clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-10-03 07:46:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
44,553 Commits 494 Branches 1,367 Tags 810 MiB
8e82469db1
Commit Graph

743 Commits

Author SHA1 Message Date
Jani Taskinen
197b51e796 MFB: -r1.100.2.3.2.5 2007-08-23 13:09:27 +00:00
Jani Taskinen
af83e1cad2 missing ) 2007-08-23 11:38:56 +00:00
Jani Taskinen
5735862a92 MFB (since Ilia is too lazy..): Fix bug #42135 2007-08-05 13:10:32 +00:00
Stanislav Malyshev
d4cc7daba2 MF5: fix for access control with .htaccess 2007-08-03 01:40:05 +00:00
Stanislav Malyshev
5d0a261394 always check save_path (issue reported by Maksymilian Arciemowicz) 2007-07-10 17:52:32 +00:00
Ilia Alshanetsky
eb72fc8968 MFB: Fixed compiler warning 2007-06-17 14:26:16 +00:00
Stefan Esser
fde56bd858 Fix attribute injection security bug correctly by URL encoding session 
name and session value. (in future maybe encode path/domain, too)

Remove backward compatibility breaking blacklist of characters.
 2007-06-16 07:47:46 +00:00
Stanislav Malyshev
e4e1f60125 MF5: Disallow characters that Cookie RFC does not allow in unquoted cookies 2007-06-15 22:42:43 +00:00
Antony Dovgal
976a22df16 php_gmtime_r() fixes 2007-06-07 08:58:38 +00:00
Ilia Alshanetsky
886cb0c783 MFB: Fixed bug #41600 (url rewriter tags doesn't work with namespaced tags). 2007-06-06 00:01:13 +00:00
Stanislav Malyshev
a66fbe2d5e do not send cookie when session is passed in URL, same as it happens with GET/POST 2007-05-16 01:32:28 +00:00
Antony Dovgal
8d9be0338b fix test names 2007-05-07 16:50:40 +00:00
Antony Dovgal
a8fe87efd3 fix build when ext/hash is compiled as shared module 2007-05-02 10:30:24 +00:00
Antony Dovgal
2c72351711 fix #40998 (long session array keys are truncated) 2007-04-04 19:46:42 +00:00
Antony Dovgal
03a3291262 MFB 2007-03-19 08:24:17 +00:00
Martin Kraemer
e46b1b3747 Typo 2007-03-14 09:49:58 +00:00
Marcus Boerger
20a40063c5 - avoid sprintf 2007-02-24 16:25:58 +00:00
Hannes Magnusson
71a68db63e MFB: fix skipif 2007-01-06 16:57:42 +00:00
Sara Golemon
851a151712 Don't bother with conversion when the converter is already UTF8 2007-01-05 17:29:30 +00:00
Sebastian Bergmann
4e8661438d Fix ZTS issues. 2007-01-05 14:53:30 +00:00
Sara Golemon
5d988bb1aa Allow ext/session to use ext/hash's algorithms for generating IDs 2007-01-05 03:57:57 +00:00
Sara Golemon
344cda1666 Unicode Updates 2007-01-05 02:07:59 +00:00
Ilia Alshanetsky
b21b4c01c3 MFB: Added missing open_basedir checks 2007-01-04 23:50:19 +00:00
Sara Golemon
21bac192e9 Cleanup ext/session so that I can do a unicode update without going insane. 2007-01-04 22:04:38 +00:00
Sebastian Bergmann
3717df72ae Bump year. 2007-01-01 09:29:37 +00:00
Ilia Alshanetsky
15f1692572 MFB: Added boundary checks to php_binary deserializer 2006-12-31 22:26:06 +00:00
Antony Dovgal
9e41e0fda3 fix tests 2006-12-27 19:22:29 +00:00
Ilia Alshanetsky
4386719b07 MFB: Session deserializer protection. 2006-12-26 17:18:28 +00:00
Antony Dovgal
abac61eec7 remove register_globals remains 
maintain an internal reference of _SESSION, so that it won't be possible to destroy it from userspace
 2006-12-20 19:20:59 +00:00
Antony Dovgal
576797c7c1 fix retval type 
it should be int, not zend_bool
 2006-12-04 15:58:35 +00:00
Ilia Alshanetsky
fcaf113b33 MFB: Disallow \0 chars inside session.save_path 2006-12-01 00:27:33 +00:00
Ilia Alshanetsky
b0f8e77d17 Fixed bug #39265 (Fixed path handling inside mod_files.sh) 
# Patch by michal dot taborsky at gmail dot com
 2006-11-03 13:18:19 +00:00
Hannes Magnusson
176b72284c Error message clean up 
(patch by Matt W (php_lists -AT- realpain.com))
 2006-10-08 13:34:24 +00:00
Hannes Magnusson
e531458f89 Remove double "wrong param count" warnings 2006-10-07 22:55:18 +00:00
Ilia Alshanetsky
8786640da8 MFB: Expose session storage module locater and serialization function via 
PHPAPI
 2006-10-06 21:11:57 +00:00
Ilia Alshanetsky
30885c8d99 MFB: Fixed bug #38993 (Fixed safe_mode/open_basedir checks for 
session.save_path, allowing them to account for extra parameters).
 2006-10-01 21:00:00 +00:00
Dmitry Stogov
128548a5c0 Disabled autoconversion of hash keys (from string to unicode) for PHP arrays 2006-09-19 10:38:31 +00:00
Antony Dovgal
103d999dd1 fix typo 2006-08-30 17:57:25 +00:00
Antony Dovgal
1fcfbd873d change ini handlers to produce E_ERROR if they are called during startup or per request 2006-08-30 16:24:31 +00:00
Antony Dovgal
5b79892659 change E_ERROR to E_WARNING when invalid argument has been passed 
make sure ini_set() doesn't reset PS(mod) and PS(serializer) to invalid values
 2006-08-30 15:42:40 +00:00
Antony Dovgal
d3bb8d11f9 fix test 2006-08-11 10:36:07 +00:00
Ilia Alshanetsky
9a07b46e00 MFB: fix proto 2006-08-10 21:11:00 +00:00
Ilia Alshanetsky
b97c393f87 MFB: Added support for httpOnly flag for session extension and cookie 
setting functions.
 2006-08-10 13:56:54 +00:00
Ilia Alshanetsky
936ebdbe1f MFB: Fixed bug #38377 (session_destroy() gives warning after 
session_regenerate_id()).
 2006-08-08 14:57:33 +00:00
Antony Dovgal
9b63740847 fix #38289 (segfault in session_decode() when _SESSION is NULL) 2006-08-02 09:15:13 +00:00
Antony Dovgal
873b6d87c6 fix #38278 (session_cache_expire()'s value does not match phpinfo's session.cache_expire) 2006-08-01 08:31:37 +00:00
Ilia Alshanetsky
a081be13fc MFB: An improved fix for bug #38224 2006-07-27 15:36:43 +00:00
Ilia Alshanetsky
3e00d90ff0 MFB: make C++ compilers happy 2006-07-27 14:13:53 +00:00
Ilia Alshanetsky
a3656ec923 Removed debug code 2006-07-27 14:05:38 +00:00
Ilia Alshanetsky
acbb531a12 MFB: Fixed bug #38224 (session extension can't handle broken cookies). 2006-07-27 14:00:27 +00:00
Ilia Alshanetsky
896c0e0690 MFB: Fixed compiler warnings. 2006-07-13 00:13:42 +00:00
Michael Wallner
1d6027adbd - add note why replace is 0, so that I don't wonder again in 2 months 
why session_regenerate_id() sends the session cookie twice
 2006-07-12 15:28:18 +00:00
Dmitry Stogov
943960c324 Added automatic module globals management 2006-06-13 13:12:20 +00:00
Michael Wallner
231ad17475 - explicit usage of TS macros 
# this could have been raised a lot earlier
 2006-06-03 11:19:44 +00:00
Michael Wallner
4ce0141713 - new output control code 
# scan README.NEW-OUTPUT-API to get a grasp
# tree has been tagged with BEFORE_NEW_OUTPUT_API
#
# TODO:
#  - improve existing output handlers
#  - move zlib.output_compression cruft from SAPI.c to zlib.c
#  - output_encoding handling was ambigious, resp. is undefined yet
#  - more tests
 2006-06-02 19:51:43 +00:00
Marcus Boerger
a4471f70f0 - Fix bug #37510 session_regenerate_id changes session_id() even on failure 2006-05-18 22:07:31 +00:00
Ilia Alshanetsky
333787ff7f MFB51: Fixed Bug #36872 (session_destroy() fails after call to 
session_regenerate_id(true)).
 2006-04-17 23:29:46 +00:00
foobar
672266c735 - Cleanup 2006-04-10 15:06:51 +00:00
Dmitry Stogov
c4d2bc4c46 Fixed test 2006-03-27 14:08:10 +00:00
Dmitry Stogov
22055cb8fd Dropped register_long_arrays, added E_CORE for all dropped setting 2006-03-16 09:44:42 +00:00
Pierre Joye
303bfea78f - remove register_globals support (aka "Kill the f***ing thing" :) 2006-03-07 00:20:54 +00:00
Ilia Alshanetsky
1a3bb9f4bd MFB51: Fixed bug #36459 (Incorrect adding PHPSESSID to links, which 
contains \r\n).
 2006-02-28 14:45:52 +00:00
Dmitry Stogov
36002f16c3 Fixed test file 2006-02-22 12:22:07 +00:00
Dmitry Stogov
0f1209ab3d Portable unicode string API: 
- use the same type (int) for zval.value.usr.len and zval.value.str.len
  - use union "zstr" as char*/UChar* mixture instead of void*
  - Z_UNISTR() and Z_UNILEN() no longer check for Z_TYPE()
  - nuke int32_t from ZE (not finisned)
 2006-02-21 20:12:43 +00:00
Andi Gutmans
e94e25e621 Start nuking safe_mode. Still a lot of work to do... 2006-02-19 00:55:22 +00:00
Dmitry Stogov
09ca61c125 Made server wide switch for unicode on/off (according to PDM). 2006-02-13 10:23:59 +00:00
Rasmus Lerdorf
a5883cc89c (Missing patch from the PHP 4 tree that got lost in the shuffle) 
See: http://cvs.php.net/viewcvs.cgi/php-src/ext/session/session.c?r1=1.336.2.39&r2=1.336.2.40
- fix logic. if the client already sent us the cookie, we don't
  need to send it again.  if the id has been changed, we need to
  update the client side.
 2006-02-10 07:41:59 +00:00
Frank M. Kromann
921498e38b MFB51 Export symbols that will allow building WDDX as shared object 2006-01-28 06:18:18 +00:00
Ilia Alshanetsky
0de9cf1e73 MFB51: Added a check for special characters in the session name. 2006-01-15 16:51:34 +00:00
foobar
251c5173fd bump year and license version 2006-01-01 13:10:10 +00:00
foobar
a208d9a966 - Nuke php3 legacy 2005-12-06 02:28:26 +00:00
foobar
ecd8376f36 - Changed "session.use_only_cookies" to be on by default. 2005-12-02 18:42:41 +00:00
foobar
be3a2c634d - Improved the fix for #21306 a bit 2005-09-23 08:13:57 +00:00
foobar
6f0648dab6 - Fixed bug #21306 (catch bailouts of write handler during RSHUTDOWN) 2005-09-20 20:56:21 +00:00
Stanislav Malyshev
961d12fa2d fix crash on restarting static PHP having session modules loaded 2005-09-20 14:05:16 +00:00
Derick Rethans
0f391bb0b3 - Add E_RECOVERABLE. 
#- Thought I did this before already actually...
 2005-09-15 16:19:48 +00:00
Dmitry Stogov
6b622046dc zend_is_callable() and zend_make_callable() were changed to return readable function name as zval (instead of string). 2005-08-22 12:22:16 +00:00
foobar
03cec74a0d Nuked EOLs from error messages 2005-08-18 13:34:04 +00:00
foobar
23e671a51e - Bumber up year 2005-08-03 14:08:58 +00:00
Dmitry Stogov
319cbe1c5a Fixed test file 2005-07-05 14:10:31 +00:00
foobar
73dd4043b3 Make sure files-save handler is used always 2005-07-04 13:09:14 +00:00
foobar
56c1b316da - Added session.hash_bits_per_character support. (3rd param) 
(Changes by: waltzer at autumnweave dot com)
 2005-06-20 13:37:32 +00:00
foobar
fd07bc5e6b nuke duplicate code 2005-06-03 22:09:22 +00:00
Antony Dovgal
29319a81b8 fix typo 
(see details here: http://news.php.net/php.internals/16350)
 2005-06-01 18:27:50 +00:00
foobar
a20383ba06 - Unify the "configure --help" texts 2005-05-29 23:17:16 +00:00
Ilia Alshanetsky
c24900dfa4 Added an optional remove old session parameter to session_regenerate_id(). 2005-05-29 16:51:25 +00:00
foobar
26d7b7fbc0 CS fix 2005-05-23 06:46:25 +00:00
Antony Dovgal
a186549ec0 fix compile warning 2005-05-22 12:57:26 +00:00
Rasmus Lerdorf
c1ef105535 Fixed bug 33072 - safemode/open_basedir check for runtime save_path change 2005-05-21 17:37:56 +00:00
Antony Dovgal
8f5ecf6da8 fix bug #32944 (Disabling session.use_cookies doesn't prevent reading session cookies) 2005-05-20 10:27:49 +00:00
foobar
626253940e - Added PHP_INSTALL_HEADERS() macro 
- Fixed several VPATH build issues
- Changed all awk calls to use $AWK
- Changed all mkdir calls to use "$php_shtool mkdir"
 2005-05-07 02:51:53 +00:00
foobar
a119050ebb These tests require register_long_arrays=1 2005-03-31 19:47:19 +00:00
Antony Dovgal
76e07faf87 fix leak when register_long_arrays is off 2005-03-24 00:17:16 +00:00
foobar
3ca8ad73a4 - Missing $Id$ tags 2005-02-13 17:54:04 +00:00
foobar
7281cd8082 MFB_4_3: cvs diff -r1.84.2.5 -r1.84.2.6 php_session.h 2005-02-13 07:55:27 +00:00
Antony Dovgal
5b78e4c025 hm.. 
fix #28324 _properly_
 2005-02-10 20:22:07 +00:00
Antony Dovgal
94982058b6 fix bug #28324 (HTTP_SESSION_VARS appear when register_long_arrays is Off) 2005-02-10 19:38:11 +00:00
Stefan Esser
581265f4d1 Correctly initialize ZVAL 2005-01-21 16:03:47 +00:00
foobar
64e40c2271 - Make sure FD_CLOEXEC is always defined. 2005-01-18 15:44:33 +00:00
Antony Dovgal
37d3ea836e add skipif section 2005-01-09 18:22:12 +00:00