Ilia Alshanetsky
efad70c2cc
snprintf() -> slprintf()
2007-02-27 03:28:17 +00:00
Antony Dovgal
c667c70bdb
fix typo
2007-02-26 17:47:21 +00:00
Marcus Boerger
50ea26760d
- Avoid sprintf, even when checked copy'n'paste or changes lead to errors
2007-02-24 02:17:47 +00:00
Stanislav Malyshev
3e262bd369
disallow negative length
2007-02-24 01:18:14 +00:00
Ilia Alshanetsky
c6402df3a7
Eliminate strcat() usage.
2007-02-19 23:53:00 +00:00
Ilia Alshanetsky
629d7cf43f
Fixed Bug #40274 (Sessions fail with numeric root keys).
2007-02-06 00:01:18 +00:00
Dmitry Stogov
ae792a06b0
Fixed SIGSEGV
2007-01-10 07:04:49 +00:00
Ilia Alshanetsky
81729c1ece
Prevent SESSION/GLOBALS overload via session decoding
2007-01-09 15:31:12 +00:00
Ilia Alshanetsky
d1891c3d8a
removed dl() block
2007-01-06 17:35:44 +00:00
Hannes Magnusson
630254d55e
Fix skipif
2007-01-06 16:56:38 +00:00
Ilia Alshanetsky
7ba84b8807
Added missing open_basedir checks
2007-01-04 23:49:35 +00:00
Sebastian Bergmann
4223aa4d5e
MFH: Bump year.
2007-01-01 09:36:18 +00:00
Ilia Alshanetsky
ba64553913
Added boundary checks to php_binary deserializer
2006-12-31 22:25:55 +00:00
Nuno Lopes
66e555c66f
die("skip this is for PHP < 4.2.3");
2006-12-27 15:22:28 +00:00
Ilia Alshanetsky
ffd41a503f
Session deserializer protection.
2006-12-26 16:53:47 +00:00
Antony Dovgal
7d2142a56e
protect _SESSION, HTTP_SESSION_VARS and GLOBALS
...
maintain an internal reference of _SESSION, so that it won't be possible to destroy it from userspace
2006-12-20 19:31:28 +00:00
Antony Dovgal
bcf457d828
MFH: fix retval type
2006-12-04 15:58:48 +00:00
Ilia Alshanetsky
35f78f221b
Fixed bug #37627 (session save_path check checks the parent directory).
2006-12-04 15:19:26 +00:00
Ilia Alshanetsky
5f3e233ea7
Disallow \0 chars inside session.save_path
2006-12-01 00:27:20 +00:00
Hannes Magnusson
050f94f746
MFH: Fix double "wron param count" messages
2006-11-03 14:46:48 +00:00
Ilia Alshanetsky
3f71251ffa
MFH: Fixed bug #39265 (Fixed path handling inside mod_files.sh).
2006-11-03 13:19:07 +00:00
Ilia Alshanetsky
b1d8f7e09d
Expose session storage module locater and serialization function via PHPAPI
2006-10-06 21:11:36 +00:00
Ilia Alshanetsky
154f70acf1
Fixed bug #38993 (Fixed safe_mode/open_basedir checks for
...
session.save_path, allowing them to account for extra parameters).
2006-10-01 20:58:02 +00:00
Hannes Magnusson
6affa7d3e9
Fix tests
2006-09-18 16:12:13 +00:00
Antony Dovgal
b6ced95187
change ini handlers to produce E_ERROR if they are called during startup
2006-08-30 16:24:40 +00:00
Antony Dovgal
f8fd45a735
MFH: change E_ERROR to E_WARNING when invalid argument has been passed
...
make sure ini_set() doesn't reset PS(mod) and PS(serializer) to invalid values
2006-08-30 15:43:10 +00:00
Antony Dovgal
a6088ffc5a
fix test
2006-08-11 10:35:22 +00:00
Ilia Alshanetsky
7dfae526c7
Fixed proto
2006-08-10 21:10:03 +00:00
Ilia Alshanetsky
e5fe441cbd
Added support for httpOnly flag for session extension and cookie setting
...
functions.
# Original patch by Scott MacVicar
2006-08-10 13:50:56 +00:00
Ilia Alshanetsky
d58b3869a7
Fixed bug #38377 (session_destroy() gives warning after
...
session_regenerate_id()).
2006-08-08 14:54:49 +00:00
Antony Dovgal
0c4ef446e2
MFH: fix #38289 (segfault in session_decode() when _SESSION is NULL)
2006-08-02 09:16:52 +00:00
Antony Dovgal
52e6ede06e
MFH: fix #38278 (session_cache_expire()'s value does not match phpinfo's session.cache_expire)
2006-08-01 08:32:07 +00:00
Ilia Alshanetsky
96324fb67f
An improved fix for bug #38224
2006-07-27 15:33:16 +00:00
Ilia Alshanetsky
bcc8854eaa
make C++ compilers happy
2006-07-27 14:13:30 +00:00
Ilia Alshanetsky
dcb4b314bf
removed debug code
2006-07-27 14:05:03 +00:00
Ilia Alshanetsky
e5a1182304
Fixed bug #38224 (session extension can't handle broken cookies).
2006-07-27 14:00:13 +00:00
Ilia Alshanetsky
1784db8087
Fixed compiler warnings.
2006-07-13 00:13:19 +00:00
Michael Wallner
33dbaff1ed
MFH: add note why replace is 0, so that I don't wonder again in 2 months
...
why session_regenerate_id() sends the session cookie twice
2006-07-12 15:28:44 +00:00
Dmitry Stogov
1dbaae2795
Added automatic module globals management
2006-06-15 18:33:09 +00:00
Marcus Boerger
aa0172a4da
- MFH Fix bug #37510 session_regenerate_id changes session_id() even on failure
2006-05-18 22:12:26 +00:00
Ilia Alshanetsky
101d925baa
Commit the actual fix
2006-04-18 00:31:45 +00:00
Ilia Alshanetsky
3022080d84
Fixed bug #36459 (Incorrect adding PHPSESSID to links, which contains \r\n).
2006-02-28 14:45:18 +00:00
Rasmus Lerdorf
6cc9f92d16
(Missing patch from the PHP 4 tree that got lost in the shuffle)
...
See: http://cvs.php.net/viewcvs.cgi/php-src/ext/session/session.c?r1=1.336.2.39&r2=1.336.2.40
- fix logic. if the client already sent us the cookie, we don't
need to send it again. if the id has been changed, we need to
update the client side.
2006-02-10 07:39:13 +00:00
Frank M. Kromann
80cc4867e3
Export symbols that will allow building WDDX as shared object
2006-01-28 06:18:01 +00:00
Ilia Alshanetsky
3d80bd0cdf
Added a check for special characters in the session name.
2006-01-15 16:51:18 +00:00
foobar
5bd93221a8
bump year and license version
2006-01-01 12:51:34 +00:00
foobar
3e669bc950
MFH: nuke php3 legacy
2005-12-06 02:28:41 +00:00
foobar
b5017bd725
MFH: Improved the fix for #21306 a bit
2005-09-23 08:14:13 +00:00
foobar
de6b4c0091
MFH: - Fixed bug #21306 (catch bailouts of write handler during RSHUTDOWN)
2005-09-20 20:56:54 +00:00
Stanislav Malyshev
bcb70109d2
fix crash on restarting static PHP having session modules loaded
2005-09-20 14:03:29 +00:00
foobar
9477097564
MFH: Nuked EOLs from error messages
2005-08-18 13:34:41 +00:00
foobar
23e671a51e
- Bumber up year
2005-08-03 14:08:58 +00:00
Dmitry Stogov
319cbe1c5a
Fixed test file
2005-07-05 14:10:31 +00:00
foobar
73dd4043b3
Make sure files-save handler is used always
2005-07-04 13:09:14 +00:00
foobar
56c1b316da
- Added session.hash_bits_per_character support. (3rd param)
...
(Changes by: waltzer at autumnweave dot com)
2005-06-20 13:37:32 +00:00
foobar
fd07bc5e6b
nuke duplicate code
2005-06-03 22:09:22 +00:00
Antony Dovgal
29319a81b8
fix typo
...
(see details here: http://news.php.net/php.internals/16350 )
2005-06-01 18:27:50 +00:00
foobar
a20383ba06
- Unify the "configure --help" texts
2005-05-29 23:17:16 +00:00
Ilia Alshanetsky
c24900dfa4
Added an optional remove old session parameter to session_regenerate_id().
2005-05-29 16:51:25 +00:00
foobar
26d7b7fbc0
CS fix
2005-05-23 06:46:25 +00:00
Antony Dovgal
a186549ec0
fix compile warning
2005-05-22 12:57:26 +00:00
Rasmus Lerdorf
c1ef105535
Fixed bug 33072 - safemode/open_basedir check for runtime save_path change
2005-05-21 17:37:56 +00:00
Antony Dovgal
8f5ecf6da8
fix bug #32944 (Disabling session.use_cookies doesn't prevent reading session cookies)
2005-05-20 10:27:49 +00:00
foobar
626253940e
- Added PHP_INSTALL_HEADERS() macro
...
- Fixed several VPATH build issues
- Changed all awk calls to use $AWK
- Changed all mkdir calls to use "$php_shtool mkdir"
2005-05-07 02:51:53 +00:00
foobar
a119050ebb
These tests require register_long_arrays=1
2005-03-31 19:47:19 +00:00
Antony Dovgal
76e07faf87
fix leak when register_long_arrays is off
2005-03-24 00:17:16 +00:00
foobar
3ca8ad73a4
- Missing $Id$ tags
2005-02-13 17:54:04 +00:00
foobar
7281cd8082
MFB_4_3: cvs diff -r1.84.2.5 -r1.84.2.6 php_session.h
2005-02-13 07:55:27 +00:00
Antony Dovgal
5b78e4c025
hm..
...
fix #28324 _properly_
2005-02-10 20:22:07 +00:00
Antony Dovgal
94982058b6
fix bug #28324 (HTTP_SESSION_VARS appear when register_long_arrays is Off)
2005-02-10 19:38:11 +00:00
Stefan Esser
581265f4d1
Correctly initialize ZVAL
2005-01-21 16:03:47 +00:00
foobar
64e40c2271
- Make sure FD_CLOEXEC is always defined.
2005-01-18 15:44:33 +00:00
Antony Dovgal
37d3ea836e
add skipif section
2005-01-09 18:22:12 +00:00
Antony Dovgal
68d73f8cf9
add test for bug #31454
2005-01-09 18:15:49 +00:00
Antony Dovgal
d7072f8a9d
efree(name)
2005-01-09 17:49:51 +00:00
Antony Dovgal
c644b2a5a1
fix bug #31454 (session_set_save_handler crashes PHP when supplied non-existent object ref)
2005-01-09 17:42:02 +00:00
Antony Dovgal
ad76be844b
CS changes (as suggested by Ilia)
2004-12-09 17:15:52 +00:00
Antony Dovgal
e76824c91f
fix segfault in session_module_name() when session.save_handler is empty
2004-12-09 14:14:21 +00:00
Dmitry Stogov
a22fa4d109
Fixed crash in phpinfo() after graceful Apache restart.
2004-12-07 18:02:25 +00:00
Joe Orton
2685ca935f
Update extensions to use /path/to/$PHP_LIBDIR rather than /path/to/lib
...
to support multi-ABI platforms.
2004-11-03 14:32:52 +00:00
Andi Gutmans
11bcaedfc8
- Rename delete_global_variable() to zend_delete_global_variable()
2004-10-04 20:17:06 +00:00
Andi Gutmans
db507dd153
- Commit the variable fetch optimization.
...
- Extensions which delete global variables need to use new special function
- delete_global_variable() (I'm about to rename it) to remove them.
- Will post to internals@ or via commit messages if there's anything else.
2004-10-04 19:54:35 +00:00
Anantha Kesari H Y
47e4f575c2
modified to 3rd argument of fcntl to FD_CLOEXEC
2004-10-04 08:52:53 +00:00
Anantha Kesari H Y
142e92bb70
NetWare specific stat structure access incorporated
2004-09-30 14:31:30 +00:00
Anantha Kesari H Y
ccbeace1ff
handled NetWare F_SETFD and stat differences
2004-09-30 14:23:51 +00:00
Antony Dovgal
0ea23249da
fix error message
2004-09-30 14:20:02 +00:00
Antony Dovgal
fcd702efe4
fix segfault when using unknown/unsupported save_handler and/or serialize_handler (bug #30282 )
2004-09-30 12:19:59 +00:00
Ilia Alshanetsky
6784176b9c
Fixed compiler warnings.
2004-09-14 23:57:53 +00:00
Ilia Alshanetsky
197d65770a
Fixed bug #29925 (Added a check to prevent illegal characters in session
...
key).
2004-09-02 02:44:04 +00:00
Sascha Schumann
5890197024
fix empty_string issue
...
Patch submitted by Antony Dovgal <tony2001@phpclub.net>
2004-08-02 08:27:46 +00:00
Sascha Schumann
26cb5355e0
don't read empty files
...
0 malloc noticed by Antony Dovgal <tony2001@phpclub.net>
2004-08-02 08:27:24 +00:00
Andi Gutmans
56f8195fe5
- Nuke empty_string. It is a reminanent from the time where RETURN_FALSE()
...
used to return "" and not bool(false). It's not worth keeping it because
STR_FREE() and zval_dtor() always have to check for it and it slows down
the general case. In addition, it seems that empty_string has been abused
quite a lot, and was used not only for setting zval's but generally in
PHP code instead of "", which wasn't the intention. Last but not least,
nuking empty_string should improve stability as I doubt every place
correctly checked if they are not mistakenly erealloc()'ing it or
calling efree() on it.
NOTE: Some code is probably broken. Each extension maintainer should
check and see that my changes are OK. Also, I haven't had time to touch
PECL yet. Will try and do it tomorrow.
2004-07-19 07:19:50 +00:00
Andi Gutmans
e5cfb1d05c
- Better stability during premature shutdown of request startup
2004-07-10 07:46:17 +00:00
Ilia Alshanetsky
690ca62dd3
Do not use alloca() where it can be abused through user input.
2004-06-30 01:12:06 +00:00
Ilia Alshanetsky
df71910d0e
Better skip condition check for session tests.
2004-05-27 20:53:26 +00:00
Marcus Boerger
29cfd6d24f
- Remove unused blocks
2004-05-19 08:56:50 +00:00
Ilia Alshanetsky
f7f966f96f
Skip session tests if session.save_path is not writable.
2004-05-13 12:53:47 +00:00
Sara Golemon
96132bf4fe
if statement logic would never eval to false.
2004-05-08 05:58:18 +00:00
Ilia Alshanetsky
dda0dd4825
Fixed test failure if session.use_trans_sid is enabled.
2004-04-15 13:37:50 +00:00
Ilia Alshanetsky
793140873b
Another setting leak in session code (bug #27963 ).
2004-04-13 18:18:22 +00:00