Dmitry Stogov
|
6c810b0d4c
|
Improved memory usage by movig constants to read only memory. (Dmitry, Pierre)
|
2007-09-27 18:00:48 +00:00 |
|
Ilia Alshanetsky
|
ea6de20d86
|
Fixed Bug #42596 (session.save_path MODE option does not work).
|
2007-09-10 23:42:54 +00:00 |
|
Jani Taskinen
|
de85bf4060
|
MFH: ws + cs changes (sync to ease merging patches around!)
|
2007-08-23 12:23:59 +00:00 |
|
Jani Taskinen
|
19401951c0
|
MFH: sync
|
2007-08-23 11:42:21 +00:00 |
|
Ilia Alshanetsky
|
89c0ba1685
|
Fixed bug #37273 (Symlinks and mod_files session handler allow open_basedir
bypass).
|
2007-08-23 02:04:39 +00:00 |
|
Stanislav Malyshev
|
6b7f164803
|
correct fix for access control for save_path and .htaccess
|
2007-08-03 01:16:40 +00:00 |
|
Ilia Alshanetsky
|
3034092111
|
Fixed bug #42135 (Second call of session_start() causes creation of SID)
|
2007-07-29 14:43:30 +00:00 |
|
Stanislav Malyshev
|
143badba52
|
always check save_path (issue reported by Maksymilian Arciemowicz)
|
2007-07-10 17:40:41 +00:00 |
|
Ilia Alshanetsky
|
e2d606e18b
|
Fixed compiler warning
|
2007-06-17 14:25:46 +00:00 |
|
Stefan Esser
|
df7bfe0a0f
|
MFH
|
2007-06-16 07:48:07 +00:00 |
|
Stanislav Malyshev
|
70a8f9313b
|
Disallow characters that Cookie RFC does not allow in unquoted cookies
|
2007-06-15 22:40:00 +00:00 |
|
Antony Dovgal
|
d042fd0675
|
MFH: php_gmtime_r() fixes
|
2007-06-07 08:59:00 +00:00 |
|
Ilia Alshanetsky
|
c38ad55e8e
|
Fixed bug #41600 (url rewriter tags doesn't work with namespaced tags).
|
2007-06-06 00:00:28 +00:00 |
|
Antony Dovgal
|
ffd09c0961
|
fix tests
|
2007-05-18 11:29:55 +00:00 |
|
Stanislav Malyshev
|
69650d0ebf
|
do not send cookie when session is passed in URL, same as it happens with GET/POST
|
2007-05-16 01:18:14 +00:00 |
|
Antony Dovgal
|
1f65545121
|
fix test names
|
2007-05-07 18:03:01 +00:00 |
|
Antony Dovgal
|
39f9184fa6
|
MFH: fix #40998 (long session array keys are truncated)
|
2007-04-04 19:52:19 +00:00 |
|
Ilia Alshanetsky
|
7aab16c333
|
Fixed MOPB-22-2007:PHP session_regenerate_id() Double Free Vulnerability
# Discovered by Stefan Esser
|
2007-03-14 19:37:07 +00:00 |
|
Martin Kraemer
|
9c62ddde34
|
Typo
|
2007-03-14 09:58:14 +00:00 |
|
Ilia Alshanetsky
|
a500d1efe9
|
Adjust checks to allow paths without a trailing /
|
2007-03-03 15:07:31 +00:00 |
|
Ilia Alshanetsky
|
4735df26f8
|
Improve safe_mode check
|
2007-03-02 00:49:47 +00:00 |
|
Ilia Alshanetsky
|
efad70c2cc
|
snprintf() -> slprintf()
|
2007-02-27 03:28:17 +00:00 |
|
Antony Dovgal
|
c667c70bdb
|
fix typo
|
2007-02-26 17:47:21 +00:00 |
|
Marcus Boerger
|
50ea26760d
|
- Avoid sprintf, even when checked copy'n'paste or changes lead to errors
|
2007-02-24 02:17:47 +00:00 |
|
Stanislav Malyshev
|
3e262bd369
|
disallow negative length
|
2007-02-24 01:18:14 +00:00 |
|
Ilia Alshanetsky
|
c6402df3a7
|
Eliminate strcat() usage.
|
2007-02-19 23:53:00 +00:00 |
|
Ilia Alshanetsky
|
629d7cf43f
|
Fixed Bug #40274 (Sessions fail with numeric root keys).
|
2007-02-06 00:01:18 +00:00 |
|
Dmitry Stogov
|
ae792a06b0
|
Fixed SIGSEGV
|
2007-01-10 07:04:49 +00:00 |
|
Ilia Alshanetsky
|
81729c1ece
|
Prevent SESSION/GLOBALS overload via session decoding
|
2007-01-09 15:31:12 +00:00 |
|
Ilia Alshanetsky
|
d1891c3d8a
|
removed dl() block
|
2007-01-06 17:35:44 +00:00 |
|
Hannes Magnusson
|
630254d55e
|
Fix skipif
|
2007-01-06 16:56:38 +00:00 |
|
Ilia Alshanetsky
|
7ba84b8807
|
Added missing open_basedir checks
|
2007-01-04 23:49:35 +00:00 |
|
Sebastian Bergmann
|
4223aa4d5e
|
MFH: Bump year.
|
2007-01-01 09:36:18 +00:00 |
|
Ilia Alshanetsky
|
ba64553913
|
Added boundary checks to php_binary deserializer
|
2006-12-31 22:25:55 +00:00 |
|
Nuno Lopes
|
66e555c66f
|
die("skip this is for PHP < 4.2.3");
|
2006-12-27 15:22:28 +00:00 |
|
Ilia Alshanetsky
|
ffd41a503f
|
Session deserializer protection.
|
2006-12-26 16:53:47 +00:00 |
|
Antony Dovgal
|
7d2142a56e
|
protect _SESSION, HTTP_SESSION_VARS and GLOBALS
maintain an internal reference of _SESSION, so that it won't be possible to destroy it from userspace
|
2006-12-20 19:31:28 +00:00 |
|
Antony Dovgal
|
bcf457d828
|
MFH: fix retval type
|
2006-12-04 15:58:48 +00:00 |
|
Ilia Alshanetsky
|
35f78f221b
|
Fixed bug #37627 (session save_path check checks the parent directory).
|
2006-12-04 15:19:26 +00:00 |
|
Ilia Alshanetsky
|
5f3e233ea7
|
Disallow \0 chars inside session.save_path
|
2006-12-01 00:27:20 +00:00 |
|
Hannes Magnusson
|
050f94f746
|
MFH: Fix double "wron param count" messages
|
2006-11-03 14:46:48 +00:00 |
|
Ilia Alshanetsky
|
3f71251ffa
|
MFH: Fixed bug #39265 (Fixed path handling inside mod_files.sh).
|
2006-11-03 13:19:07 +00:00 |
|
Ilia Alshanetsky
|
b1d8f7e09d
|
Expose session storage module locater and serialization function via PHPAPI
|
2006-10-06 21:11:36 +00:00 |
|
Ilia Alshanetsky
|
154f70acf1
|
Fixed bug #38993 (Fixed safe_mode/open_basedir checks for
session.save_path, allowing them to account for extra parameters).
|
2006-10-01 20:58:02 +00:00 |
|
Hannes Magnusson
|
6affa7d3e9
|
Fix tests
|
2006-09-18 16:12:13 +00:00 |
|
Antony Dovgal
|
b6ced95187
|
change ini handlers to produce E_ERROR if they are called during startup
|
2006-08-30 16:24:40 +00:00 |
|
Antony Dovgal
|
f8fd45a735
|
MFH: change E_ERROR to E_WARNING when invalid argument has been passed
make sure ini_set() doesn't reset PS(mod) and PS(serializer) to invalid values
|
2006-08-30 15:43:10 +00:00 |
|
Antony Dovgal
|
a6088ffc5a
|
fix test
|
2006-08-11 10:35:22 +00:00 |
|
Ilia Alshanetsky
|
7dfae526c7
|
Fixed proto
|
2006-08-10 21:10:03 +00:00 |
|
Ilia Alshanetsky
|
e5fe441cbd
|
Added support for httpOnly flag for session extension and cookie setting
functions.
# Original patch by Scott MacVicar
|
2006-08-10 13:50:56 +00:00 |
|
Ilia Alshanetsky
|
d58b3869a7
|
Fixed bug #38377 (session_destroy() gives warning after
session_regenerate_id()).
|
2006-08-08 14:54:49 +00:00 |
|
Antony Dovgal
|
0c4ef446e2
|
MFH: fix #38289 (segfault in session_decode() when _SESSION is NULL)
|
2006-08-02 09:16:52 +00:00 |
|
Antony Dovgal
|
52e6ede06e
|
MFH: fix #38278 (session_cache_expire()'s value does not match phpinfo's session.cache_expire)
|
2006-08-01 08:32:07 +00:00 |
|
Ilia Alshanetsky
|
96324fb67f
|
An improved fix for bug #38224
|
2006-07-27 15:33:16 +00:00 |
|
Ilia Alshanetsky
|
bcc8854eaa
|
make C++ compilers happy
|
2006-07-27 14:13:30 +00:00 |
|
Ilia Alshanetsky
|
dcb4b314bf
|
removed debug code
|
2006-07-27 14:05:03 +00:00 |
|
Ilia Alshanetsky
|
e5a1182304
|
Fixed bug #38224 (session extension can't handle broken cookies).
|
2006-07-27 14:00:13 +00:00 |
|
Ilia Alshanetsky
|
1784db8087
|
Fixed compiler warnings.
|
2006-07-13 00:13:19 +00:00 |
|
Michael Wallner
|
33dbaff1ed
|
MFH: add note why replace is 0, so that I don't wonder again in 2 months
why session_regenerate_id() sends the session cookie twice
|
2006-07-12 15:28:44 +00:00 |
|
Dmitry Stogov
|
1dbaae2795
|
Added automatic module globals management
|
2006-06-15 18:33:09 +00:00 |
|
Marcus Boerger
|
aa0172a4da
|
- MFH Fix bug #37510 session_regenerate_id changes session_id() even on failure
|
2006-05-18 22:12:26 +00:00 |
|
Ilia Alshanetsky
|
101d925baa
|
Commit the actual fix
|
2006-04-18 00:31:45 +00:00 |
|
Ilia Alshanetsky
|
3022080d84
|
Fixed bug #36459 (Incorrect adding PHPSESSID to links, which contains \r\n).
|
2006-02-28 14:45:18 +00:00 |
|
Rasmus Lerdorf
|
6cc9f92d16
|
(Missing patch from the PHP 4 tree that got lost in the shuffle)
See: http://cvs.php.net/viewcvs.cgi/php-src/ext/session/session.c?r1=1.336.2.39&r2=1.336.2.40
- fix logic. if the client already sent us the cookie, we don't
need to send it again. if the id has been changed, we need to
update the client side.
|
2006-02-10 07:39:13 +00:00 |
|
Frank M. Kromann
|
80cc4867e3
|
Export symbols that will allow building WDDX as shared object
|
2006-01-28 06:18:01 +00:00 |
|
Ilia Alshanetsky
|
3d80bd0cdf
|
Added a check for special characters in the session name.
|
2006-01-15 16:51:18 +00:00 |
|
foobar
|
5bd93221a8
|
bump year and license version
|
2006-01-01 12:51:34 +00:00 |
|
foobar
|
3e669bc950
|
MFH: nuke php3 legacy
|
2005-12-06 02:28:41 +00:00 |
|
foobar
|
b5017bd725
|
MFH: Improved the fix for #21306 a bit
|
2005-09-23 08:14:13 +00:00 |
|
foobar
|
de6b4c0091
|
MFH: - Fixed bug #21306 (catch bailouts of write handler during RSHUTDOWN)
|
2005-09-20 20:56:54 +00:00 |
|
Stanislav Malyshev
|
bcb70109d2
|
fix crash on restarting static PHP having session modules loaded
|
2005-09-20 14:03:29 +00:00 |
|
foobar
|
9477097564
|
MFH: Nuked EOLs from error messages
|
2005-08-18 13:34:41 +00:00 |
|
foobar
|
23e671a51e
|
- Bumber up year
|
2005-08-03 14:08:58 +00:00 |
|
Dmitry Stogov
|
319cbe1c5a
|
Fixed test file
|
2005-07-05 14:10:31 +00:00 |
|
foobar
|
73dd4043b3
|
Make sure files-save handler is used always
|
2005-07-04 13:09:14 +00:00 |
|
foobar
|
56c1b316da
|
- Added session.hash_bits_per_character support. (3rd param)
(Changes by: waltzer at autumnweave dot com)
|
2005-06-20 13:37:32 +00:00 |
|
foobar
|
fd07bc5e6b
|
nuke duplicate code
|
2005-06-03 22:09:22 +00:00 |
|
Antony Dovgal
|
29319a81b8
|
fix typo
(see details here: http://news.php.net/php.internals/16350)
|
2005-06-01 18:27:50 +00:00 |
|
foobar
|
a20383ba06
|
- Unify the "configure --help" texts
|
2005-05-29 23:17:16 +00:00 |
|
Ilia Alshanetsky
|
c24900dfa4
|
Added an optional remove old session parameter to session_regenerate_id().
|
2005-05-29 16:51:25 +00:00 |
|
foobar
|
26d7b7fbc0
|
CS fix
|
2005-05-23 06:46:25 +00:00 |
|
Antony Dovgal
|
a186549ec0
|
fix compile warning
|
2005-05-22 12:57:26 +00:00 |
|
Rasmus Lerdorf
|
c1ef105535
|
Fixed bug 33072 - safemode/open_basedir check for runtime save_path change
|
2005-05-21 17:37:56 +00:00 |
|
Antony Dovgal
|
8f5ecf6da8
|
fix bug #32944 (Disabling session.use_cookies doesn't prevent reading session cookies)
|
2005-05-20 10:27:49 +00:00 |
|
foobar
|
626253940e
|
- Added PHP_INSTALL_HEADERS() macro
- Fixed several VPATH build issues
- Changed all awk calls to use $AWK
- Changed all mkdir calls to use "$php_shtool mkdir"
|
2005-05-07 02:51:53 +00:00 |
|
foobar
|
a119050ebb
|
These tests require register_long_arrays=1
|
2005-03-31 19:47:19 +00:00 |
|
Antony Dovgal
|
76e07faf87
|
fix leak when register_long_arrays is off
|
2005-03-24 00:17:16 +00:00 |
|
foobar
|
3ca8ad73a4
|
- Missing $Id$ tags
|
2005-02-13 17:54:04 +00:00 |
|
foobar
|
7281cd8082
|
MFB_4_3: cvs diff -r1.84.2.5 -r1.84.2.6 php_session.h
|
2005-02-13 07:55:27 +00:00 |
|
Antony Dovgal
|
5b78e4c025
|
hm..
fix #28324 _properly_
|
2005-02-10 20:22:07 +00:00 |
|
Antony Dovgal
|
94982058b6
|
fix bug #28324 (HTTP_SESSION_VARS appear when register_long_arrays is Off)
|
2005-02-10 19:38:11 +00:00 |
|
Stefan Esser
|
581265f4d1
|
Correctly initialize ZVAL
|
2005-01-21 16:03:47 +00:00 |
|
foobar
|
64e40c2271
|
- Make sure FD_CLOEXEC is always defined.
|
2005-01-18 15:44:33 +00:00 |
|
Antony Dovgal
|
37d3ea836e
|
add skipif section
|
2005-01-09 18:22:12 +00:00 |
|
Antony Dovgal
|
68d73f8cf9
|
add test for bug #31454
|
2005-01-09 18:15:49 +00:00 |
|
Antony Dovgal
|
d7072f8a9d
|
efree(name)
|
2005-01-09 17:49:51 +00:00 |
|
Antony Dovgal
|
c644b2a5a1
|
fix bug #31454 (session_set_save_handler crashes PHP when supplied non-existent object ref)
|
2005-01-09 17:42:02 +00:00 |
|
Antony Dovgal
|
ad76be844b
|
CS changes (as suggested by Ilia)
|
2004-12-09 17:15:52 +00:00 |
|
Antony Dovgal
|
e76824c91f
|
fix segfault in session_module_name() when session.save_handler is empty
|
2004-12-09 14:14:21 +00:00 |
|
Dmitry Stogov
|
a22fa4d109
|
Fixed crash in phpinfo() after graceful Apache restart.
|
2004-12-07 18:02:25 +00:00 |
|