Gecko [ 8.222.176.185 ]

Name	Size	Permission
Charsets	[ DIR ]	drwxrwxrwx
Command	[ DIR ]	drwxrwxrwx
Config	[ DIR ]	drwxrwxrwx
ConfigStorage	[ DIR ]	drwxrwxrwx
Controllers	[ DIR ]	drwxrwxrwx
Crypto	[ DIR ]	drwxrwxrwx
Database	[ DIR ]	drwxrwxrwx
Dbal	[ DIR ]	drwxrwxrwx
Display	[ DIR ]	drwxrwxrwx
Engines	[ DIR ]	drwxrwxrwx
Exceptions	[ DIR ]	drwxrwxrwx
Export	[ DIR ]	drwxrwxrwx
Gis	[ DIR ]	drwxrwxrwx
Html	[ DIR ]	drwxrwxrwx
Http	[ DIR ]	drwxrwxrwx
Image	[ DIR ]	drwxrwxrwx
Import	[ DIR ]	drwxrwxrwx
Navigation	[ DIR ]	drwxrwxrwx
Partitioning	[ DIR ]	drwxrwxrwx
Plugins	[ DIR ]	drwxrwxrwx
Properties	[ DIR ]	drwxrwxrwx
Providers	[ DIR ]	drwxrwxrwx
Query	[ DIR ]	drwxrwxrwx
Server	[ DIR ]	drwxrwxrwx
Setup	[ DIR ]	drwxrwxrwx
Table	[ DIR ]	drwxrwxrwx
Twig	[ DIR ]	drwxrwxrwx
Utils	[ DIR ]	drwxrwxrwx
WebAuthn	[ DIR ]	drwxrwxrwx
Advisor.php	12.32 KB	-rw-rw-rw-
Bookmark.php	9.19 KB	-rw-rw-rw-
BrowseForeigners.php	10.63 KB	-rw-rw-rw-
Cache.php	1.5 KB	-rw-rw-rw-
Charsets.php	6.82 KB	-rw-rw-rw-
CheckUserPrivileges.php	11.3 KB	-rw-rw-rw-
Common.php	19.4 KB	-rw-rw-rw-
Config.php	41.65 KB	-rw-rw-rw-
Console.php	3.25 KB	-rw-rw-rw-
Core.php	28.91 KB	-rw-rw-rw-
CreateAddField.php	15.83 KB	-rw-rw-rw-
DatabaseInterface.php	71.73 KB	-rw-rw-rw-
DbTableExists.php	2.86 KB	-rw-rw-rw-
Encoding.php	8.41 KB	-rw-rw-rw-
Error.php	13.63 KB	-rw-rw-rw-
ErrorHandler.php	18.63 KB	-rw-rw-rw-
ErrorReport.php	8.99 KB	-rw-rw-rw-
Export.php	45.7 KB	-rw-rw-rw-
FieldMetadata.php	11.11 KB	-rw-rw-rw-
File.php	19.75 KB	-rw-rw-rw-
FileListing.php	2.88 KB	-rw-rw-rw-
FlashMessages.php	1.22 KB	-rw-rw-rw-
Font.php	5.58 KB	-rw-rw-rw-
Footer.php	8.06 KB	-rw-rw-rw-
Git.php	18 KB	-rw-rw-rw-
Header.php	20 KB	-rw-rw-rw-
Import.php	48.72 KB	-rw-rw-rw-
Index.php	14.83 KB	-rw-rw-rw-
IndexColumn.php	4.75 KB	-rw-rw-rw-
InsertEdit.php	89.05 KB	-rw-rw-rw-
InternalRelations.php	17.31 KB	-rw-rw-rw-
IpAllowDeny.php	9.13 KB	-rw-rw-rw-
Language.php	4.47 KB	-rw-rw-rw-
LanguageManager.php	22.74 KB	-rw-rw-rw-
Linter.php	4.99 KB	-rw-rw-rw-
ListAbstract.php	1.67 KB	-rw-rw-rw-
ListDatabase.php	4.11 KB	-rw-rw-rw-
Logging.php	2.69 KB	-rw-rw-rw-
Menu.php	20.4 KB	-rw-rw-rw-
Message.php	18.68 KB	-rw-rw-rw-
Mime.php	918 B	-rw-rw-rw-
Normalization.php	41.53 KB	-rw-rw-rw-
OpenDocument.php	8.62 KB	-rw-rw-rw-
Operations.php	35.11 KB	-rw-rw-rw-
OutputBuffering.php	4.1 KB	-rw-rw-rw-
ParseAnalyze.php	2.34 KB	-rw-rw-rw-
Pdf.php	4.17 KB	-rw-rw-rw-
Plugins.php	21.83 KB	-rw-rw-rw-
Profiling.php	2.16 KB	-rw-rw-rw-
RecentFavoriteTable.php	11.44 KB	-rw-rw-rw-
Replication.php	4.81 KB	-rw-rw-rw-
ReplicationGui.php	21.24 KB	-rw-rw-rw-
ReplicationInfo.php	4.79 KB	-rw-rw-rw-
ResponseRenderer.php	13.5 KB	-rw-rw-rw-
Routing.php	6.55 KB	-rw-rw-rw-
Sanitize.php	11.98 KB	-rw-rw-rw-
SavedSearches.php	11.33 KB	-rw-rw-rw-
Scripts.php	3.74 KB	-rw-rw-rw-
Session.php	8.16 KB	-rw-rw-rw-
Sql.php	64.01 KB	-rw-rw-rw-
SqlQueryForm.php	6.74 KB	-rw-rw-rw-
StorageEngine.php	15.71 KB	-rw-rw-rw-
SystemDatabase.php	3.98 KB	-rw-rw-rw-
Table.php	90.33 KB	-rw-rw-rw-
Template.php	4.5 KB	-rw-rw-rw-
Theme.php	7.32 KB	-rw-rw-rw-
ThemeManager.php	7 KB	-rw-rw-rw-
Tracker.php	30.34 KB	-rw-rw-rw-
Tracking.php	36.11 KB	-rw-rw-rw-
Transformations.php	16.31 KB	-rw-rw-rw-
TwoFactor.php	7.49 KB	-rw-rw-rw-
Types.php	25.85 KB	-rw-rw-rw-
Url.php	10.61 KB	-rw-rw-rw-
UrlRedirector.php	1.74 KB	-rw-rw-rw-
UserPassword.php	6.86 KB	-rw-rw-rw-
UserPreferences.php	10.49 KB	-rw-rw-rw-
Util.php	86.45 KB	-rw-rw-rw-
Version.php	556 B	-rw-rw-rw-
VersionInformation.php	7.3 KB	-rw-rw-rw-
ZipExtension.php	10.33 KB	-rw-rw-rw-

Code Editor : Session.php

<?php
/**
 * Session handling
 *
 * @see     https://www.php.net/manual/en/features.sessions.php
 */

declare(strict_types=1);

namespace PhpMyAdmin;

use function function_exists;
use function htmlspecialchars;
use function implode;
use function ini_get;
use function ini_set;
use function preg_replace;
use function session_abort;
use function session_cache_limiter;
use function session_destroy;
use function session_id;
use function session_name;
use function session_regenerate_id;
use function session_save_path;
use function session_set_cookie_params;
use function session_start;
use function session_status;
use function session_unset;
use function session_write_close;
use function setcookie;

use const PHP_SESSION_ACTIVE;
use const PHP_VERSION_ID;

/**
 * Session class
 */
class Session
{
    /**
     * Generates PMA_token session variable.
     */
    private static function generateToken(): void
    {
        $_SESSION[' PMA_token '] = Util::generateRandom(16, true);
        $_SESSION[' HMAC_secret '] = Util::generateRandom(16);

/**
         * Check if token is properly generated (the generation can fail, for example
         * due to missing /dev/random for openssl).
         */
        if (! empty($_SESSION[' PMA_token '])) {
            return;
        }

Core::fatalError('Failed to generate random CSRF token!');
    }

/**
     * tries to secure session from hijacking and fixation
     * should be called before login and after successful login
     * (only required if sensitive information stored in session)
     */
    public static function secure(): void
    {
        // prevent session fixation and XSS
        if (session_status() === PHP_SESSION_ACTIVE) {
            session_regenerate_id(true);
        }

// continue with empty session
        session_unset();
        self::generateToken();
    }

/**
     * Session failed function
     *
     * @param array $errors PhpMyAdmin\ErrorHandler array
     */
    private static function sessionFailed(array $errors): void
    {
        $messages = [];
        foreach ($errors as $error) {
            /*
             * Remove path from open() in error message to avoid path disclossure
             *
             * This can happen with PHP 5 when nonexisting session ID is provided,
             * since PHP 7, session existence is checked first.
             *
             * This error can also happen in case of session backed error (eg.
             * read only filesystem) on any PHP version.
             *
             * The message string is currently hardcoded in PHP, so hopefully it
             * will not change in future.
             */
            $messages[] = preg_replace(
                '/open$.*, O_RDWR$/',
                'open(SESSION_FILE, O_RDWR)',
                htmlspecialchars($error->getMessage())
            );
        }

/*
         * Session initialization is done before selecting language, so we
         * can not use translations here.
         */
        Core::fatalError(
            'Error during session start; please check your PHP and/or '
            . 'webserver log file and configure your PHP '
            . 'installation properly. Also ensure that cookies are enabled '
            . 'in your browser.'
            . '<br><br>'
            . implode('<br><br>', $messages)
        );
    }

/**
     * Set up session
     *
     * @param Config       $config       Configuration handler
     * @param ErrorHandler $errorHandler Error handler
     */
    public static function setUp(Config $config, ErrorHandler $errorHandler): void
    {
        // verify if PHP supports session, die if it does not
        if (! function_exists('session_name')) {
            Core::warnMissingExtension('session', true);
        } elseif (! empty(ini_get('session.auto_start')) && session_name() !== 'phpMyAdmin' && ! empty(session_id())) {
            // Do not delete the existing non empty session, it might be used by
            // other applications; instead just close it.
            if (empty($_SESSION)) {
                // Ignore errors as this might have been destroyed in other
                // request meanwhile
                @session_destroy();
            } else {
                // do not use session_write_close, see issue #13392
                session_abort();
            }
        }

/** @psalm-var 'Lax'|'Strict'|'None' $cookieSameSite */
        $cookieSameSite = $config->get('CookieSameSite') ?? 'Strict';
        $cookiePath = $config->getRootPath();
        if (PHP_VERSION_ID < 70300) {
            $cookiePath .= '; SameSite=' . $cookieSameSite;
        }

// session cookie settings
        session_set_cookie_params(
            0,
            $cookiePath,
            '',
            $config->isHttps(),
            true
        );

// cookies are safer (use ini_set() in case this function is disabled)
        ini_set('session.use_cookies', 'true');

// optionally set session_save_path
        $path = $config->get('SessionSavePath');
        if (! empty($path)) {
            session_save_path($path);
            // We can not do this unconditionally as this would break
            // any more complex setup (eg. cluster), see
            // https://github.com/phpmyadmin/phpmyadmin/issues/8346
            ini_set('session.save_handler', 'files');
        }

// use cookies only
        ini_set('session.use_only_cookies', '1');
        // strict session mode (do not accept random string as session ID)
        ini_set('session.use_strict_mode', '1');
        // make the session cookie HttpOnly
        ini_set('session.cookie_httponly', '1');
        if (PHP_VERSION_ID >= 70300) {
            // add SameSite to the session cookie
            ini_set('session.cookie_samesite', $cookieSameSite);
        }

// do not force transparent session ids
        ini_set('session.use_trans_sid', '0');

// delete session/cookies when browser is closed
        ini_set('session.cookie_lifetime', '0');

// some pages (e.g. stylesheet) may be cached on clients, but not in shared
        // proxy servers
        session_cache_limiter('private');

$httpCookieName = $config->getCookieName('phpMyAdmin');
        @session_name($httpCookieName);

// Restore correct session ID (it might have been reset by auto started session
        if ($config->issetCookie('phpMyAdmin')) {
            session_id($config->getCookie('phpMyAdmin'));
        }

// on first start of session we check for errors
        // f.e. session dir cannot be accessed - session file not created
        $orig_error_count = $errorHandler->countErrors(false);

$session_result = session_start();

if ($session_result !== true || $orig_error_count != $errorHandler->countErrors(false)) {
            setcookie($httpCookieName, '', 1);
            $errors = $errorHandler->sliceErrors($orig_error_count);
            self::sessionFailed($errors);
        }

unset($orig_error_count, $session_result);

/**
         * Disable setting of session cookies for further session_start() calls.
         */
        if (session_status() !== PHP_SESSION_ACTIVE) {
            ini_set('session.use_cookies', 'true');
        }

/**
         * Token which is used for authenticating access queries.
         * (we use "space PMA_token space" to prevent overwriting)
         */
        if (! empty($_SESSION[' PMA_token '])) {
            return;
        }

self::generateToken();

/**
         * Check for disk space on session storage by trying to write it.
         *
         * This seems to be most reliable approach to test if sessions are working,
         * otherwise the check would fail with custom session backends.
         */
        $orig_error_count = $errorHandler->countErrors();
        session_write_close();
        if ($errorHandler->countErrors() > $orig_error_count) {
            $errors = $errorHandler->sliceErrors($orig_error_count);
            self::sessionFailed($errors);
        }

session_start();
        if (! empty($_SESSION[' PMA_token '])) {
            return;
        }

Core::fatalError('Failed to store CSRF token in session! Probably sessions are not working properly.');
    }
}

${this.title}

Code Editor : Session.php