clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-24 03:17:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
26,550 Commits 491 Branches 1,363 Tags 846 MiB
210244b339
Commit Graph

568 Commits

Author SHA1 Message Date
Stanislav Malyshev
cddface7f1 fix TSRM 2003-04-27 16:18:43 +00:00
Stanislav Malyshev
cad71d8c92 MFB 4_3: 
Fix very nasty bug - session cookie kills one of the cookies
set before it on certain non-Apache SAPIs.
# for example, this code:
# <?
# setcookie("abc", 1);
# setcookie("def", 2);
# session_start();
# ?>
# would output only 'def' cookie on CGI and ISAPI
 2003-04-27 16:04:53 +00:00
Sascha Schumann
4226fe67d1 dividend -> divisor 
Submitted by: Jesus M. Castagnetto <jmcastagnetto@yahoo.com>
 2003-04-05 11:22:15 +00:00
Sebastian Bergmann
5ca078779a Eliminate some TSRMLS_FETCH() calls. Tested with Win32 build of SAPI/CGI and SAPI/CLI on Win32. 2003-03-25 08:07:13 +00:00
foobar
3c9155e0cb Renamed OnUpdateInt -> OnUpdateLong to prevent further misunderstandings. 
# Intentionally left out any 'alias' for it, this way 3rd party extension
# maintainers will really NOTICE the change.
 2003-03-07 05:15:28 +00:00
Zeev Suraski
4e55747a2b Add JIT initialization for _SERVER and _ENV 
(it's less important for the others, even though it should be fairly
easy now too)
 2003-03-02 10:19:15 +00:00
Sascha Schumann
6f5b46c118 generally urlencode parameters 2003-02-20 06:18:16 +00:00
Sascha Schumann
4ec77cfbb5 Refactor new-session-id code 2003-02-18 19:29:38 +00:00
Sascha Schumann
2699c26f42 Remember whether to send a cookie, so that we send out the correct 
session id.  Also improve check for active session
 2003-02-18 19:13:49 +00:00
Sascha Schumann
32e0c8161c add session_regenerate_id() 2003-02-18 18:50:44 +00:00
Sascha Schumann
a10f0830e6 support setting the filemode using session.save_path 2003-02-11 00:42:54 +00:00
Sascha Schumann
5e601732a3 use appropiate prefixes in the ps_module structure so we don't clash 
with syscalls
 2003-02-11 00:42:14 +00:00
Ilia Alshanetsky
242a9a47c7 Fix compiler warning. 2003-01-30 22:37:50 +00:00
Sascha Schumann
330740f7cd Remove ugly netware hacks from the code 2003-01-24 23:57:32 +00:00
Ilia Alshanetsky
3d8e54f3a2 Changed php_error to php_error_docref. 2003-01-19 00:45:53 +00:00
Ilia Alshanetsky
72b356c1bc Removed pointless memory allocation checks. 2003-01-18 19:28:10 +00:00
Sascha Schumann
db8b4c6762 Add INI setting session.hash_bits_per_character which enables developers 
to choose how session ids are represented, regardless of the hash algorithm.
 2003-01-16 07:21:49 +00:00
Sascha Schumann
f2f1f94e36 add INI setting session.hash_function 
add support for creating session ids using SHA-1
source more entropy for session ids
 2003-01-12 13:07:14 +00:00
Sascha Schumann
0b8401bf27 handle ERANGE from strtol properly 2003-01-12 13:05:32 +00:00
Zeev Suraski
ada5c4009e Fix UMR 2003-01-08 13:28:16 +00:00
Anantha Kesari H Y
90ba724072 Modified for NetWare. 2003-01-03 14:24:07 +00:00
Sebastian Bergmann
b506f5c8f8 Bump year. 2002-12-31 16:08:15 +00:00
Ilia Alshanetsky
c731daeda7 Fixed bug #21268 (session_decode() returned FALSE on success). 2002-12-29 18:50:55 +00:00
Marcus Boerger
3cf581b1b3 correct code that is guarded by "#if 0" 2002-12-05 20:41:55 +00:00
Marcus Boerger
9a04528061 fix ZTS build 2002-12-05 20:39:43 +00:00
Marcus Boerger
dcfe988820 php_error -> php_error_docref 2002-12-05 20:13:35 +00:00
Ilia Alshanetsky
9497ba9d49 MFH (test failure if session.serialize_handler is not set to php). 2002-11-25 23:20:05 +00:00
Sascha Schumann
a257d758a5 Add an error message to the ini handlers 2002-11-20 17:15:00 +00:00
Sascha Schumann
e9ed065afc add protective checks to ini updates 
Noticed by: Derick Rethans <d.rethans@jdimedia.nl>
PR: #20284
 2002-11-20 16:06:29 +00:00
John Coggeshall
6ac365896c Modified the experimental new test class to make it easier to port to the 
web. Pushed all echo statements through a function that can be
overwritten, changed the way pass/skip/fail is handled (separate function)
that of course can also be overwritten. To begin testing of a web-based
test script also created a webHarness class which will output HTML. To
use, just $a = new webHarness(); instead of $a = new testHarness(); A few
modifications still must be made to remove the CLI reliance completely.

Also modified a test script description.
 2002-11-01 00:22:02 +00:00
Marcus Boerger
62667ee6a6 -Only accept one single message which is expected. 
-Move error related settings to --INI-- section
#Now see we can do it correct
 2002-10-29 14:03:37 +00:00
Marcus Boerger
b9eda54711 This test requires special settings 
#wait/read next commit on run-test.php
 2002-10-27 23:56:08 +00:00
Ilia Alshanetsky
c88e0fd5de Fixed a bug in the test that would cause it to always fail. 2002-10-25 17:52:32 +00:00
Marcus Boerger
86465058a4 one version for php<4.2.3 and one for php>=4.2.3 2002-10-24 18:18:44 +00:00
Sascha Schumann
e60c601bd1 improved warning message 
# this should really link to an external page which explains the issue deeply
 2002-10-24 10:40:48 +00:00
Derick Rethans
bfc3250187 - Hardcode dependent ini setting 2002-10-13 11:14:49 +00:00
Derick Rethans
db89afc45b - Hardcode setting which affects the test 2002-10-12 17:12:43 +00:00
Derick Rethans
4a54968c71 - hardcode default rewriting tags 2002-10-08 18:30:38 +00:00
Sascha Schumann
8ca10fb5e8 Call ob_flush to force the buffer contents to go through the rewriter. 2002-10-07 10:07:27 +00:00
Sascha Schumann
2dde6fb594 Print out warning only, if a variable was actually migrated 2002-10-07 02:37:50 +00:00
Sebastian Bergmann
d7f9e8526f Silence warning. 2002-10-06 21:47:54 +00:00
Ilia Alshanetsky
6b5575a101 Code cleanup. Thanks Andi. 2002-10-06 17:17:38 +00:00
Sascha Schumann
fb84b3e1d0 remove trans_sid=1 2002-10-03 23:13:36 +00:00
Sascha Schumann
5db24fbb7b 20: rewriter uses arg_seperator.output for modifying URLs 
21: rewriter handles <form> and <fieldset> correctly
 2002-10-03 23:12:16 +00:00
Sascha Schumann
47cc29c9d1 19: serializing references test case using globals 
18: rewriter correctly handles attribute names which contain dashes
 2002-10-03 22:54:15 +00:00
Sascha Schumann
eab0f5965f code from ancient bug #5271 
setting $_SESSION before session_start() should not cause segfault
 2002-10-03 16:55:08 +00:00
Sascha Schumann
3998374a0d invalid session.save_path should not cause a segfault 2002-10-03 16:49:52 +00:00
Sascha Schumann
61e47a342e use_trans_sid should not affect SID 2002-10-03 16:43:44 +00:00
Sascha Schumann
8882b28e60 editing 2002-10-03 16:14:55 +00:00
Sascha Schumann
d661fa4b46 A script should not be able to modify session.use_trans_sid 2002-10-03 15:58:10 +00:00
Sascha Schumann
bb4f911035 There should not be any warning with regard to redefining SID 2002-10-03 15:52:36 +00:00
Sascha Schumann
dba3e4c7ad Registering _SESSION should not segfault. 2002-10-03 15:48:18 +00:00
Sascha Schumann
d4e1ac6c26 Mini test cases for fixed segfaults 2002-10-03 15:39:29 +00:00
Sascha Schumann
5fe046c4c3 session_decode should not segfault 2002-10-03 15:33:00 +00:00
Sascha Schumann
e24247e632 Remove ob_start() 2002-10-03 15:19:55 +00:00
Sascha Schumann
16f54aaca8 Add test for unset($_SESSION["x"]); behaviour 2002-10-03 15:19:43 +00:00
Sascha Schumann
c4adf94fbd make tests work with CLI 2002-10-03 15:11:01 +00:00
Sascha Schumann
7e03310a6a Don't emit warning, if there is nothing to send 2002-10-03 15:10:36 +00:00
Sascha Schumann
114c544b9b Purge ini_set calls and replace through INI sections. 2002-10-03 08:07:21 +00:00
Andi Gutmans
b276a96f4b - Fix ZTS build 2002-10-03 07:23:50 +00:00
Sascha Schumann
13f5db1b67 Make the interpretation of gc_probability configurable by adding 
session.gc_dividend. The probability of running gc on each request is then
gc_probability/gc_dividend.
 2002-10-03 06:45:15 +00:00
Sascha Schumann
be319c721a Reenable E_WARNING and test session.bug_compat_warn in addition. 2002-10-03 06:41:25 +00:00
Sascha Schumann
afb1458910 session_destroy resets the sid, so we need to set it again here 2002-10-03 06:33:19 +00:00
Sascha Schumann
356ea7ffbd Verify PHP 4.2 compatibility: global is used albeit register_globals=0 2002-10-03 06:32:45 +00:00
Sascha Schumann
0ed434a13b Use ZEND_SET_SYMBOL_WITH_LENGTH correctly (hopefully) 
It strikes me as awkward that a Zend API user needs to take care of
doing the engine's reference counting.

This fixes a memory overrun in a testcase.  All ZEND_SET_* calls
should be correct now.
 2002-10-03 06:29:58 +00:00
Sascha Schumann
15b23945ad (track_init) Use is_ref/refcount parameters of SET_SYMBOL macros 
(save_current_state) Prevent a possible deadlock which occurs when
the track vars are inaccessible
 2002-10-03 05:53:45 +00:00
Sascha Schumann
d4ef4079de Verify PHP 4.2 compatibility: unset($c) with enabled register_globals 2002-10-03 05:06:01 +00:00
Sascha Schumann
8a586103fc Align behaviour with 4.2 with regard to register_globals=1 
session_register("c");
unset($c);
$c = time();

If a user unsets a global session variable, it is not a reference
to a $_SESSION slot anymore.

During serialization, PHP 4.2 will not find the respective entry in
$_SESSION and fall back to the global sym table.
 2002-10-03 04:53:05 +00:00
Sascha Schumann
b9077e5a9d Nuke PS(vars), we keep the state of registered session variables now 
completely in PS(http_session_vars). This avoids bugs which are caused
by a lack of synchronization between the two hashes. We also don't need
to worry about prioritizing one of them.

Add session.bug_compat_42 and session.bug_compat_warn which are enabled
by default. The logic behind bug_compat_42:

IF bug_compat_42 is on, and
IF register_globals is off, and
IF any value of $_SESSION["key"] is NULL, and
IF there is a global variable $key, then
$_SESSION["key"] is set to $key.

The extension emits this warning once per script, unless told otherwise.

"Your script possibly relies on a session side-effect which existed until
PHP 4.2.3. Please be advised that the session extension does not consider
global variables as a source of data, unless register_globals is enabled.
You can disable this functionality and this warning by setting
session.bug_compat_42 or session.bug_compat_warn.
 2002-10-03 03:23:02 +00:00
Sascha Schumann
4ea4f294b6 Fix harmless memory leaks and simplify track_vars_init. 2002-10-02 21:51:32 +00:00
Sascha Schumann
e1dd35bddb The pread/pwrite macros check for a bug in the Linux glibc now. 
The bug causes the kernel not to return -1/EAGAIN. The new test case
has been borrowed from the Linux Test Project.

This also fixes a bug which apparently caused HAVE_PREAD/WRITE to be
defined even if the more complex checks failed (ac_cv_func_NAME=no
was set albeit with no difference).
 2002-10-02 06:05:16 +00:00
Sascha Schumann
8b78c78973 Disable pread/pwrite for now until we can clarify why it should be 
impossible to write a check for a broken OS feature.
 2002-10-01 19:19:10 +00:00
Sascha Schumann
856cd5e17a The session extension ensures now that get_session_var can rely 
on the state of $_SESSION/$HTTP_SESSION_VARS. It does not look up
symbols in the global symbol table anymore.

This was achieved by actually planting references between every
$_SESSION["x"] and $x, not only when restoring a session, but also
when registering a session variable (in a register_globals=1 context).

Upon registering a new variable, this memory leak continues to show
up, regardless of register_globals.

ext/session/session.c(272) :  Freeing 0x0818F01C (12 bytes), script=test

Obviously, the newly allocated empty zval is not properly freed.  If anyone
has any idea on how to fix that, please step forward.
 2002-10-01 11:59:45 +00:00
Wez Furlong
7bcc97c82e Add header file required for pread/pwrite (on my system at least). 2002-09-30 10:18:57 +00:00
foobar
5346391d16 ws fix 2002-09-29 19:28:12 +00:00
Ilia Alshanetsky
4c4d5a617b Fixed a crash, which would occur when save_handler is invalid. 2002-09-29 18:33:14 +00:00
Ilia Alshanetsky
2af630f87d Fixed bug #17281 2002-09-29 15:55:11 +00:00
Ilia Alshanetsky
1142e16075 Fixed bugs #16995 and #19392 2002-09-29 15:26:50 +00:00
Ilia Alshanetsky
57c91b571e Fixed bug #11643 2002-09-26 18:12:27 +00:00
foobar
6b8480fab6 Fix bug: #14991 (changing session.use_trans_sid does not work in scripts) 2002-09-26 16:46:21 +00:00
Ilia Alshanetsky
7ae2196852 Fixed bugs #18167 & #16859 2002-09-25 13:26:03 +00:00
Sascha Schumann
03c07308d3 Improve error messages 2002-09-25 12:38:45 +00:00
Sascha Schumann
ff12826fc1 (php_get_session_var) Always return FAILURE if no data source was found. 
Noticed by: Sebastian Bergmann
 2002-09-23 14:04:50 +00:00
Sascha Schumann
e20c6c8e9c Because track vars are always initialized, get_session_var failed 
to work in the register_globals=1 case.

It is now possible again to store session variables in global vars.
 2002-09-21 05:46:32 +00:00
Sascha Schumann
702d7afc3c Reenable pwrite/pread support 
The old checks supposed that pread/pwrite worked, if a declaration was
found in <unistd.h>.  We now actually check whether they work successfully
before using them.
 2002-09-06 10:27:26 +00:00
foobar
3bf7519210 @- Added --disable-all configure option. (Jani) 2002-09-04 18:47:28 +00:00
Dan Kalowsky
e5324723d0 sniper claims its safe to take these out as well. 2002-09-04 13:52:41 +00:00
Dan Kalowsky
65df9d5127 taking out the PWRITE calls too 2002-09-04 13:51:08 +00:00
Dan Kalowsky
31fe6a549f This fixes Bug #19022 and #15983 2002-09-04 13:42:59 +00:00
Zeev Suraski
3b646f0e5d Use mtime instead of atime, as we always update the session file anyway. 2002-08-17 20:32:26 +00:00
Zeev Suraski
900651b7ab Make unset($_SESSION['foo']) actually remove the variable from the session, 
if register_globals is off.
 2002-08-15 21:44:44 +00:00
Dan Kalowsky
26986164b4 Correcting some english in the comment... 2002-08-15 19:32:08 +00:00
Yasuo Ohgaki
13a3dd7b77 Forgot to update source default. 2002-08-14 22:31:39 +00:00
foobar
29aae162e0 ws fix 2002-07-03 02:16:46 +00:00
foobar
087f2be56f - Fixed bug: #17977, session build as shared works now with mm handler too. 
- Added listing of save handlers into phpinfo() output
 2002-06-28 02:27:02 +00:00
Sascha Schumann
dcf67c4433 This option enables administrators to make their users invulnerable to 
attacks which involve passing session ids in URLs.
 2002-06-12 08:18:36 +00:00
Markus Fischer
39f16dbc65 - Tell the user why his session doesn't work if he uses custom session_id()s. 2002-05-30 11:41:37 +00:00
Andrei Zmievski
1668570e4d Changing email address. 2002-05-13 17:28:38 +00:00
Sascha Schumann
38ad391894 - Fix the way code was outcommented 
- Remove unused STR_CAT macro
- Remove limits/tests based on unused macro
- Implement cache_limiter(private) using private_no_expire
 2002-05-12 12:51:42 +00:00
Sander Roobol
375d7960a7 Revert Preston's patch 2002-05-09 20:02:47 +00:00