Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-17807

starrating does not work with default session handler

    XMLWordPrintable

    Details

      Description

      site ini has

      # eZ Publish session handler (class name)
      # When empty uses ezpSessionHandlerPHP, a session handler that lets php remain in control
      # of the session handling (def: files, as defined by session.save_handler in php.ini)
      # To get back old behavior for logged in/anonymous count & session clearing, use ezpSessionHandlerDB
      # and enable ForceStart setting.
      Handler=
      

      This causes, that when ezsrServerFunctions::rate function checks session->hasSessionCookie it return false and rate function exits, because it is treated as spamers' attack.

             // Provide extra session protection on 4.1 (not possible on 4.0) by expecting user
              // to have an existing session (new session = mostlikely a spammer / hacker trying to manipulate rating)
              if ( class_exists( 'eZSession' ) && eZSession::userHasSessionCookie() !== true )
                  return $ret;
      
      Steps to reproduce

      1. new instalation of ezpublish 4.4
      2. try rate anything as anonymous

        Attachments

          Activity

            People

            Assignee:
            unknown unknown
            Reporter:
            vytis Vytautas Germanavičius
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated: