Yasuo Ohgaki
82b0e8be99
Strict session. Detect session id collision
2013-08-04 16:36:53 -07:00
Yasuo Ohgaki
25e8fcc88f
Strict session
2013-08-04 16:36:45 -07:00
Stanislav Malyshev
748b37654d
complete zts fix
2013-01-29 12:12:34 -08:00
Xinchen Hui
a666285bc2
Happy New Year
2013-01-01 16:37:09 +08:00
Felipe Pena
8775a37559
- Year++
2012-01-01 13:15:04 +00:00
Felipe Pena
a99f146ec4
- Fixed memory leak when calling SessionHandler::open() several times
2011-09-14 01:45:57 +00:00
Rasmus Lerdorf
22b689a3f9
Add php_ignore_value() macro to suppress unused return value warnings
...
from gcc. There are times when we really don't care about the return
value and this will cleanly tell gcc.
2011-05-16 16:58:02 +00:00
Felipe Pena
0203cc3d44
- Year++
2011-01-01 02:17:06 +00:00
Kalle Sommer Nielsen
dd8e59da8f
Removed safe_mode
...
* Removed ini options, safe_mode*
* Removed --enable-safe-mode --with-exec-dir configure options on Unix
* Updated extensions, SAPI's and core
* php_get_current_user() is now declared in main.c, thrus no need to include safe_mode.h anymore
2010-04-26 23:53:30 +00:00
Sebastian Bergmann
9ba1e81665
sed -i "s#1997-2009#1997-2010#g" **/*.c **/*.h **/*.php
2010-01-03 09:23:27 +00:00
Rasmus Lerdorf
e9b1ab57a4
Along with the valid char set, also add a length check to the
...
session id here to avoid a lower-level error on the open()
later on in case we exceed MAX_PATH. The lower level open()
error includes the session dir path in it, so this is a very
low-priority security fix. People should not be running
production systems with display_errors turned on.
2009-12-26 23:38:25 +00:00
Guenter Knauf
824692fab8
removed now obsolete NetWare hack since I fixed this
...
with Novell some longer time ago in their SDK header.
2009-11-03 21:21:34 +00:00
Jani Taskinen
9ece649f7c
MFH: ws + sync
2009-05-18 16:10:09 +00:00
Hannes Magnusson
b8bc0f24b3
MFH: Fix segfault on invalid session.save_path
2009-04-06 11:48:49 +00:00
Sebastian Bergmann
08659c2dcd
MFH: Bump copyright year, 3 of 3.
2008-12-31 11:15:49 +00:00
Alexey Zakhlestin
c9fab63584
remove special treatment of /tmp path
2008-08-31 14:49:58 +00:00
Sebastian Bergmann
d1dded8751
MFH: Bump copyright year, 2 of 2.
2007-12-31 07:17:19 +00:00
Ilia Alshanetsky
ea6de20d86
Fixed Bug #42596 (session.save_path MODE option does not work).
2007-09-10 23:42:54 +00:00
Jani Taskinen
de85bf4060
MFH: ws + cs changes (sync to ease merging patches around!)
2007-08-23 12:23:59 +00:00
Ilia Alshanetsky
89c0ba1685
Fixed bug #37273 (Symlinks and mod_files session handler allow open_basedir
...
bypass).
2007-08-23 02:04:39 +00:00
Stanislav Malyshev
6b7f164803
correct fix for access control for save_path and .htaccess
2007-08-03 01:16:40 +00:00
Stanislav Malyshev
143badba52
always check save_path (issue reported by Maksymilian Arciemowicz)
2007-07-10 17:40:41 +00:00
Ilia Alshanetsky
a500d1efe9
Adjust checks to allow paths without a trailing /
2007-03-03 15:07:31 +00:00
Ilia Alshanetsky
7ba84b8807
Added missing open_basedir checks
2007-01-04 23:49:35 +00:00
Sebastian Bergmann
4223aa4d5e
MFH: Bump year.
2007-01-01 09:36:18 +00:00
Ilia Alshanetsky
d58b3869a7
Fixed bug #38377 (session_destroy() gives warning after
...
session_regenerate_id()).
2006-08-08 14:54:49 +00:00
Ilia Alshanetsky
96324fb67f
An improved fix for bug #38224
2006-07-27 15:33:16 +00:00
Ilia Alshanetsky
101d925baa
Commit the actual fix
2006-04-18 00:31:45 +00:00
foobar
5bd93221a8
bump year and license version
2006-01-01 12:51:34 +00:00
foobar
9477097564
MFH: Nuked EOLs from error messages
2005-08-18 13:34:41 +00:00
foobar
23e671a51e
- Bumber up year
2005-08-03 14:08:58 +00:00
foobar
64e40c2271
- Make sure FD_CLOEXEC is always defined.
2005-01-18 15:44:33 +00:00
Anantha Kesari H Y
47e4f575c2
modified to 3rd argument of fcntl to FD_CLOEXEC
2004-10-04 08:52:53 +00:00
Anantha Kesari H Y
ccbeace1ff
handled NetWare F_SETFD and stat differences
2004-09-30 14:23:51 +00:00
Sascha Schumann
26cb5355e0
don't read empty files
...
0 malloc noticed by Antony Dovgal <tony2001@phpclub.net>
2004-08-02 08:27:24 +00:00
Wez Furlong
32be6f268b
Fix for Bug #26757 : session.save_path defaults to bogus value on win32
...
Merge from branch with one main difference: the default save_path is
set to the empty string on all platforms, whereas the code in the
branch only does so for win32.
2004-03-29 21:44:07 +00:00
Andi Gutmans
dbeb4158d2
- A belated happy holidays and PHP 5
2004-01-08 08:18:22 +00:00
foobar
72de75c99a
This is only needed for Windows.
2003-09-25 14:53:41 +00:00
Ilia Alshanetsky
569bd005d2
Fixed bug #25070 (Don't forget to unlock session files on win32 before
...
closing them).
Regions should be locked only briefly and should be unlocked before
closing a file or exiting the program. On Win32 locked files that are
closed without being explicitly unlocked will be unlocked only when "system
resources become avaliable".
2003-09-24 23:39:14 +00:00
James Cox
f68c7ff249
updating license information in the headers.
2003-06-10 20:04:29 +00:00
Sascha Schumann
a10f0830e6
support setting the filemode using session.save_path
2003-02-11 00:42:54 +00:00
Sascha Schumann
330740f7cd
Remove ugly netware hacks from the code
2003-01-24 23:57:32 +00:00
Sascha Schumann
db8b4c6762
Add INI setting session.hash_bits_per_character which enables developers
...
to choose how session ids are represented, regardless of the hash algorithm.
2003-01-16 07:21:49 +00:00
Sascha Schumann
0b8401bf27
handle ERANGE from strtol properly
2003-01-12 13:05:32 +00:00
Anantha Kesari H Y
90ba724072
Modified for NetWare.
2003-01-03 14:24:07 +00:00
Sebastian Bergmann
b506f5c8f8
Bump year.
2002-12-31 16:08:15 +00:00
Marcus Boerger
dcfe988820
php_error -> php_error_docref
2002-12-05 20:13:35 +00:00
Sascha Schumann
e1dd35bddb
The pread/pwrite macros check for a bug in the Linux glibc now.
...
The bug causes the kernel not to return -1/EAGAIN. The new test case
has been borrowed from the Linux Test Project.
This also fixes a bug which apparently caused HAVE_PREAD/WRITE to be
defined even if the more complex checks failed (ac_cv_func_NAME=no
was set albeit with no difference).
2002-10-02 06:05:16 +00:00
Sascha Schumann
8b78c78973
Disable pread/pwrite for now until we can clarify why it should be
...
impossible to write a check for a broken OS feature.
2002-10-01 19:19:10 +00:00
Wez Furlong
7bcc97c82e
Add header file required for pread/pwrite (on my system at least).
2002-09-30 10:18:57 +00:00