View Issue Details

IDProjectCategoryView StatusLast Update
0006978OXID eShop (all versions)4.07. Source code, Testpublic2019-05-06 11:15
ReporterBeckerEnterprises 
PrioritylowSeveritytweakReproducibilityunable to reproduce
Status acknowledgedResolutionopen 
Product Version6.1.3 
Target VersionFixed in Version 
Summary0006978: system requirements test of ini_set is not the correct way to do it and therefore might be result in a wrong result
DescriptionSetting the session name with ini_set will return false when the session is already established.
Also it is not the correct way to check if setting ini values is allowed or not, you can get access info on specified ini values with ini_get_all.

Here is an example of \OxidEsales\EshopCommunity\Core\SystemRequirements::checkIniSet which will check if changing session.name is allowed (replaced plain integer values with constants):

public function checkIniSet()
{
    $session_config = ini_get_all('session');

    if($session_config['session.name']['access'] & INI_USER)
        return static::MODULE_STATUS_OK;
    else
        return static::MODULE_STATUS_BLOCKS_SETUP;
}
Steps To ReproduceMaybe older PHP Versions might return a positive false result depending on their latest patch date.
Reproducible on Debian 8.11 with Plesk 17.8.11 and PHP 7.1 (7.1.27-debian.8.190311.0956).
TagsSystemRequirements ini_set
ThemeNot defined
BrowserNot defined
PHP Version7.1
MySQL VersionNot defined

Activities

QA

2019-05-06 11:14

administrator   ~0012882

Last edited: 2019-05-06 11:15

View 3 revisions

Hello and thanks for your report. Unfortunately I'm unable to reproduce the issue you mention. Even if the session is established before, setting the session name with ini_set returns true. Since this is the case, I set the priority to low, but acknowledged your report, because your provided solution is truly a good - maybe a better - alternative way to test the ini_set will work properly.

[sp]