diff options
| author | Andrew Dolgov <fox@fakecake.org> | 2025-04-07 20:08:17 +0300 |
|---|---|---|
| committer | Andrew Dolgov <fox@fakecake.org> | 2025-04-07 20:09:31 +0300 |
| commit | 026d68fc2d0f24e4f2d46c5743a22f42053caa67 (patch) | |
| tree | f4552b9d8090bca446bdf0e203b4a76a53a58ebf /classes/Sessions.php | |
| parent | bb2c4b380165731c3f8abf0596fffb2a0953265b (diff) | |
add optional encryption for stored session data using Sodium library
Diffstat (limited to 'classes/Sessions.php')
| -rw-r--r-- | classes/Sessions.php | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/classes/Sessions.php b/classes/Sessions.php index 5c586154b..e8cba1765 100644 --- a/classes/Sessions.php +++ b/classes/Sessions.php @@ -58,7 +58,17 @@ class Sessions implements \SessionHandlerInterface { $sth->execute([$id]); if ($row = $sth->fetch()) { - return base64_decode($row['data']); + $data = base64_decode($row['data']); + + if (Config::get(Config::SODIUM_ENCRYPTION_KEY)) { + $unserialized_data = unserialize($data); + + if ($unserialized_data !== false) + return Config::decrypt_string($unserialized_data); + } + + // if Sodium key is missing or session data is not in serialized format, return as-is + return $data; } $expire = time() + $this->session_expire; @@ -69,7 +79,12 @@ class Sessions implements \SessionHandlerInterface { } public function write(string $id, string $data): bool { + + if (Config::get(Config::SODIUM_ENCRYPTION_KEY)) + $data = serialize(Config::encrypt_string($data)); + $data = base64_encode($data); + $expire = time() + $this->session_expire; $sth = Db::pdo()->prepare('SELECT id FROM ttrss_sessions WHERE id=?'); |