From dfaa3692e01e707fcaa88d626dcdd6006e1ff0e0 Mon Sep 17 00:00:00 2001 From: jekkos Date: Sat, 5 Jul 2014 23:54:50 +0000 Subject: [PATCH] Remove multiple ci_session cookies from headers in sales and recevings Fix nginx compatibility (spurious 502 bad gateway) git-svn-id: svn+ssh://svn.code.sf.net/p/opensourcepos/code/@107 c3eb156b-1dc0-44e1-88ae-e38439141b53 --- application/controllers/receivings.php | 4 +- application/controllers/sales.php | 4 +- application/controllers/secure_area.php | 53 +++++++++++++++++++++++++ 3 files changed, 59 insertions(+), 2 deletions(-) diff --git a/application/controllers/receivings.php b/application/controllers/receivings.php index 7945064d7..0a325e039 100644 --- a/application/controllers/receivings.php +++ b/application/controllers/receivings.php @@ -136,6 +136,7 @@ class Receivings extends Secure_area $this->load->view("receivings/receipt",$data); $this->receiving_lib->clear_all(); + $this->_remove_duplicate_cookies(); } function receipt($receiving_id) @@ -160,7 +161,7 @@ class Receivings extends Secure_area $data['receiving_id']='RECV '.$receiving_id; $this->load->view("receivings/receipt",$data); $this->receiving_lib->clear_all(); - + $this->_remove_duplicate_cookies(); } function _reload($data=array()) @@ -185,6 +186,7 @@ class Receivings extends Secure_area $data['supplier']=$info->first_name.' '.$info->last_name; } $this->load->view("receivings/receiving",$data); + $this->_remove_duplicate_cookies(); } function cancel_receiving() diff --git a/application/controllers/sales.php b/application/controllers/sales.php index 9528b244d..30df2132c 100644 --- a/application/controllers/sales.php +++ b/application/controllers/sales.php @@ -223,6 +223,7 @@ class Sales extends Secure_area } $this->load->view("sales/receipt",$data); $this->sale_lib->clear_all(); + $this->_remove_duplicate_cookies(); } function receipt($sale_id) @@ -250,7 +251,7 @@ class Sales extends Secure_area $data['sale_id']='POS '.$sale_id; $this->load->view("sales/receipt",$data); $this->sale_lib->clear_all(); - + $this->_remove_duplicate_cookies(); } function edit($sale_id) @@ -369,6 +370,7 @@ class Sales extends Secure_area } $data['payments_cover_total'] = $this->_payments_cover_total(); $this->load->view("sales/register",$data); + $this->_remove_duplicate_cookies(); } function cancel_sale() diff --git a/application/controllers/secure_area.php b/application/controllers/secure_area.php index c6daac17c..5dda41ed0 100644 --- a/application/controllers/secure_area.php +++ b/application/controllers/secure_area.php @@ -25,5 +25,58 @@ class Secure_area extends CI_Controller $data['user_info']=$logged_in_employee_info; $this->load->vars($data); } + + function _remove_duplicate_cookies () + { + //php < 5.3 doesn't have header remove so this function will fatal error otherwise + if (function_exists('header_remove')) + { + $CI = &get_instance(); + + // clean up all the cookies that are set... + $headers = headers_list(); + $cookies_to_output = array (); + $header_session_cookie = ''; + $session_cookie_name = $CI->config->item('sess_cookie_name'); + + foreach ($headers as $header) + { + list ($header_type, $data) = explode (':', $header, 2); + $header_type = trim ($header_type); + $data = trim ($data); + + if (strtolower ($header_type) == 'set-cookie') + { + header_remove ('Set-Cookie'); + + $cookie_value = current(explode (';', $data)); + list ($key, $val) = explode ('=', $cookie_value); + $key = trim ($key); + + if ($key == $session_cookie_name) + { + // OVERWRITE IT (yes! do it!) + $header_session_cookie = $data; + continue; + } + else + { + // Not a session related cookie, add it as normal. Might be a CSRF or some other cookie we are setting + $cookies_to_output[] = array ('header_type' => $header_type, 'data' => $data); + } + } + } + + if ( ! empty ($header_session_cookie)) + { + $cookies_to_output[] = array ('header_type' => 'Set-Cookie', 'data' => $header_session_cookie); + } + + foreach ($cookies_to_output as $cookie) + { + header ("{$cookie['header_type']}: {$cookie['data']}", false); + } + } + } } ?> \ No newline at end of file