Note: You should not be using ZVAL_DELREF() in day to day usage. Instead,
you should use zval_ptr_dtor(). Use ZVAL_DELREF() only if you're
messing with the refcount directly and know what you're doing.
Note #2: For clarity, if you want to initialize a new zval with a refcount
of 0, it's best to do that directly, instead of using ZVAL_DELREF
after allocating the zval...
of expressing references (e.g. WDDX) and deserializing a session variable
whose name conflicted with an existing symbol in the global scope.
PR: #25307
Submitted by: Jani Taskinen
Speling fixes: me
Fix very nasty bug - session cookie kills one of the cookies
set before it on certain non-Apache SAPIs.
# for example, this code:
# <?
# setcookie("abc", 1);
# setcookie("def", 2);
# session_start();
# ?>
# would output only 'def' cookie on CGI and ISAPI
It strikes me as awkward that a Zend API user needs to take care of
doing the engine's reference counting.
This fixes a memory overrun in a testcase. All ZEND_SET_* calls
should be correct now.
session_register("c");
unset($c);
$c = time();
If a user unsets a global session variable, it is not a reference
to a $_SESSION slot anymore.
During serialization, PHP 4.2 will not find the respective entry in
$_SESSION and fall back to the global sym table.
completely in PS(http_session_vars). This avoids bugs which are caused
by a lack of synchronization between the two hashes. We also don't need
to worry about prioritizing one of them.
Add session.bug_compat_42 and session.bug_compat_warn which are enabled
by default. The logic behind bug_compat_42:
IF bug_compat_42 is on, and
IF register_globals is off, and
IF any value of $_SESSION["key"] is NULL, and
IF there is a global variable $key, then
$_SESSION["key"] is set to $key.
The extension emits this warning once per script, unless told otherwise.
"Your script possibly relies on a session side-effect which existed until
PHP 4.2.3. Please be advised that the session extension does not consider
global variables as a source of data, unless register_globals is enabled.
You can disable this functionality and this warning by setting
session.bug_compat_42 or session.bug_compat_warn.
on the state of $_SESSION/$HTTP_SESSION_VARS. It does not look up
symbols in the global symbol table anymore.
This was achieved by actually planting references between every
$_SESSION["x"] and $x, not only when restoring a session, but also
when registering a session variable (in a register_globals=1 context).
Upon registering a new variable, this memory leak continues to show
up, regardless of register_globals.
ext/session/session.c(272) : Freeing 0x0818F01C (12 bytes), script=test
Obviously, the newly allocated empty zval is not properly freed. If anyone
has any idea on how to fix that, please step forward.
Default directory for session data (if not specified) is same (platform-specific) directory used for temporary files.
This is backwards compatible and removes the need for explicitly specifying the session.save_path on Win32.
are simply appended instead of traversing the hash table on each
URL/form.
also fix an unconditional segfault in rshutdown due to efree'ing
a static char *.
remove remove_var, add reset_vars. move the function declarations
into the right header file.
@ and remove variables from the URL-Rewriter. (thies)
i have also modified the session module to use this - so it doesn't
need to fiddle with the output-system any more
of the session ID string. Default PS_MOD() macro sets this to be the default
creation routine. PS_MOD_SID() macro sets this to a handlers session ID
creation routine.
was contained in get/post variables" (which I still am not convinced
of completely), we need a separate variable which determines whether
to define SID in the event that a cookie was not sent.
Noticed by: Matt Allen
I don't have time right now to leave in the good ones and remove
only the bad ones.
There are some semantical changes which I reject, because
they aim at fixing a bug which is at a completely other location.
Then SID does not gefined anymore properly. (This broken patch
has not been sent to me at all.)
Also, there were *so* many whitespace changes which already
make these commits bogus.
(DO NOT document this function yet)
Fixed crash bug with ob_end_*() function. ob_end_*() will not delete
buffers that may not be deleted.
php_start_ob_buffer() and php_ob_set_internal_handler() takes parameter for
if the buffer created may be deleted or not.
Added 3rd parameter "bool erase" to ob_start(). If FALSE, buffer may not be
deleted until script finshes.
Changed ob_*() function that have void return type to bool. All ob_*()
functions return TRUE for success, FALSE for failure.
@ - Added ob_get_status() to get array of buffers and it's status. (Yasuo)
@ - Fixed crash bug with ob_end_*() function. ob_end_*() will not delete
@ buffers that may not be deleted. (Yasuo)
@ - Added 3rd parameter "bool erase" to ob_start(). If FALSE, buffer may not be
@ deleted until script finshes. (Yasuo)
@ - Changed ob_*() function that have void return type to bool. All ob_*()
@ functions return TRUE for success, FALSE for failure. (Yasuo)
@ to off. (Thies)
guys, shoot me if i'm wrong, but when we have set register_globals to off we
should _not_ touch any global variables at any time, right? so all session
register/unregister should only work on $HTTP_SESSION_VARS and $_SESSION. this
patch fixes at least one spot where we were touching globals even with
register_globals set to off.
would be shared among the threads which is quite pointless. Also
use a function of the current time as one factor.
Use gettimeofday() instead of time(), because it is faster on some
operating systems.
Advantages:
- Would work with the output buffering mechanism in general, and with
output compression in particular
- Should yield better performance (untested as of yet)
take any args. In some cases we probably want to skip the check for
performance reasons, but in other cases where performance is unlikely
to be a factor, not throwing a warning on the wrong number of args passed
to a function is at best inconsistent, and at worst it could hide a bug.
So, add a few such checks. There are still lots of cases out there.
