Fixed Bug #71974 Trans sid will always be send, even if cookies are available

2024-09-21 18:07:23 +00:00 · 2016-04-07 10:25:35 +09:00 · 2016-04-07 10:25:35 +09:00 · 6467a4eb36
commit 6467a4eb36
parent b31240f995
3 changed files with 42 additions and 8 deletions
--- a/4
+++ b/4
@ -63,6 +63,10 @@ PHP                                                                        NEWS
  . Fixed bug #71820 (pg_fetch_object binds parameters before call
    constructor). (Anatol)

+- Session:
+  . Fixed bug #71974 (Trans sid will always be send, even if cookies are 
+    available). (Yasuo)
+
 - SPL:
  . Fixed bug #71838 (Deserializing serialized SPLObjectStorage-Object can't
    access properties in PHP). (Nikita)
--- a/ext/session/session.c
+++ b/ext/session/session.c
@ -1483,7 +1483,7 @@ static void ppid2sid(zval *ppid) {
 PHPAPI void php_session_reset_id(void) /* {{{ */
 {
 	int module_number = PS(module_number);
-	zval *sid;
+	zval *sid, *data, *ppid;

 	if (!PS(id)) {
 		php_error_docref(NULL, E_WARNING, "Cannot set session ID - session ID is not initialized");
@ -1523,13 +1523,20 @@ PHPAPI void php_session_reset_id(void) /* {{{ */
 		}
 	}

-	if (APPLY_TRANS_SID) {
-		/* FIXME: Resetting vars are required when
-		   session is stop/start/regenerated. However,
-		   php_url_scanner_reset_vars() resets all vars
-		   including other URL rewrites set by elsewhere. */
-		/* php_url_scanner_reset_vars(); */
-		php_url_scanner_add_var(PS(session_name), strlen(PS(session_name)), ZSTR_VAL(PS(id)), ZSTR_LEN(PS(id)), 1);
+	/* Apply trans sid if sid cookie is not set */
+	if (APPLY_TRANS_SID
+		&& (data = zend_hash_str_find(&EG(symbol_table), "_COOKIE", sizeof("_COOKIE") - 1))) {
+		ZVAL_DEREF(data);
+		if (Z_TYPE_P(data) == IS_ARRAY && (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), strlen(PS(session_name))))) {
+			ZVAL_DEREF(ppid);
+		} else {
+			/* FIXME: Resetting vars are required when
+			   session is stop/start/regenerated. However,
+			   php_url_scanner_reset_vars() resets all vars
+			   including other URL rewrites set by elsewhere. */
+			/* php_url_scanner_reset_vars(); */
+			php_url_scanner_add_var(PS(session_name), strlen(PS(session_name)), ZSTR_VAL(PS(id)), ZSTR_LEN(PS(id)), 1);
+		}
 	}
 }
 /* }}} */
--- a/ext/session/tests/bug71974.phpt
+++ b/ext/session/tests/bug71974.phpt
@ -0,0 +1,23 @@
+--TEST--
+Bug #71974 Trans sid will always be send, even if cookies are available
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--INI--
+session.save_handler=files
+session.auto_start=0
+session.use_cookies=1
+session.use_only_cookies=0
+session.use_trans_sid=1
+session.use_strict_mode=0
+--COOKIE--
+PHPSESSID=1234567890123456789012345678901234567890
+--FILE--
+<?php
+ob_start();
+session_start()
+?>
+<a href="some.php">abc</a>
+--EXPECTF--
+<a href="some.php">abc</a>
+
+