Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-16336

phpbb\session::update_session_infos may attempt to read undefined $this->data['session_page']

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Trivial
    • Resolution: Duplicate
    • 3.2.9, 3.3.0
    • None
    • Sessions

    Description

      When a user has no existing session and tries to log in, a notice is raised:

       

      PHP Notice: Undefined index: session_page in phpbb/session.php on line 1649
      {{ #0 includes/functions.php(4285): phpbb\session->update_session_infos() }}
      {{ #1 includes/functions.php(2574): page_header('Login')}}
      {{ #2 phpbb/session.php(1292): login_box('index.php')}}
      {{ #3 phpbb/session.php(1353): phpbb\session->check_ban(1, Array)}}
      {{ #4 phpbb/session.php(690): phpbb\session->check_ban_for_current_session(Object(phpbb\config\db)) }}
      {{ #5 phpbb/session.php(505): phpbb\session->session_create()}}
      {{ #6 ucp.php(40): phpbb\session->session_begin()}}
      {{ #7 {main}}}

       

      Adding an isset guard on the variable avoids raising a notice:

       

      }}{{--- a/phpbb/session.php
      +++ b/phpbb/session.php
      @@ -1646,7 +1646,7 @@ class session
      {{ }}}

      {{ // Do not update the session page for ajax requests, so the view online still works as intended}}
      - $page_changed = $this->update_session_page && $this->data['session_page'] != $this->page['page'] && !$request->is_ajax();
      + $page_changed = $this->update_session_page && (!isset($this->data['session_page']) || $this->data['session_page'] != $this->page['page']) && !$request->is_ajax();

      {{ // Only update session DB a minute or so after last update or if page changes}}
      {{ if ($this->time_now - (isset($this->data['session_time']) ? $this->data['session_time'] : 0) > 60 || $page_changed)}}

       

      The backtrace is from 3.2.9, the problem also exists in 3.3.0.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              Snover Snover
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: