MyShaarli/application
VirtualTam 68bc21353a Session ID: extend the regex to match possible hash representations
Improves #306
Relates to #335 & #336
Duplicated by #339

Issues:
 - PHP regenerates the session ID if it is not compliant
 - the regex checking the session ID does not cover all cases
   - different algorithms: md5, sha1, sha256, etc.
   - bit representations: 4, 5, 6

Fix:
 - `index.php`:
   - remove `uniqid()` usage
   - call `session_regenerate_id()` if an invalid cookie is detected
 - regex: support all possible characters - '[a-zA-Z,-]{2,128}'
 - tests: add coverage for all algorithms & bit representations

See:
 - http://php.net/manual/en/session.configuration.php#ini.session.hash-function
 - https://secure.php.net/manual/en/session.configuration.php#ini.session.hash-bits-per-character
 - http://php.net/manual/en/function.session-id.php
 - http://php.net/manual/en/function.session-regenerate-id.php
 - http://php.net/manual/en/function.hash-algos.php

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-06 16:14:24 +02:00
..
.htaccess LinkDB: move to a proper file, add test coverage 2015-06-11 00:45:45 +02:00
Cache.php Cache: simplify cached content cleanup, improve tests 2015-08-13 23:51:31 +02:00
CachedPage.php CachedPage: move to a proper file, add tests 2015-08-13 23:48:06 +02:00
Config.php PHP: ensure 5.3 compatibility, refactor timezone utilities 2015-07-13 13:06:06 +02:00
LinkDB.php CachedPage: move to a proper file, add tests 2015-08-13 23:48:06 +02:00
TimeZone.php Installation: default to the server's timezone 2015-08-04 23:54:03 +02:00
Url.php Fixes #325 - Shaarli does not recognize saved links 2015-08-31 12:26:38 +02:00
Utils.php Session ID: extend the regex to match possible hash representations 2015-09-06 16:14:24 +02:00