Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-17807

starrating does not work with default session handler

    XMLWordPrintable

Details

    Description

      site ini has 

      # eZ Publish session handler (class name)
# When empty uses ezpSessionHandlerPHP, a session handler that lets php remain in control
# of the session handling (def: files, as defined by session.save_handler in php.ini)
# To get back old behavior for logged in/anonymous count & session clearing, use ezpSessionHandlerDB
# and enable ForceStart setting.
Handler=

      This causes, that when ezsrServerFunctions::rate function checks session->hasSessionCookie it return false and rate function exits, because it is treated as spamers' attack.

             // Provide extra session protection on 4.1 (not possible on 4.0) by expecting user
        // to have an existing session (new session = mostlikely a spammer / hacker trying to manipulate rating)
        if ( class_exists( 'eZSession' ) && eZSession::userHasSessionCookie() !== true )
            return $ret;
      Steps to reproduce

      1. new instalation of ezpublish 4.4
      2. try rate anything as anonymous

      Attachments

        Activity

          People

            unknown unknown
            vytis vytis
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated: