diff --git a/auth/ldap/auth.php b/auth/ldap/auth.php index 04ba8c94305..9eb3a860421 100644 --- a/auth/ldap/auth.php +++ b/auth/ldap/auth.php @@ -709,35 +709,18 @@ class auth_plugin_ldap extends auth_plugin_base { do { if ($ldappagedresults) { - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - // Before 7.3, use this function that was deprecated in PHP 7.4. - ldap_control_paged_result($ldapconnection, $this->config->pagesize, true, $ldapcookie); - } else { - // PHP 7.3 and up, use server controls. - $servercontrols = array(array( - 'oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => array( - 'size' => $this->config->pagesize, 'cookie' => $ldapcookie))); - } + $servercontrols = array(array( + 'oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => array( + 'size' => $this->config->pagesize, 'cookie' => $ldapcookie))); } if ($this->config->search_sub) { // Use ldap_search to find first user from subtree. - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - $ldapresult = ldap_search($ldapconnection, $context, $filter, array($this->config->user_attribute)); - } else { - $ldapresult = ldap_search($ldapconnection, $context, $filter, array($this->config->user_attribute), - 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); - } + $ldapresult = ldap_search($ldapconnection, $context, $filter, array($this->config->user_attribute), + 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); } else { // Search only in this context. - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - $ldapresult = ldap_list($ldapconnection, $context, $filter, array($this->config->user_attribute)); - } else { - $ldapresult = ldap_list($ldapconnection, $context, $filter, array($this->config->user_attribute), - 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); - } + $ldapresult = ldap_list($ldapconnection, $context, $filter, array($this->config->user_attribute), + 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); } if (!$ldapresult) { continue; @@ -745,22 +728,11 @@ class auth_plugin_ldap extends auth_plugin_base { if ($ldappagedresults) { // Get next server cookie to know if we'll need to continue searching. $ldapcookie = ''; - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - // Before 7.3, use this function that was deprecated in PHP 7.4. - $pagedresp = ldap_control_paged_result_response($ldapconnection, $ldapresult, $ldapcookie); - // Function ldap_control_paged_result_response() does not overwrite $ldapcookie if it fails, by - // setting this to null we avoid an infinite loop. - if ($pagedresp === false) { - $ldapcookie = null; - } - } else { - // Get next cookie from controls. - ldap_parse_result($ldapconnection, $ldapresult, $errcode, $matcheddn, - $errmsg, $referrals, $controls); - if (isset($controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'])) { - $ldapcookie = $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie']; - } + // Get next cookie from controls. + ldap_parse_result($ldapconnection, $ldapresult, $errcode, $matcheddn, + $errmsg, $referrals, $controls); + if (isset($controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'])) { + $ldapcookie = $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie']; } } if ($entry = @ldap_first_entry($ldapconnection, $ldapresult)) { @@ -1568,35 +1540,18 @@ class auth_plugin_ldap extends auth_plugin_base { do { if ($ldap_pagedresults) { - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - // Before 7.3, use this function that was deprecated in PHP 7.4. - ldap_control_paged_result($ldapconnection, $this->config->pagesize, true, $ldap_cookie); - } else { - // PHP 7.3 and up, use server controls. - $servercontrols = array(array( - 'oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => array( - 'size' => $this->config->pagesize, 'cookie' => $ldap_cookie))); - } + $servercontrols = array(array( + 'oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => array( + 'size' => $this->config->pagesize, 'cookie' => $ldap_cookie))); } if ($this->config->search_sub) { // Use ldap_search to find first user from subtree. - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - $ldap_result = ldap_search($ldapconnection, $context, $filter, array($this->config->user_attribute)); - } else { - $ldap_result = ldap_search($ldapconnection, $context, $filter, array($this->config->user_attribute), - 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); - } + $ldap_result = ldap_search($ldapconnection, $context, $filter, array($this->config->user_attribute), + 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); } else { // Search only in this context. - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - $ldap_result = ldap_list($ldapconnection, $context, $filter, array($this->config->user_attribute)); - } else { - $ldap_result = ldap_list($ldapconnection, $context, $filter, array($this->config->user_attribute), - 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); - } + $ldap_result = ldap_list($ldapconnection, $context, $filter, array($this->config->user_attribute), + 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); } if(!$ldap_result) { continue; @@ -1604,17 +1559,11 @@ class auth_plugin_ldap extends auth_plugin_base { if ($ldap_pagedresults) { // Get next server cookie to know if we'll need to continue searching. $ldap_cookie = ''; - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - // Before 7.3, use this function that was deprecated in PHP 7.4. - ldap_control_paged_result_response($ldapconnection, $ldap_result, $ldap_cookie); - } else { - // Get next cookie from controls. - ldap_parse_result($ldapconnection, $ldap_result, $errcode, $matcheddn, - $errmsg, $referrals, $controls); - if (isset($controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'])) { - $ldap_cookie = $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie']; - } + // Get next cookie from controls. + ldap_parse_result($ldapconnection, $ldap_result, $errcode, $matcheddn, + $errmsg, $referrals, $controls); + if (isset($controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'])) { + $ldap_cookie = $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie']; } } $users = ldap_get_entries_moodle($ldapconnection, $ldap_result); diff --git a/enrol/ldap/lib.php b/enrol/ldap/lib.php index 5b44a5a7f88..df57f2ae327 100644 --- a/enrol/ldap/lib.php +++ b/enrol/ldap/lib.php @@ -389,40 +389,21 @@ class enrol_ldap_plugin extends enrol_plugin { $flat_records = array(); do { if ($ldap_pagedresults) { - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - // Before 7.3, use this function that was deprecated in PHP 7.4. - ldap_control_paged_result($this->ldapconnection, $this->config->pagesize, true, $ldap_cookie); - } else { - // PHP 7.3 and up, use server controls. - $servercontrols = array(array( - 'oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => array( - 'size' => $this->config->pagesize, 'cookie' => $ldap_cookie))); - } + $servercontrols = array(array( + 'oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => array( + 'size' => $this->config->pagesize, 'cookie' => $ldap_cookie))); } if ($this->config->course_search_sub) { // Use ldap_search to find first user from subtree - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - $ldap_result = @ldap_search($this->ldapconnection, $ldap_context, - $ldap_search_pattern, $ldap_fields_wanted); - } else { - $ldap_result = @ldap_search($this->ldapconnection, $ldap_context, - $ldap_search_pattern, $ldap_fields_wanted, - 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); - } + $ldap_result = @ldap_search($this->ldapconnection, $ldap_context, + $ldap_search_pattern, $ldap_fields_wanted, + 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); } else { // Search only in this context - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - $ldap_result = @ldap_list($this->ldapconnection, $ldap_context, - $ldap_search_pattern, $ldap_fields_wanted); - } else { - $ldap_result = @ldap_list($this->ldapconnection, $ldap_context, - $ldap_search_pattern, $ldap_fields_wanted, - 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); - } + $ldap_result = @ldap_list($this->ldapconnection, $ldap_context, + $ldap_search_pattern, $ldap_fields_wanted, + 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); } if (!$ldap_result) { continue; // Next @@ -431,17 +412,11 @@ class enrol_ldap_plugin extends enrol_plugin { if ($ldap_pagedresults) { // Get next server cookie to know if we'll need to continue searching. $ldap_cookie = ''; - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - // Before 7.3, use this function that was deprecated in PHP 7.4. - ldap_control_paged_result_response($this->ldapconnection, $ldap_result, $ldap_cookie); - } else { - // Get next cookie from controls. - ldap_parse_result($this->ldapconnection, $ldap_result, $errcode, $matcheddn, - $errmsg, $referrals, $controls); - if (isset($controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'])) { - $ldap_cookie = $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie']; - } + // Get next cookie from controls. + ldap_parse_result($this->ldapconnection, $ldap_result, $errcode, $matcheddn, + $errmsg, $referrals, $controls); + if (isset($controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'])) { + $ldap_cookie = $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie']; } } @@ -806,40 +781,21 @@ class enrol_ldap_plugin extends enrol_plugin { $flat_records = array(); do { if ($ldap_pagedresults) { - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - // Before 7.3, use this function that was deprecated in PHP 7.4. - ldap_control_paged_result($this->ldapconnection, $this->config->pagesize, true, $ldap_cookie); - } else { - // PHP 7.3 and up, use server controls. - $servercontrols = array(array( - 'oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => array( - 'size' => $this->config->pagesize, 'cookie' => $ldap_cookie))); - } + $servercontrols = array(array( + 'oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => array( + 'size' => $this->config->pagesize, 'cookie' => $ldap_cookie))); } if ($this->get_config('course_search_sub')) { // Use ldap_search to find first user from subtree - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - $ldap_result = @ldap_search($this->ldapconnection, $context, - $ldap_search_pattern, $ldap_fields_wanted); - } else { - $ldap_result = @ldap_search($this->ldapconnection, $context, - $ldap_search_pattern, $ldap_fields_wanted, - 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); - } + $ldap_result = @ldap_search($this->ldapconnection, $context, + $ldap_search_pattern, $ldap_fields_wanted, + 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); } else { // Search only in this context - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - $ldap_result = @ldap_list($this->ldapconnection, $context, - $ldap_search_pattern, $ldap_fields_wanted); - } else { - $ldap_result = @ldap_list($this->ldapconnection, $context, - $ldap_search_pattern, $ldap_fields_wanted, - 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); - } + $ldap_result = @ldap_list($this->ldapconnection, $context, + $ldap_search_pattern, $ldap_fields_wanted, + 0, -1, -1, LDAP_DEREF_NEVER, $servercontrols); } if (!$ldap_result) { @@ -849,17 +805,11 @@ class enrol_ldap_plugin extends enrol_plugin { if ($ldap_pagedresults) { // Get next server cookie to know if we'll need to continue searching. $ldap_cookie = ''; - // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). - if (version_compare(PHP_VERSION, '7.3.0', '<')) { - // Before 7.3, use this function that was deprecated in PHP 7.4. - ldap_control_paged_result_response($this->ldapconnection, $ldap_result, $ldap_cookie); - } else { - // Get next cookie from controls. - ldap_parse_result($this->ldapconnection, $ldap_result, $errcode, $matcheddn, - $errmsg, $referrals, $controls); - if (isset($controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'])) { - $ldap_cookie = $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie']; - } + // Get next cookie from controls. + ldap_parse_result($this->ldapconnection, $ldap_result, $errcode, $matcheddn, + $errmsg, $referrals, $controls); + if (isset($controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'])) { + $ldap_cookie = $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie']; } } diff --git a/lib/classes/session/manager.php b/lib/classes/session/manager.php index d1a7530652e..eb623cdcfbc 100644 --- a/lib/classes/session/manager.php +++ b/lib/classes/session/manager.php @@ -377,29 +377,23 @@ class manager { // Set configuration. session_name($sessionname); - if (version_compare(PHP_VERSION, '7.3.0', '>=')) { - $sessionoptions = [ - 'lifetime' => 0, - 'path' => $CFG->sessioncookiepath, - 'domain' => $CFG->sessioncookiedomain, - 'secure' => $cookiesecure, - 'httponly' => $CFG->cookiehttponly, - ]; + $sessionoptions = [ + 'lifetime' => 0, + 'path' => $CFG->sessioncookiepath, + 'domain' => $CFG->sessioncookiedomain, + 'secure' => $cookiesecure, + 'httponly' => $CFG->cookiehttponly, + ]; - if (self::should_use_samesite_none()) { - // If $samesite is empty, we don't want there to be any SameSite attribute. - $sessionoptions['samesite'] = 'None'; - } - - session_set_cookie_params($sessionoptions); - } else { - // Once PHP 7.3 becomes our minimum, drop this in favour of the alternative call to session_set_cookie_params above, - // as that does not require a hack to work with same site settings on cookies. - session_set_cookie_params(0, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $cookiesecure, $CFG->cookiehttponly); + if (self::should_use_samesite_none()) { + // If $samesite is empty, we don't want there to be any SameSite attribute. + $sessionoptions['samesite'] = 'None'; } + + session_set_cookie_params($sessionoptions); + ini_set('session.use_trans_sid', '0'); ini_set('session.use_only_cookies', '1'); - ini_set('session.hash_function', '0'); // For now MD5 - we do not have room for sha-1 in sessions table. ini_set('session.use_strict_mode', '0'); // We have custom protection in session init. ini_set('session.serialize_handler', 'php'); // We can move to 'php_serialize' after we require PHP 5.5.4 form Moodle. @@ -559,8 +553,6 @@ class manager { if ($timedout) { $_SESSION['SESSION']->has_timed_out = true; } - - self::append_samesite_cookie_attribute(); } /** @@ -628,7 +620,6 @@ class manager { // Setup $USER object. self::set_user($user); - self::append_samesite_cookie_attribute(); } /** @@ -652,39 +643,6 @@ class manager { return false; } - /** - * Conditionally append the SameSite attribute to the session cookie if necessary. - * - * Contains a hack for versions of PHP lower than 7.3 as there is no API built into PHP cookie API - * for adding the SameSite setting. - * - * This won't change the Set-Cookie headers if: - * - PHP 7.3 or higher is being used. That already adds the SameSite attribute without any hacks. - * - If the samesite setting is empty. - * - If the samesite setting is None but the browser is not compatible with that setting. - */ - private static function append_samesite_cookie_attribute() { - if (version_compare(PHP_VERSION, '7.3.0', '>=')) { - // This hack is only necessary if we weren't able to set the samesite flag via the session_set_cookie_params API. - return; - } - - if (!self::should_use_samesite_none()) { - return; - } - - $cookies = headers_list(); - header_remove('Set-Cookie'); - $setcookiesession = 'Set-Cookie: ' . session_name() . '='; - - foreach ($cookies as $cookie) { - if (strpos($cookie, $setcookiesession) === 0) { - $cookie .= '; SameSite=None'; - } - header($cookie, false); - } - } - /** * Terminate current user session. * @return void @@ -718,7 +676,6 @@ class manager { self::init_empty_session(); self::add_session_record($_SESSION['USER']->id); // Do not use $USER here because it may not be set up yet. self::write_close(); - self::append_samesite_cookie_attribute(); } /**