From e1ceb050e19c7574bca146a8da7047ee4ff456b5 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Sun, 10 Jul 2016 05:02:35 -0400
Subject: [PATCH] Merge branch 'stable-3.1'

---
 interface/lib/classes/session.inc.php |   49 ++++++++++++++-----------------------------------
 1 files changed, 14 insertions(+), 35 deletions(-)

diff --git a/interface/lib/classes/session.inc.php b/interface/lib/classes/session.inc.php
index dcb187b..f4a90be 100644
--- a/interface/lib/classes/session.inc.php
+++ b/interface/lib/classes/session.inc.php
@@ -66,9 +66,9 @@
 	function read ($session_id) {
 		
 		if($this->timeout > 0) {
-			$rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."' AND (`permanent` = 'y' OR last_updated >= DATE_SUB(NOW(), INTERVAL " . intval($this->timeout) . " MINUTE))");
+			$rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = ? AND (`permanent` = 'y' OR last_updated >= DATE_SUB(NOW(), INTERVAL ? MINUTE))", $session_id, $this->timeout);
 		} else {
-			$rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = '".$this->db->quote($session_id)."'");
+			$rec = $this->db->queryOneRecord("SELECT * FROM sys_session WHERE session_id = ?", $session_id);
 		}
 
 		if (is_array($rec)) {
@@ -87,27 +87,18 @@
 
 		// Dont write session_data to DB if session data has not been changed after reading it.
 		if(isset($this->session_array['session_data']) && $this->session_array['session_data'] != '' && $this->session_array['session_data'] == $session_data) {
-			$session_id   = $this->db->quote($session_id);
-			$last_updated = date('Y-m-d H:i:s');
-			$this->db->query("UPDATE sys_session SET last_updated = '$last_updated' WHERE session_id = '$session_id'");
+			$this->db->query("UPDATE sys_session SET last_updated = NOW() WHERE session_id = ?", $session_id);
 			return true;
 		}
 
 
 		if (@$this->session_array['session_id'] == '') {
-			$session_id   = $this->db->quote($session_id);
-			$date_created = date('Y-m-d H:i:s');
-			$last_updated = date('Y-m-d H:i:s');
-			$session_data = $this->db->quote($session_data);
-			$sql = "INSERT INTO sys_session (session_id,date_created,last_updated,session_data,permanent) VALUES ('$session_id','$date_created','$last_updated','$session_data','" . ($this->permanent ? 'y' : 'n') . "')";
-			$this->db->query($sql);
+			$sql = "REPLACE INTO sys_session (session_id,date_created,last_updated,session_data,permanent) VALUES (?,NOW(),NOW(),?,?)";
+			$this->db->query($sql, $session_id, $session_data, ($this->permanent ? 'y' : 'n'));
 
 		} else {
-			$session_id   = $this->db->quote($session_id);
-			$last_updated = date('Y-m-d H:i:s');
-			$session_data = $this->db->quote($session_data);
-			$sql = "UPDATE sys_session SET last_updated = '$last_updated', session_data = '$session_data'" . ($this->permanent ? ", `permanent` = 'y'" : "") . " WHERE session_id = '$session_id'";
-			$this->db->query($sql);
+			$sql = "UPDATE sys_session SET last_updated = NOW(), session_data = ?" . ($this->permanent ? ", `permanent` = 'y'" : "") . " WHERE session_id = ?";
+			$this->db->query($sql, $session_data, $session_id);
 
 		}
 
@@ -116,32 +107,20 @@
 
 	function destroy ($session_id) {
 
-		$session_id   = $this->db->quote($session_id);
-		$sql = "DELETE FROM sys_session WHERE session_id = '$session_id'";
-		$this->db->query($sql);
+		$sql = "DELETE FROM sys_session WHERE session_id = ?";
+		$this->db->query($sql, $session_id);
 
 		return true;
 	}
 
 	function gc ($max_lifetime) {
 
-		/*if($this->timeout > 0) {
-			$this->db->query("DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL " . intval($this->timeout) . " MINUTE)");
-		} else {*/
-			$real_now = date('Y-m-d H:i:s');
-			$dt1 = strtotime("$real_now -$max_lifetime seconds");
-			$dt2 = date('Y-m-d H:i:s', $dt1);
-
-			$sql = "DELETE FROM sys_session WHERE last_updated < '$dt2' AND `permanent` != 'y'";
-			$this->db->query($sql);
+		$sql = "DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL ? SECOND) AND `permanent` != 'y'";
+		$this->db->query($sql, intval($max_lifetime));
 			
-			/* delete very old even if they are permanent */
-			$dt1 = strtotime("$real_now -365 days");
-			$dt2 = date('Y-m-d H:i:s', $dt1);
-
-			$sql = "DELETE FROM sys_session WHERE last_updated < '$dt2'";
-			$this->db->query($sql);
-		//}
+		/* delete very old even if they are permanent */
+		$sql = "DELETE FROM sys_session WHERE last_updated < DATE_SUB(NOW(), INTERVAL 1 YEAR)";
+		$this->db->query($sql);
 
 		return true;
 

--
Gitblit v1.9.1