session_register("c");
unset($c);
$c = time();
If a user unsets a global session variable, it is not a reference
to a $_SESSION slot anymore.
During serialization, PHP 4.2 will not find the respective entry in
$_SESSION and fall back to the global sym table.
completely in PS(http_session_vars). This avoids bugs which are caused
by a lack of synchronization between the two hashes. We also don't need
to worry about prioritizing one of them.
Add session.bug_compat_42 and session.bug_compat_warn which are enabled
by default. The logic behind bug_compat_42:
IF bug_compat_42 is on, and
IF register_globals is off, and
IF any value of $_SESSION["key"] is NULL, and
IF there is a global variable $key, then
$_SESSION["key"] is set to $key.
The extension emits this warning once per script, unless told otherwise.
"Your script possibly relies on a session side-effect which existed until
PHP 4.2.3. Please be advised that the session extension does not consider
global variables as a source of data, unless register_globals is enabled.
You can disable this functionality and this warning by setting
session.bug_compat_42 or session.bug_compat_warn.
The bug causes the kernel not to return -1/EAGAIN. The new test case
has been borrowed from the Linux Test Project.
This also fixes a bug which apparently caused HAVE_PREAD/WRITE to be
defined even if the more complex checks failed (ac_cv_func_NAME=no
was set albeit with no difference).
on the state of $_SESSION/$HTTP_SESSION_VARS. It does not look up
symbols in the global symbol table anymore.
This was achieved by actually planting references between every
$_SESSION["x"] and $x, not only when restoring a session, but also
when registering a session variable (in a register_globals=1 context).
Upon registering a new variable, this memory leak continues to show
up, regardless of register_globals.
ext/session/session.c(272) : Freeing 0x0818F01C (12 bytes), script=test
Obviously, the newly allocated empty zval is not properly freed. If anyone
has any idea on how to fix that, please step forward.
The old checks supposed that pread/pwrite worked, if a declaration was
found in <unistd.h>. We now actually check whether they work successfully
before using them.
Default directory for session data (if not specified) is same (platform-specific) directory used for temporary files.
This is backwards compatible and removes the need for explicitly specifying the session.save_path on Win32.
are simply appended instead of traversing the hash table on each
URL/form.
also fix an unconditional segfault in rshutdown due to efree'ing
a static char *.
remove remove_var, add reset_vars. move the function declarations
into the right header file.
@ and remove variables from the URL-Rewriter. (thies)
i have also modified the session module to use this - so it doesn't
need to fiddle with the output-system any more
the fd.
Also rip out the broken O_EXCL use. Our file names are not unique and
this left a small window open where creating a session file would fail
(a, b notice that the file does not exist; a creates the file successfully;
b tries to create, but fails due to O_EXCL).
of the session ID string. Default PS_MOD() macro sets this to be the default
creation routine. PS_MOD_SID() macro sets this to a handlers session ID
creation routine.
was contained in get/post variables" (which I still am not convinced
of completely), we need a separate variable which determines whether
to define SID in the event that a cookie was not sent.
Noticed by: Matt Allen
I don't have time right now to leave in the good ones and remove
only the bad ones.
There are some semantical changes which I reject, because
they aim at fixing a bug which is at a completely other location.
Then SID does not gefined anymore properly. (This broken patch
has not been sent to me at all.)
Also, there were *so* many whitespace changes which already
make these commits bogus.
(DO NOT document this function yet)
Fixed crash bug with ob_end_*() function. ob_end_*() will not delete
buffers that may not be deleted.
php_start_ob_buffer() and php_ob_set_internal_handler() takes parameter for
if the buffer created may be deleted or not.
Added 3rd parameter "bool erase" to ob_start(). If FALSE, buffer may not be
deleted until script finshes.
Changed ob_*() function that have void return type to bool. All ob_*()
functions return TRUE for success, FALSE for failure.
@ - Added ob_get_status() to get array of buffers and it's status. (Yasuo)
@ - Fixed crash bug with ob_end_*() function. ob_end_*() will not delete
@ buffers that may not be deleted. (Yasuo)
@ - Added 3rd parameter "bool erase" to ob_start(). If FALSE, buffer may not be
@ deleted until script finshes. (Yasuo)
@ - Changed ob_*() function that have void return type to bool. All ob_*()
@ functions return TRUE for success, FALSE for failure. (Yasuo)
@ to off. (Thies)
guys, shoot me if i'm wrong, but when we have set register_globals to off we
should _not_ touch any global variables at any time, right? so all session
register/unregister should only work on $HTTP_SESSION_VARS and $_SESSION. this
patch fixes at least one spot where we were touching globals even with
register_globals set to off.