clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-29 22:06:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
74,350 Commits 494 Branches 1,367 Tags 790 MiB
82b0e8be99
Commit Graph

130 Commits

Author SHA1 Message Date
Yasuo Ohgaki
82b0e8be99 Strict session. Detect session id collision 2013-08-04 16:36:53 -07:00
Yasuo Ohgaki
25e8fcc88f Strict session 2013-08-04 16:36:45 -07:00
Stanislav Malyshev
748b37654d complete zts fix 2013-01-29 12:12:34 -08:00
Xinchen Hui
a666285bc2 Happy New Year 2013-01-01 16:37:09 +08:00
Felipe Pena
8775a37559 - Year++ 2012-01-01 13:15:04 +00:00
Felipe Pena
a99f146ec4 - Fixed memory leak when calling SessionHandler::open() several times 2011-09-14 01:45:57 +00:00
Rasmus Lerdorf
22b689a3f9 Add php_ignore_value() macro to suppress unused return value warnings 
from gcc. There are times when we really don't care about the return
value and this will cleanly tell gcc.
 2011-05-16 16:58:02 +00:00
Felipe Pena
0203cc3d44 - Year++ 2011-01-01 02:17:06 +00:00
Kalle Sommer Nielsen
dd8e59da8f Removed safe_mode 
* Removed ini options, safe_mode*
 * Removed --enable-safe-mode --with-exec-dir configure options on Unix
 * Updated extensions, SAPI's and core
 * php_get_current_user() is now declared in main.c, thrus no need to include safe_mode.h anymore
 2010-04-26 23:53:30 +00:00
Sebastian Bergmann
9ba1e81665 sed -i "s#1997-2009#1997-2010#g" **/*.c **/*.h **/*.php 2010-01-03 09:23:27 +00:00
Rasmus Lerdorf
e9b1ab57a4 Along with the valid char set, also add a length check to the 
session id here to avoid a lower-level error on the open() 
later on in case we exceed MAX_PATH.  The lower level open()
error includes the session dir path in it, so this is a very
low-priority security fix.  People should not be running
production systems with display_errors turned on.
 2009-12-26 23:38:25 +00:00
Guenter Knauf
824692fab8 removed now obsolete NetWare hack since I fixed this 
with Novell some longer time ago in their SDK header.
 2009-11-03 21:21:34 +00:00
Jani Taskinen
9ece649f7c MFH: ws + sync 2009-05-18 16:10:09 +00:00
Hannes Magnusson
b8bc0f24b3 MFH: Fix segfault on invalid session.save_path 2009-04-06 11:48:49 +00:00
Sebastian Bergmann
08659c2dcd MFH: Bump copyright year, 3 of 3. 2008-12-31 11:15:49 +00:00
Alexey Zakhlestin
c9fab63584 remove special treatment of /tmp path 2008-08-31 14:49:58 +00:00
Sebastian Bergmann
d1dded8751 MFH: Bump copyright year, 2 of 2. 2007-12-31 07:17:19 +00:00
Ilia Alshanetsky
ea6de20d86 Fixed Bug #42596 (session.save_path MODE option does not work). 2007-09-10 23:42:54 +00:00
Jani Taskinen
de85bf4060 MFH: ws + cs changes (sync to ease merging patches around!) 2007-08-23 12:23:59 +00:00
Ilia Alshanetsky
89c0ba1685 Fixed bug #37273 (Symlinks and mod_files session handler allow open_basedir 
bypass).
 2007-08-23 02:04:39 +00:00
Stanislav Malyshev
6b7f164803 correct fix for access control for save_path and .htaccess 2007-08-03 01:16:40 +00:00
Stanislav Malyshev
143badba52 always check save_path (issue reported by Maksymilian Arciemowicz) 2007-07-10 17:40:41 +00:00
Ilia Alshanetsky
a500d1efe9 Adjust checks to allow paths without a trailing / 2007-03-03 15:07:31 +00:00
Ilia Alshanetsky
7ba84b8807 Added missing open_basedir checks 2007-01-04 23:49:35 +00:00
Sebastian Bergmann
4223aa4d5e MFH: Bump year. 2007-01-01 09:36:18 +00:00
Ilia Alshanetsky
d58b3869a7 Fixed bug #38377 (session_destroy() gives warning after 
session_regenerate_id()).
 2006-08-08 14:54:49 +00:00
Ilia Alshanetsky
96324fb67f An improved fix for bug #38224 2006-07-27 15:33:16 +00:00
Ilia Alshanetsky
101d925baa Commit the actual fix 2006-04-18 00:31:45 +00:00
foobar
5bd93221a8 bump year and license version 2006-01-01 12:51:34 +00:00
foobar
9477097564 MFH: Nuked EOLs from error messages 2005-08-18 13:34:41 +00:00
foobar
23e671a51e - Bumber up year 2005-08-03 14:08:58 +00:00
foobar
64e40c2271 - Make sure FD_CLOEXEC is always defined. 2005-01-18 15:44:33 +00:00
Anantha Kesari H Y
47e4f575c2 modified to 3rd argument of fcntl to FD_CLOEXEC 2004-10-04 08:52:53 +00:00
Anantha Kesari H Y
ccbeace1ff handled NetWare F_SETFD and stat differences 2004-09-30 14:23:51 +00:00
Sascha Schumann
26cb5355e0 don't read empty files 
0 malloc noticed by Antony Dovgal <tony2001@phpclub.net>
 2004-08-02 08:27:24 +00:00
Wez Furlong
32be6f268b Fix for Bug #26757: session.save_path defaults to bogus value on win32 
Merge from branch with one main difference: the default save_path is
set to the empty string on all platforms, whereas the code in the
branch only does so for win32.
 2004-03-29 21:44:07 +00:00
Andi Gutmans
dbeb4158d2 - A belated happy holidays and PHP 5 2004-01-08 08:18:22 +00:00
foobar
72de75c99a This is only needed for Windows. 2003-09-25 14:53:41 +00:00
Ilia Alshanetsky
569bd005d2 Fixed bug #25070 (Don't forget to unlock session files on win32 before 
closing them).

Regions should be locked only briefly and should be unlocked before
closing a file or exiting the program. On Win32 locked files that are
closed without being explicitly unlocked will be unlocked only when "system
resources become avaliable".
 2003-09-24 23:39:14 +00:00
James Cox
f68c7ff249 updating license information in the headers. 2003-06-10 20:04:29 +00:00
Sascha Schumann
a10f0830e6 support setting the filemode using session.save_path 2003-02-11 00:42:54 +00:00
Sascha Schumann
330740f7cd Remove ugly netware hacks from the code 2003-01-24 23:57:32 +00:00
Sascha Schumann
db8b4c6762 Add INI setting session.hash_bits_per_character which enables developers 
to choose how session ids are represented, regardless of the hash algorithm.
 2003-01-16 07:21:49 +00:00
Sascha Schumann
0b8401bf27 handle ERANGE from strtol properly 2003-01-12 13:05:32 +00:00
Anantha Kesari H Y
90ba724072 Modified for NetWare. 2003-01-03 14:24:07 +00:00
Sebastian Bergmann
b506f5c8f8 Bump year. 2002-12-31 16:08:15 +00:00
Marcus Boerger
dcfe988820 php_error -> php_error_docref 2002-12-05 20:13:35 +00:00
Sascha Schumann
e1dd35bddb The pread/pwrite macros check for a bug in the Linux glibc now. 
The bug causes the kernel not to return -1/EAGAIN. The new test case
has been borrowed from the Linux Test Project.

This also fixes a bug which apparently caused HAVE_PREAD/WRITE to be
defined even if the more complex checks failed (ac_cv_func_NAME=no
was set albeit with no difference).
 2002-10-02 06:05:16 +00:00
Sascha Schumann
8b78c78973 Disable pread/pwrite for now until we can clarify why it should be 
impossible to write a check for a broken OS feature.
 2002-10-01 19:19:10 +00:00
Wez Furlong
7bcc97c82e Add header file required for pread/pwrite (on my system at least). 2002-09-30 10:18:57 +00:00