` = '%s'",
-                               dbesc($id), dbesc($default_expire), dbesc($data));
+               $fields = array('sid' => $id, 'expire' => $default_expire, 'data' => $data);
+               dba::insert('session', $fields);
        }
 
        return true;
@@ -97,14 +96,12 @@ function ref_session_destroy($id) {
                return true;
        }
 
-       q("DELETE FROM `session` WHERE `sid` = '%s'", dbesc($id));
-
+       dba::delete('session', array('sid' => $id));
        return true;
 }
 
 function ref_session_gc($expire) {
-       q("DELETE FROM `session` WHERE `expire` < %d", dbesc(time()));
-
+       dba::delete('session', array("`expire` < ?", time()));
        return true;
 }
 
@@ -114,6 +111,10 @@ ini_set('session.gc_probability', $gc_probability);
 ini_set('session.use_only_cookies', 1);
 ini_set('session.cookie_httponly', 1);
 
+if (Config::get('system', 'ssl_policy') == SSL_POLICY_FULL) {
+       ini_set('session.cookie_secure', 1);
+}
+
 if (!get_config('system', 'disable_database_session')) {
        session_set_save_handler('ref_session_open', 'ref_session_close',
                                'ref_session_read', 'ref_session_write',