Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-16336

phpbb\session::update_session_infos may attempt to read undefined $this->data['session_page']

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Trivial
    • Resolution: Unresolved
    • Affects Version/s: 3.2.9, 3.3.0
    • Fix Version/s: None
    • Component/s: Sessions
    • Labels:

      Description

      When a user has no existing session and tries to log in, a notice is raised:

       

      PHP Notice: Undefined index: session_page in phpbb/session.php on line 1649
      {{ #0 includes/functions.php(4285): phpbb\session->update_session_infos() }}
      {{ #1 includes/functions.php(2574): page_header('Login')}}
      {{ #2 phpbb/session.php(1292): login_box('index.php')}}
      {{ #3 phpbb/session.php(1353): phpbb\session->check_ban(1, Array)}}
      {{ #4 phpbb/session.php(690): phpbb\session->check_ban_for_current_session(Object(phpbb\config\db)) }}
      {{ #5 phpbb/session.php(505): phpbb\session->session_create()}}
      {{ #6 ucp.php(40): phpbb\session->session_begin()}}
      {{ #7 {main}}}

       

      Adding an isset guard on the variable avoids raising a notice:

       

      }}{{--- a/phpbb/session.php
      +++ b/phpbb/session.php
      @@ -1646,7 +1646,7 @@ class session
      {{ }}}

      {{ // Do not update the session page for ajax requests, so the view online still works as intended}}
      - $page_changed = $this->update_session_page && $this->data['session_page'] != $this->page['page'] && !$request->is_ajax();
      + $page_changed = $this->update_session_page && (!isset($this->data['session_page']) || $this->data['session_page'] != $this->page['page']) && !$request->is_ajax();

      {{ // Only update session DB a minute or so after last update or if page changes}}
      {{ if ($this->time_now - (isset($this->data['session_time']) ? $this->data['session_time'] : 0) > 60 || $page_changed)}}

       

      The backtrace is from 3.2.9, the problem also exists in 3.3.0.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              Snover Snover [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: