Originally Posted by
ppruett
We are pretty sure that this issue is arising when the session data is encrypted.
Before the 'for' statement there is no check to ensure that $start_cart is a valid number. strpos() will return something equal to false if the string isn't found. If the session information is fubar then it may be causing an infinite loop.
True, and there are some other factors involved too.
Try changing this:
Code:
if ($length = strlen($session_data)) {
if (PHP_VERSION < 4) {
$start_id = strpos($session_data, 'customer_id[==]s');
$start_cart = strpos($session_data, 'cart[==]o');
$start_currency = strpos($session_data, 'currency[==]s');
$start_country = strpos($session_data, 'customer_country_id[==]s');
$start_zone = strpos($session_data, 'customer_zone_id[==]s');
} else {
$start_id = strpos($session_data, 'customer_id|s');
$start_cart = strpos($session_data, 'cart|O');
$start_currency = strpos($session_data, 'currency|s');
$start_country = strpos($session_data, 'customer_country_id|s');
$start_zone = strpos($session_data, 'customer_zone_id|s');
}
for ($i=$start_cart; $i<$length; $i++) {
if ($session_data[$i] == '{') {
if (isset($tag)) {
$tag++;
} else {
$tag = 1;
}
} elseif ($session_data[$i] == '}') {
$tag--;
} elseif ( (isset($tag)) && ($tag < 1) ) {
break;
}
}
$session_data_id = substr($session_data, $start_id, (strpos($session_data, ';', $start_id) - $start_id + 1));
// fix nnobo bug
$session_data_cart = substr($session_data, $start_cart, $i - $start_cart);
$session_data_currency = substr($session_data, $start_currency, (strpos($session_data, ';', $start_currency) - $start_currency + 1));
$session_data_country = substr($session_data, $start_country, (strpos($session_data, ';', $start_country) - $start_country + 1));
$session_data_zone = substr($session_data, $start_zone, (strpos($session_data, ';', $start_zone) - $start_zone + 1));
session_decode($session_data_id);
session_decode($session_data_currency);
session_decode($session_data_country);
session_decode($session_data_zone);
session_decode($session_data_cart);
if (PHP_VERSION < 4) {
$broken_cart = $cart;
$cart = new shoppingCart;
$cart->unserialize($broken_cart);
}
to this:
Code:
if (strpos($session_data, 'cart|O') == 0) $session_data = base64_decode($session_data);
if (strpos($session_data, 'cart|O') == 0) $session_data = '';
$suhosinExtension = extension_loaded('suhosin');
$suhosinSetting = strtoupper(@ini_get('suhosin.session.encrypt'));
$hardenedStatus = ($suhosinExtension == TRUE || $suhosinSetting == 'On' || $suhosinSetting == 1) ? TRUE : FALSE;
if ($session_data != '' && $hardenedStatus == TRUE) $session_data = '';
if ($length = strlen($session_data)) {
$start_id = (int)strpos($session_data, 'customer_id|s');
$start_currency = (int)strpos($session_data, 'currency|s');
$start_country = (int)strpos($session_data, 'customer_country_id|s');
$start_zone = (int)strpos($session_data, 'customer_zone_id|s');
$start_cart = (int)strpos($session_data, 'cart|O');
$end_cart = (int)strpos($session_data, '|', $start_cart+6);
$end_cart = (int)strrpos(substr($session_data, 0, $end_cart), ';}');
$session_data_id = substr($session_data, $start_id, (strpos($session_data, ';', $start_id) - $start_id + 1));
$session_data_cart = substr($session_data, $start_cart, ($end_cart - $start_cart+2));
$session_data_currency = substr($session_data, $start_currency, (strpos($session_data, ';', $start_currency) - $start_currency + 1));
$session_data_country = substr($session_data, $start_country, (strpos($session_data, ';', $start_country) - $start_country + 1));
$session_data_zone = substr($session_data, $start_zone, (strpos($session_data, ';', $start_zone) - $start_zone + 1));
session_decode($session_data_id);
session_decode($session_data_currency);
session_decode($session_data_country);
session_decode($session_data_zone);
session_decode($session_data_cart);
This will at least attempt to work without errors in the case of encoding or encryption, plus fixes the 'for' loop problem, and more.
Bookmarks