Update clean_user_php_sessions to handle valid session.save_path options
Needs Review
The clean_user_php_sessions script which deletes expired PHP session files gets the session save path from the session.save_path INI option. According to the manual here:
https://www.php.net/manual/en/session.configuration.php#ini.session.save-path
The save_path can take the forms /path, or N;/path, or N;MODE;/path. The clean_user_php_sessions script assumes it is the first case only. It should be updated to check for the semicolons and, if present in the save_path, use the value after the last semicolon as the actual path.
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
Here's the fix that I'm using:
sub clean_sessions ( $path, $regex, $maxlife = undef ) { # session.save_path could be commented out, in which case we will let PHP handle garbage collection. # outpostmm changes - start # removed the check to make sure $path is a directory that exists return 0 if !defined $path; # outpostmm changes - end $maxlife = $Cpanel::ProgLang::Supported::php::Ini::SESSION_MAXLIFETIME if !defined $maxlife; # get_basic_directives can return values with leading/trailing whitespace. s/^\s+|\s+$//g for ( $path, $maxlife ); $maxlife = $Cpanel::ProgLang::Supported::php::Ini::SESSION_MAXLIFETIME if $maxlife !~ /^\d+$/; # outpostmm changes - start # We need to split the path on semicolons and use the last element as the path # Move the directory validation down here my @chunks = split(';', $path); $path = $chunks[scalar(@chunks) - 1]; return 0 if !-d $path; # outpostmm changes - end my $time = time; opendir( my $dh, $path ) or die "Could not open directory $path: $!"; while ( my $file = readdir $dh ) { next if $file !~ m/$regex/i; my $ctime = ( stat("$path/$file") )[10]; unlink "$path/$file" if $time - $ctime > $maxlife; } return 1; }Here's the fix that I'm using:
sub clean_sessions ( $path, $regex, $maxlife = undef ) { # session.save_path could be commented out, in which case we will let PHP handle garbage collection. # outpostmm changes - start # removed the check to make sure $path is a directory that exists return 0 if !defined $path; # outpostmm changes - end $maxlife = $Cpanel::ProgLang::Supported::php::Ini::SESSION_MAXLIFETIME if !defined $maxlife; # get_basic_directives can return values with leading/trailing whitespace. s/^\s+|\s+$//g for ( $path, $maxlife ); $maxlife = $Cpanel::ProgLang::Supported::php::Ini::SESSION_MAXLIFETIME if $maxlife !~ /^\d+$/; # outpostmm changes - start # We need to split the path on semicolons and use the last element as the path # Move the directory validation down here my @chunks = split(';', $path); $path = $chunks[scalar(@chunks) - 1]; return 0 if !-d $path; # outpostmm changes - end my $time = time; opendir( my $dh, $path ) or die "Could not open directory $path: $!"; while ( my $file = readdir $dh ) { next if $file !~ m/$regex/i; my $ctime = ( stat("$path/$file") )[10]; unlink "$path/$file" if $time - $ctime > $maxlife; } return 1; }Replies have been locked on this page!