Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Normalize domain input to lowercase in session management methods

Browse source
This commit is contained in:
netkas 2025-03-27 12:52:31 -04:00
parent df519ad89b
commit dff25f31ba
Signed by: netkas
GPG key ID: 4D8629441B76E4CC
1 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/Socialbox/Managers/ExternalSessionManager.php
View file

@ -20,6 +20,8 @@
*/ */
public static function sessionExists(string $domain): bool public static function sessionExists(string $domain): bool
{ {
$domain = strtolower($domain);
try try
{ {
$stmt = Database::getConnection()->prepare("SELECT COUNT(*) FROM external_sessions WHERE domain=:domain LIMIT 1"); $stmt = Database::getConnection()->prepare("SELECT COUNT(*) FROM external_sessions WHERE domain=:domain LIMIT 1");
@ -47,7 +49,7 @@
try try
{ {
$stmt = Database::getConnection()->prepare("INSERT INTO external_sessions (domain, rpc_endpoint, session_uuid, transport_encryption_algorithm, server_keypair_expires, server_public_signing_key, server_public_encryption_key, host_public_encryption_key, host_private_encryption_key, private_shared_secret, host_transport_encryption_key, server_transport_encryption_key) VALUES (:domain, :rpc_endpoint, :session_uuid, :transport_encryption_algorithm, :server_keypair_expires, :server_public_signing_key, :server_public_encryption_key, :host_public_encryption_key, :host_private_encryption_key, :private_shared_secret, :host_transport_encryption_key, :server_transport_encryption_key)"); $stmt = Database::getConnection()->prepare("INSERT INTO external_sessions (domain, rpc_endpoint, session_uuid, transport_encryption_algorithm, server_keypair_expires, server_public_signing_key, server_public_encryption_key, host_public_encryption_key, host_private_encryption_key, private_shared_secret, host_transport_encryption_key, server_transport_encryption_key) VALUES (:domain, :rpc_endpoint, :session_uuid, :transport_encryption_algorithm, :server_keypair_expires, :server_public_signing_key, :server_public_encryption_key, :host_public_encryption_key, :host_private_encryption_key, :private_shared_secret, :host_transport_encryption_key, :server_transport_encryption_key)");
$domain = $exportedSession->getRemoteServer(); $domain = strtolower($exportedSession->getRemoteServer());
$stmt->bindParam(':domain', $domain); $stmt->bindParam(':domain', $domain);
$rpcEndpoint = $exportedSession->getRpcEndpoint(); $rpcEndpoint = $exportedSession->getRpcEndpoint();
$stmt->bindParam(':rpc_endpoint', $rpcEndpoint); $stmt->bindParam(':rpc_endpoint', $rpcEndpoint);
@ -89,6 +91,8 @@
*/ */
public static function getSession(string $domain): ?ExportedSession public static function getSession(string $domain): ?ExportedSession
{ {
$domain = strtolower($domain);
try try
{ {
$stmt = Database::getConnection()->prepare("SELECT * FROM external_sessions WHERE domain=:domain LIMIT 1"); $stmt = Database::getConnection()->prepare("SELECT * FROM external_sessions WHERE domain=:domain LIMIT 1");
@ -134,6 +138,8 @@
*/ */
public static function removeSession(string $domain): void public static function removeSession(string $domain): void
{ {
$domain = strtolower($domain);
try try
{ {
$stmt = Database::getConnection()->prepare("DELETE FROM external_sessions WHERE domain=:domain"); $stmt = Database::getConnection()->prepare("DELETE FROM external_sessions WHERE domain=:domain");
@ -156,6 +162,8 @@
*/ */
public static function updateLastAccessed(string $domain): void public static function updateLastAccessed(string $domain): void
{ {
try try
{ {
$stmt = Database::getConnection()->prepare("UPDATE external_sessions SET last_accessed=CURRENT_TIMESTAMP WHERE domain=:domain"); $stmt = Database::getConnection()->prepare("UPDATE external_sessions SET last_accessed=CURRENT_TIMESTAMP WHERE domain=:domain");