clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-29 13:56:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
97,930 Commits 494 Branches 1,367 Tags 788 MiB
90352bb4a2
Commit Graph

803 Commits

Author SHA1 Message Date
Xinchen Hui
271053ad47 Revert "Bug #66481 Segfaults on session_name()" 
This reverts commit 5662ffb295.
 2014-01-16 14:38:35 +08:00
Yasuo Ohgaki
518327f7e3 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Bug #66481 Segfaults on session_name()
 2014-01-16 11:35:11 +09:00
Yasuo Ohgaki
744f38c2d6 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Bug #66481 Segfaults on session_name()
 2014-01-16 11:34:31 +09:00
Conor McDermottroe
5662ffb295 Bug #66481 Segfaults on session_name() 
If the previous value of session.name was NULL then any call to
session_name($string) would result in a segmentation fault.

This changes the behaviour to set the value of session.name to
"PHPSESSID" if a blank value is given in php.ini or via -d on the
command line. There is already protection against setting it to NULL via
session_name() or ini_set().
 2014-01-16 11:33:10 +09:00
Yasuo Ohgaki
167eaedcbd Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fixed session module is sending multiple set-cookie headers when session.use_strict_mode=1
 2014-01-15 11:07:10 +09:00
Yasuo Ohgaki
f52c251f60 Fixed session module is sending multiple set-cookie headers when session.use_strict_mode=1 2014-01-15 11:06:06 +09:00
Xinchen Hui
c081ce628f Bump year 2014-01-03 11:08:10 +08:00
Xinchen Hui
47c9027772 Bump year 2014-01-03 11:06:16 +08:00
Xinchen Hui
c0d060f5c0 Bump year 2014-01-03 11:04:26 +08:00
Dmitry Stogov
03a37de9b3 Improved empty string handling. Now ZE uses an interned string instead of allocation new empty string each time. (Some extensions might need to be fixed using str_efree() instead of efree() to support interned strings). 2013-12-26 14:47:13 +04:00
Christopher Jones
d9bfe06194 Merge branch 'PHP-5.5' 
* PHP-5.5:
  Reduce compilation noise during normal compilation:     php-5.5/ext/session/session.c:836: warning: unused variable ‘struc’     php-5.5/ext/session/session.c:836: warning: unused variable ‘num_key’     php-5.5/ext/session/session.c:836: warning: unused variable ‘key_length’     php-5.5/ext/session/session.c:836: warning: unused variable ‘key’     php-5.5/ext/session/session.c:835: warning: unused variable ‘key_type’     php-5.5/ext/session/session.c:834: warning: unused variable ‘_ht’     php-5.5/ext/session/session.c:857: warning: unused variable ‘has_value’     php-5.5/ext/session/session.c:856: warning: unused variable ‘namelen’     php-5.5/ext/session/session.c:853: warning: unused variable ‘name’     php-5.5/ext/session/session.c:852: warning: unused variable ‘p’
 2013-08-21 10:35:07 -07:00
Christopher Jones
d85827fb7f Reduce compilation noise during normal compilation: 
php-5.5/ext/session/session.c:836: warning: unused variable ‘struc’
    php-5.5/ext/session/session.c:836: warning: unused variable ‘num_key’
    php-5.5/ext/session/session.c:836: warning: unused variable ‘key_length’
    php-5.5/ext/session/session.c:836: warning: unused variable ‘key’
    php-5.5/ext/session/session.c:835: warning: unused variable ‘key_type’
    php-5.5/ext/session/session.c:834: warning: unused variable ‘_ht’
    php-5.5/ext/session/session.c:857: warning: unused variable ‘has_value’
    php-5.5/ext/session/session.c:856: warning: unused variable ‘namelen’
    php-5.5/ext/session/session.c:853: warning: unused variable ‘name’
    php-5.5/ext/session/session.c:852: warning: unused variable ‘p’

    php-5.5/ext/session/mod_user.c:191: warning: unused variable ‘ret’
 2013-08-21 10:34:09 -07:00
Yasuo Ohgaki
aaf95aa1b6 Merge branch 'PHP-5.5' 
* PHP-5.5:
  Add php_serialize session.serialize_handler. This patch closes
 2013-08-21 11:06:11 +09:00
Yasuo Ohgaki
c51f77fe83 Add php_serialize session.serialize_handler. This patch closes 
Request #25630
  Request #43980
  Request #54383
  Bug #65359

and many others similar to these that are closed as "wont fix" or
"not a bug".

Current serializers have limitations due to register_globals support
that are no longer supported. Changing existing serializer may cause
compatibility issue. Therefore, new handler is needed to remove
needless limitations.

php_serialize does not have special characters and allow numerical
index in $_SESSION. $_SESSION can be used as ordinary array.
 2013-08-21 10:51:51 +09:00
Christopher Jones
3c166c4758 Merge branch 'PHP-5.5' 
* PHP-5.5:
  Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings.

Conflicts:
	ext/gmp/gmp.c
 2013-08-14 20:47:00 -07:00
Christopher Jones
39612afc72 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings.

Conflicts:
	ext/dba/libinifile/inifile.c
 2013-08-14 20:43:25 -07:00
Christopher Jones
9ad97cd489 Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings. 2013-08-14 20:36:50 -07:00
Yasuo Ohgaki
0959475e11 Merge branch 'PHP-5.5' 
* PHP-5.5:
  Fixed possible buffer overflow under Windows. Note: Not a security fix.
 2013-08-11 06:44:01 +09:00
Yasuo Ohgaki
2df95b1354 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fixed possible buffer overflow under Windows. Note: Not a security fix.
 2013-08-11 06:43:37 +09:00
Yasuo Ohgaki
0ad81ac18a Fixed possible buffer overflow under Windows. Note: Not a security fix. 2013-08-11 06:43:01 +09:00
Yasuo Ohgaki
771b06f585 Merge branch 'PHP-5.5' 
* PHP-5.5:
  Fixed Bug #62015 Changed session.auto_start to PHP_INI_PERDIR. It is simply wrong and never worked if the value is changed at runtime
 2013-08-10 18:30:05 +09:00
Yasuo Ohgaki
9d95a1a7d1 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fixed Bug #62015 Changed session.auto_start to PHP_INI_PERDIR. It is simply wrong and never worked if the value is changed at runtime
 2013-08-10 18:29:29 +09:00
Yasuo Ohgaki
e9b128c1bf Fixed Bug #62015 Changed session.auto_start to PHP_INI_PERDIR. It is simply wrong and never worked if the value is changed at runtime 2013-08-10 18:29:13 +09:00
Yasuo Ohgaki
6941ce3583 Implemented Request #20421 (session_abort() and session_reset() function 2013-08-10 16:57:56 +09:00
Yasuo Ohgaki
54a42f0d0c Implemented Request #11100 (session_gc() function). 2013-08-10 15:20:24 +09:00
Yasuo Ohgaki
f2b5725115 Remove compile warning of commit 554021d21e 2013-08-10 14:35:30 +09:00
Yasuo Ohgaki
554021d21e Implemented Bug #17860 Suggestion: auto detect whether session changed 2013-08-10 13:56:32 +09:00
Yasuo Ohgaki
678ec30655 Implement Bug #54649 Create session_serializer_name() 2013-08-10 09:26:10 +09:00
Yasuo Ohgaki
b6b425d2cf Fixed Bug #65315 session.hash_function silently fallback to default md5 2013-08-09 18:05:24 +09:00
Stanislav Malyshev
b80d73ce15 fix crash, enable session_id and fix test 2013-08-04 17:43:20 -07:00
Yasuo Ohgaki
25e8fcc88f Strict session 2013-08-04 16:36:45 -07:00
Arpad Ray
0d3d739bf7 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix bug #62129 - rfc1867 crashes php even though turned off
 2013-07-17 11:05:23 +01:00
Arpad Ray
ba3234888d Fix bug #62129 - rfc1867 crashes php even though turned off 
Patch by gxd305 at gmail dot com
 2013-07-17 11:02:48 +01:00
Anatol Belski
54b740a7e1 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fixed typo ensuring header str is \0 terminated
 2013-07-16 00:15:29 +02:00
Anatol Belski
bcb39d9c6a Fixed typo ensuring header str is \0 terminated 
This was obviously intended to send an empty header if
php_gmtime_r() fails. Currently it could send garbage.
 2013-07-16 00:14:05 +02:00
Anatol Belski
1968fac697 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fixed mysql tests parsing phpinfo()
  Update NEWS
  Fixed bug #35703: when session_name("123") consist only digits, should warning
  Fixed bug #49175: mod_files.sh does not support hash bits
 2013-07-02 08:24:37 +02:00
Yasuo Ohgaki
87dda666c7 Fixed bug #35703: when session_name("123") consist only digits, should warning 2013-06-29 11:35:55 +09:00
Arpad Ray
70ae67b5da Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix bug #62535 - $_SESSION[$key]["cancel_upload"] doesn't work as documented
 2013-06-27 19:12:46 +01:00
Arpad Ray
ce8c023910 Fix bug #62535 - $_SESSION[$key]["cancel_upload"] doesn't work as documented 
When uploading multiple files, the array in the session where the progress
data is stored (and cancel_upload key is set) was overwritten whenever the
progress data was updated, so pending uploads would proceed anyway.
 2013-06-27 19:05:23 +01:00
Arpad Ray
1e836cdd64 BC fix for PR 109 merge - create_sid() method in SessionHandler 
Creates a new SessionIdInterface and moves create_sid() into it, so existing
handlers implementing SessionHandlerInterface don't require create_sid().
SessionHandler still includes the method so the default mod can be called, but
now implements both interfaces.

Also added several more tests for this feature.
 2013-06-27 12:33:56 +01:00
Arpad Ray
b66c14b0c8 Merge PR 109 - Add create_sid to session_set_save_handler and SessionHandler 
Allows user session handlers to create session IDs by adding an optional
7th argument to session_set_save_handler() and a create_sid() method
to SessionHandler.
 2013-06-27 12:29:44 +01:00
Dmitry Stogov
731b4a3fa4 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Callback has to be restored in MSHUTDOWN
 2013-06-10 12:34:08 +04:00
Dmitry Stogov
336a8e1943 Callback has to be restored in MSHUTDOWN 2013-06-10 12:32:53 +04:00
Lars Strojny
ec2fff80e7 Bug #23955: allow specifiy max age for setcookie() 2013-01-06 03:22:44 +01:00
Xinchen Hui
a666285bc2 Happy New Year 2013-01-01 16:37:09 +08:00
Xinchen Hui
0a7395e009 Happy New Year 2013-01-01 16:28:54 +08:00
Leigh
6809c388b5 Tests, fixes and optimisations 
* Amended existing tests to cater for new functionality.
* Implemented fixes and optimisations recommended by NikiC
* Added create_sid to the registered interface. This was breaking
tests. It also now breaks BC for people implementing the interface
directly instead of extending the class.
 2012-06-26 14:57:10 +01:00
Johannes Schlüter
5e23a047ac Merge branch 'PHP-5.3' into PHP-5.4 
* PHP-5.3:
  Remove extra ;
 2012-06-22 17:33:22 +02:00
Johannes Schlüter
a62d4e2c43 Remove extra ; 2012-06-22 17:32:46 +02:00
Leigh
59cf3a2404 Add create_sid to session_set_save_handler and SessionHandler 
A lot of code already existed to allow a custom create_sid handler, but
lacked a specific implementation.

Therefore I have added a 7th (optional) argument
session_set_save_handler, to allow a user function to be supplied for
session id generation.

If a create_sid function is not supplied, the default function is
called in its absence to preserve backwards compatibility.

Likewise create_sid only added to SessionHandler class, and not the
interface to maintain backwards compatibility. If the result is not
overridden, the default is called.
 2012-06-15 15:06:47 +01:00
Ilia Alshanetsky
f82a562453 Fixed bug #60634 (Segmentation fault when trying to die() in SessionHandler::write()) 2012-03-08 03:31:46 +00:00
Ilia Alshanetsky
ef61504b35 Fixed bug #60634 (Segmentation fault when trying to die() in SessionHandler::write()) 2012-03-08 03:31:46 +00:00
Ilia Alshanetsky
f005f36cd6 Fixed bug #60634 (Segmentation fault when trying to die() in SessionHandler::write()) 2012-03-08 03:31:46 +00:00
Arpad Ray
5142a4edc8 add SessionHandlerInterface for session_set_save_handler() - #60551 2012-01-04 01:16:45 +00:00
Arpad Ray
7486849b56 add SessionHandlerInterface for session_set_save_handler() - #60551 2012-01-04 01:16:45 +00:00
Felipe Pena
e4ca0ed09f - Year++ 2012-01-01 13:15:04 +00:00
Felipe Pena
8775a37559 - Year++ 2012-01-01 13:15:04 +00:00
Felipe Pena
4e19825281 - Year++ 2012-01-01 13:15:04 +00:00
Xinchen Hui
b0cf58633c C++ style comment 2011-11-21 05:57:45 +00:00
Xinchen Hui
ae05ae7e92 C++ style comment 2011-11-21 05:57:45 +00:00
Arpad Ray
8b6a2d257a Fix hash key length in register/remove_user_shutdown_function 2011-11-11 14:42:18 +00:00
Arpad Ray
d39dbdee24 Fix hash key length in register/remove_user_shutdown_function 2011-11-11 14:42:18 +00:00
Arpad Ray
11d6fcdba0 fix calling user close func when it isn't open 2011-11-02 16:53:22 +00:00
Arpad Ray
fc5bebfd0c fix calling user close func when it isn't open 2011-11-02 16:53:22 +00:00
Arpad Ray
45a96e0d5b fix zts break in r316688 2011-09-13 23:07:08 +00:00
Arpad Ray
f8a943cc19 fix zts break in r316688 2011-09-13 23:07:08 +00:00
Arpad Ray
5bc97c6cfa Implement object-oriented session handlers (https://wiki.php.net/rfc/session-oo) 2011-09-13 22:28:15 +00:00
Arpad Ray
47cfae87eb Implement object-oriented session handlers (https://wiki.php.net/rfc/session-oo) 2011-09-13 22:28:15 +00:00
Dmitry Stogov
4a25a7740d Fixed ZE specific compile warnings (Bug #55629) 2011-09-13 13:29:35 +00:00
Dmitry Stogov
e43ff1359e Fixed ZE specific compile warnings (Bug #55629) 2011-09-13 13:29:35 +00:00
Arpad Ray
c8de01fef8 Expose session status via new function, session_status (Req #52982) 2011-08-29 21:29:26 +00:00
Arpad Ray
1a2c15f912 Expose session status via new function, session_status (Req #52982) 2011-08-29 21:29:26 +00:00
Hannes Magnusson
e481f05470 fixed bug #55267 - session_regenerate_id fails after header sent even if session.use_cookies = 0 2011-08-29 21:20:41 +00:00
Hannes Magnusson
7746cf83d9 fixed bug #55267 - session_regenerate_id fails after header sent even if session.use_cookies = 0 2011-08-29 21:20:41 +00:00
Hannes Magnusson
53bfe76489 fixed bug #55267 - session_regenerate_id fails after header sent even if session.use_cookies = 0 2011-08-29 21:20:41 +00:00
Felipe Pena
997f323e3a - Added ZEND_MOD_END macro to use in the end of zend_module_dep[] 2011-08-06 14:47:44 +00:00
Felipe Pena
707a8f70b8 - Added ZEND_MOD_END macro to use in the end of zend_module_dep[] 2011-08-06 14:47:44 +00:00
Felipe Pena
9480eace41 - Added ZEND_MOD_END macro to use in the end of zend_module_dep[] 2011-08-06 14:47:44 +00:00
Felipe Pena
23e438594d - Make usage of new PHP_FE_END macro 2011-07-25 11:42:53 +00:00
Felipe Pena
4b30846b50 - Make usage of new PHP_FE_END macro 2011-07-25 11:35:02 +00:00
Felipe Pena
da376383e8 - Make usage of new PHP_FE_END macro 2011-07-25 11:35:02 +00:00
Pierre Joye
783285e62a - local redeclaration 2011-01-23 10:02:06 +00:00
Pierre Joye
88a1f3988c - local redeclaration 2011-01-23 10:02:06 +00:00
Felipe Pena
927bf09c29 - Year++ 2011-01-01 02:19:59 +00:00
Felipe Pena
0203cc3d44 - Year++ 2011-01-01 02:17:06 +00:00
Felipe Pena
477b8a6664 - Fixed bug #53141 (autoload misbehaves if called from closing session) 
patch by: ladislav at marek dot su
 2010-11-02 18:34:56 +00:00
Felipe Pena
7ded7577b2 - Fixed bug #53141 (autoload misbehaves if called from closing session) 
patch by: ladislav at marek dot su
 2010-11-02 18:34:56 +00:00
Ilia Alshanetsky
a12d2bf747 Fixed a compiler warning 2010-08-27 19:43:08 +00:00
Ilia Alshanetsky
9cad594085 Fixed a compiler warning 2010-08-27 19:43:08 +00:00
Dmitry Stogov
f0c8366a9e - use interned strings for auto globals 
- $GLOBALS became a JIT autoglobal, so it's initialized only if used (this may affect opcode caches)
 2010-07-08 14:05:11 +00:00
Pierre Joye
9e5313fdca - [DOC] MFH: add session.entropy* support to windows 2010-06-08 22:30:16 +00:00
Pierre Joye
38d334f851 - [DOC] MFH: add session.entropy* support to windows 2010-06-08 22:30:16 +00:00
Pierre Joye
bfe51d3895 - [DOC] add session.entropy* support to windows 2010-06-08 13:46:19 +00:00
Pierre Joye
24ef65019f - silent warning 2010-06-02 19:20:04 +00:00
Pierre Joye
2fd5a6a188 - silent warning 2010-06-02 19:20:04 +00:00
Michael Wallner
11d24c1593 * implement new output API, fixing some bugs and implementing some feature 
requests--let's see what I can dig out of the bugtracker for NEWS--
  and while crossing the road:
   * implemented new zlib API
   * fixed up ext/tidy (what was "s&" in zend_parse_parameters() supposed to do?)

Thanks to Jani and Felipe for pioneering.
 2010-05-31 10:29:43 +00:00
Arnaud Le Blanc
4f3b619625 - code cleanups 
- cleanup progress data from session vars as soon as all
   post data has been readden (upload_progress.cleanup
   ini setting allows to disable this)
 2010-05-11 16:39:07 +00:00
Arnaud Le Blanc
da9448f3fd Added upload progress feedback in session data as describied 
in RFC : http://wiki.php.net/rfc/session_upload_progress
 2010-05-10 16:09:00 +00:00
Kalle Sommer Nielsen
dd8e59da8f Removed safe_mode 
* Removed ini options, safe_mode*
 * Removed --enable-safe-mode --with-exec-dir configure options on Unix
 * Updated extensions, SAPI's and core
 * php_get_current_user() is now declared in main.c, thrus no need to include safe_mode.h anymore
 2010-04-26 23:53:30 +00:00
Ilia Alshanetsky
64f372fae2 Fixed handling of session variable serialization on certain prefix characters. Reported by Stefan Esser 2010-04-26 18:35:54 +00:00
Ilia Alshanetsky
3c78ad763e Fixed handling of session variable serialization on certain prefix characters. Reported by Stefan Esser 2010-04-26 18:35:54 +00:00
Kalle Sommer Nielsen
e73a794105 Removed the session 4.2 bug compatibility mode 2010-04-22 01:07:48 +00:00
Kalle Sommer Nielsen
b8ada243fe Drop php_register_var(), Thanks Felipe 2010-04-21 23:16:56 +00:00
Kalle Sommer Nielsen
3f29144348 Removed session_is_registered(), session_register() and session_unregister(). 
-- They are no longer needed without register_globals
 2010-04-21 23:03:16 +00:00
Kalle Sommer Nielsen
febee11285 Removed register_globals 2010-04-21 01:27:22 +00:00
Kalle Sommer Nielsen
a5304b138f Removed register_long_arrays ini option (and $HTTP_SESSION_VARS from ext/session) 2010-04-15 16:36:08 +00:00
Rasmus Lerdorf
9692a3619c Set session.entropy_file to /dev/urandom or /dev/arandom by 
default if present at compile-time.  Addresses part of bug #51436
 2010-03-31 18:03:17 +00:00
Ilia Alshanetsky
995d15ebcc Fixed bug #51338 (URL-Rewriter is still enabled if use_only_cookies is on). 2010-03-22 12:16:45 +00:00
Jani Taskinen
af49e58f51 - Reverted r296062 and r296065 2010-03-12 10:28:59 +00:00
Jani Taskinen
06f072cb5e MFH: Improved / fixed output buffering (Michael Wallner) 2010-03-11 10:24:29 +00:00
Ilia Alshanetsky
dff4e7fda1 Fixed a possible open_basedir/safe_mode bypass in session extension identified by Grzegorz Stachowiak. 2010-01-31 18:06:29 +00:00
Sebastian Bergmann
9ba1e81665 sed -i "s#1997-2009#1997-2010#g" **/*.c **/*.h **/*.php 2010-01-03 09:23:27 +00:00
Dmitry Stogov
5ab649e65f Fixed compilation 2009-12-04 07:11:37 +00:00
Stanislav Malyshev
3e6ac4fb6b protect http_session_vars from interrupt corruption 
improve save_path check
 2009-12-04 01:21:32 +00:00
Guenter Knauf
824692fab8 removed now obsolete NetWare hack since I fixed this 
with Novell some longer time ago in their SDK header.
 2009-11-03 21:21:34 +00:00
Antony Dovgal
75fc702162 fix segfault in session/tests/031.phpt by adding optional extension 
dependency (php_hash_hashtable has to be initialized when setting
session.hash_function)
 2009-07-28 08:54:23 +00:00
Gwynne Raskind
2673b9be38 MFH: fix crash when session hash function generated long hashes with hash_bits_per_character larger than 4 2009-07-17 14:21:59 +00:00
Jani Taskinen
9ece649f7c MFH: ws + sync 2009-05-18 16:10:09 +00:00
Hannes Magnusson
33aa4ac568 MFH: fix folding 2009-04-06 11:45:25 +00:00
Sebastian Bergmann
08659c2dcd MFH: Bump copyright year, 3 of 3. 2008-12-31 11:15:49 +00:00
Scott MacVicar
2ea6780873 MFH Fix bug #35975 - Session cookie expires date format isn't the most compatible. Sync to that of setcookie(). 2008-12-11 01:21:35 +00:00
Hannes Magnusson
76a17847c1 Deprecate session_register(), session_unregister() and 
session_is_registered() (removed in HEAD)
 2008-12-09 14:03:58 +00:00
Felipe Pena
fc2fb50d09 - MFH: Added 'static' into ZEND_BEGIN_ARG_INFO_EX macro 2008-11-17 11:28:01 +00:00
Felipe Pena
7a37fa2d6b - Revert ZEND_BEGIN_ARG_INFO change 2008-11-02 21:19:39 +00:00
Felipe Pena
df10005563 - MFH: Added 'static' into ZEND_BEGIN_ARG_INFO_EX macro 2008-10-24 14:35:40 +00:00
Jani Taskinen
525f3c4793 MFH: General sync. WS / CS / etc. crap some people didn't bother to merge 
MFH: before this commit..bunnies thank you all..
[DOC] - Added ext/hash support to ext/session's ID generator. (Sara)
[DOC] Ask Sara for explanation..
 2008-08-06 05:53:31 +00:00
Jani Taskinen
9ad7800f52 - Nuke ending periods from error messages 2008-08-05 22:52:05 +00:00
Kalle Sommer Nielsen
874b456078 MFH: Fixes #45406 - Patch by oleg dot grenrus at dynamoid dot com 2008-08-04 06:21:55 +00:00
Felipe Pena
e304515ddb - MFH: Added parameter TSRMLS_DC in zend_is_callable() 2008-08-02 04:46:07 +00:00
Felipe Pena
ca0c2340fe - Added arginfo 2008-06-27 16:16:23 +00:00
Dmitry Stogov
9c3ebd10bb Fixed memory leaks 2008-06-24 06:47:45 +00:00
Felipe Pena
015f82d219 - New parameter parsing API 2008-06-21 15:27:34 +00:00
Scott MacVicar
944061ba37 Fixed bug #44720 (Prevent infinite recursion within session_register) 2008-04-15 00:59:04 +00:00
Dmitry Stogov
1a08aadc9b Fixed memory corruption because of double free() 2008-03-11 09:36:41 +00:00
Felipe Pena
84a8bb038a MFH: New way for check void parameters 2008-03-10 22:15:36 +00:00
Gwynne Raskind
3e99d5cc5b MFH: fix bug #32330 (session_destroy, "Failed to initialize storage module", custom session handler) 2008-03-07 23:20:32 +00:00
Sebastian Bergmann
d1dded8751 MFH: Bump copyright year, 2 of 2. 2007-12-31 07:17:19 +00:00
Yiduo (David) Wang
4b4d634cb9 MFH: Added macros for managing zval refcounts and is_ref statuses 2007-10-07 05:22:07 +00:00
Dmitry Stogov
6c810b0d4c Improved memory usage by movig constants to read only memory. (Dmitry, Pierre) 2007-09-27 18:00:48 +00:00
Stanislav Malyshev
6b7f164803 correct fix for access control for save_path and .htaccess 2007-08-03 01:16:40 +00:00
Ilia Alshanetsky
3034092111 Fixed bug #42135 (Second call of session_start() causes creation of SID) 2007-07-29 14:43:30 +00:00
Ilia Alshanetsky
e2d606e18b Fixed compiler warning 2007-06-17 14:25:46 +00:00
Stefan Esser
df7bfe0a0f MFH 2007-06-16 07:48:07 +00:00
Stanislav Malyshev
70a8f9313b Disallow characters that Cookie RFC does not allow in unquoted cookies 2007-06-15 22:40:00 +00:00
Antony Dovgal
d042fd0675 MFH: php_gmtime_r() fixes 2007-06-07 08:59:00 +00:00
Stanislav Malyshev
69650d0ebf do not send cookie when session is passed in URL, same as it happens with GET/POST 2007-05-16 01:18:14 +00:00
Antony Dovgal
39f9184fa6 MFH: fix #40998 (long session array keys are truncated) 2007-04-04 19:52:19 +00:00
Ilia Alshanetsky
7aab16c333 Fixed MOPB-22-2007:PHP session_regenerate_id() Double Free Vulnerability 
# Discovered by Stefan Esser
 2007-03-14 19:37:07 +00:00
Ilia Alshanetsky
a500d1efe9 Adjust checks to allow paths without a trailing / 2007-03-03 15:07:31 +00:00
Ilia Alshanetsky
4735df26f8 Improve safe_mode check 2007-03-02 00:49:47 +00:00
Ilia Alshanetsky
efad70c2cc snprintf() -> slprintf() 2007-02-27 03:28:17 +00:00
Marcus Boerger
50ea26760d - Avoid sprintf, even when checked copy'n'paste or changes lead to errors 2007-02-24 02:17:47 +00:00
Stanislav Malyshev
3e262bd369 disallow negative length 2007-02-24 01:18:14 +00:00
Dmitry Stogov
ae792a06b0 Fixed SIGSEGV 2007-01-10 07:04:49 +00:00
Ilia Alshanetsky
81729c1ece Prevent SESSION/GLOBALS overload via session decoding 2007-01-09 15:31:12 +00:00
Sebastian Bergmann
4223aa4d5e MFH: Bump year. 2007-01-01 09:36:18 +00:00
Ilia Alshanetsky
ba64553913 Added boundary checks to php_binary deserializer 2006-12-31 22:25:55 +00:00
Ilia Alshanetsky
ffd41a503f Session deserializer protection. 2006-12-26 16:53:47 +00:00
Antony Dovgal
7d2142a56e protect _SESSION, HTTP_SESSION_VARS and GLOBALS 
maintain an internal reference of _SESSION, so that it won't be possible to destroy it from userspace
 2006-12-20 19:31:28 +00:00
Antony Dovgal
bcf457d828 MFH: fix retval type 2006-12-04 15:58:48 +00:00
Ilia Alshanetsky
35f78f221b Fixed bug #37627 (session save_path check checks the parent directory). 2006-12-04 15:19:26 +00:00
Ilia Alshanetsky
5f3e233ea7 Disallow \0 chars inside session.save_path 2006-12-01 00:27:20 +00:00
Hannes Magnusson
050f94f746 MFH: Fix double "wron param count" messages 2006-11-03 14:46:48 +00:00
Ilia Alshanetsky
b1d8f7e09d Expose session storage module locater and serialization function via PHPAPI 2006-10-06 21:11:36 +00:00
Ilia Alshanetsky
154f70acf1 Fixed bug #38993 (Fixed safe_mode/open_basedir checks for 
session.save_path, allowing them to account for extra parameters).
 2006-10-01 20:58:02 +00:00
Antony Dovgal
b6ced95187 change ini handlers to produce E_ERROR if they are called during startup 2006-08-30 16:24:40 +00:00
Antony Dovgal
f8fd45a735 MFH: change E_ERROR to E_WARNING when invalid argument has been passed 
make sure ini_set() doesn't reset PS(mod) and PS(serializer) to invalid values
 2006-08-30 15:43:10 +00:00
Ilia Alshanetsky
7dfae526c7 Fixed proto 2006-08-10 21:10:03 +00:00
Ilia Alshanetsky
e5fe441cbd Added support for httpOnly flag for session extension and cookie setting 
functions.

# Original patch by Scott MacVicar
 2006-08-10 13:50:56 +00:00
Antony Dovgal
0c4ef446e2 MFH: fix #38289 (segfault in session_decode() when _SESSION is NULL) 2006-08-02 09:16:52 +00:00
Antony Dovgal
52e6ede06e MFH: fix #38278 (session_cache_expire()'s value does not match phpinfo's session.cache_expire) 2006-08-01 08:32:07 +00:00
Ilia Alshanetsky
96324fb67f An improved fix for bug #38224 2006-07-27 15:33:16 +00:00
Ilia Alshanetsky
bcc8854eaa make C++ compilers happy 2006-07-27 14:13:30 +00:00
Ilia Alshanetsky
dcb4b314bf removed debug code 2006-07-27 14:05:03 +00:00
Ilia Alshanetsky
e5a1182304 Fixed bug #38224 (session extension can't handle broken cookies). 2006-07-27 14:00:13 +00:00
Ilia Alshanetsky
1784db8087 Fixed compiler warnings. 2006-07-13 00:13:19 +00:00
Michael Wallner
33dbaff1ed MFH: add note why replace is 0, so that I don't wonder again in 2 months 
why session_regenerate_id() sends the session cookie twice
 2006-07-12 15:28:44 +00:00
Dmitry Stogov
1dbaae2795 Added automatic module globals management 2006-06-15 18:33:09 +00:00
Marcus Boerger
aa0172a4da - MFH Fix bug #37510 session_regenerate_id changes session_id() even on failure 2006-05-18 22:12:26 +00:00
Rasmus Lerdorf
6cc9f92d16 (Missing patch from the PHP 4 tree that got lost in the shuffle) 
See: http://cvs.php.net/viewcvs.cgi/php-src/ext/session/session.c?r1=1.336.2.39&r2=1.336.2.40
- fix logic. if the client already sent us the cookie, we don't
  need to send it again.  if the id has been changed, we need to
  update the client side.
 2006-02-10 07:39:13 +00:00
Frank M. Kromann
80cc4867e3 Export symbols that will allow building WDDX as shared object 2006-01-28 06:18:01 +00:00
Ilia Alshanetsky
3d80bd0cdf Added a check for special characters in the session name. 2006-01-15 16:51:18 +00:00
foobar
5bd93221a8 bump year and license version 2006-01-01 12:51:34 +00:00
foobar
3e669bc950 MFH: nuke php3 legacy 2005-12-06 02:28:41 +00:00
foobar
b5017bd725 MFH: Improved the fix for #21306 a bit 2005-09-23 08:14:13 +00:00
foobar
de6b4c0091 MFH: - Fixed bug #21306 (catch bailouts of write handler during RSHUTDOWN) 2005-09-20 20:56:54 +00:00
Stanislav Malyshev
bcb70109d2 fix crash on restarting static PHP having session modules loaded 2005-09-20 14:03:29 +00:00
foobar
23e671a51e - Bumber up year 2005-08-03 14:08:58 +00:00
foobar
fd07bc5e6b nuke duplicate code 2005-06-03 22:09:22 +00:00
Antony Dovgal
29319a81b8 fix typo 
(see details here: http://news.php.net/php.internals/16350)
 2005-06-01 18:27:50 +00:00
Ilia Alshanetsky
c24900dfa4 Added an optional remove old session parameter to session_regenerate_id(). 2005-05-29 16:51:25 +00:00
foobar
26d7b7fbc0 CS fix 2005-05-23 06:46:25 +00:00
Antony Dovgal
a186549ec0 fix compile warning 2005-05-22 12:57:26 +00:00
Rasmus Lerdorf
c1ef105535 Fixed bug 33072 - safemode/open_basedir check for runtime save_path change 2005-05-21 17:37:56 +00:00
Antony Dovgal
8f5ecf6da8 fix bug #32944 (Disabling session.use_cookies doesn't prevent reading session cookies) 2005-05-20 10:27:49 +00:00
Antony Dovgal
76e07faf87 fix leak when register_long_arrays is off 2005-03-24 00:17:16 +00:00
Antony Dovgal
5b78e4c025 hm.. 
fix #28324 _properly_
 2005-02-10 20:22:07 +00:00
Antony Dovgal
94982058b6 fix bug #28324 (HTTP_SESSION_VARS appear when register_long_arrays is Off) 2005-02-10 19:38:11 +00:00
Stefan Esser
581265f4d1 Correctly initialize ZVAL 2005-01-21 16:03:47 +00:00
Antony Dovgal
d7072f8a9d efree(name) 2005-01-09 17:49:51 +00:00
Antony Dovgal
c644b2a5a1 fix bug #31454 (session_set_save_handler crashes PHP when supplied non-existent object ref) 2005-01-09 17:42:02 +00:00
Antony Dovgal
ad76be844b CS changes (as suggested by Ilia) 2004-12-09 17:15:52 +00:00
Antony Dovgal
e76824c91f fix segfault in session_module_name() when session.save_handler is empty 2004-12-09 14:14:21 +00:00
Dmitry Stogov
a22fa4d109 Fixed crash in phpinfo() after graceful Apache restart. 2004-12-07 18:02:25 +00:00
Andi Gutmans
11bcaedfc8 - Rename delete_global_variable() to zend_delete_global_variable() 2004-10-04 20:17:06 +00:00
Andi Gutmans
db507dd153 - Commit the variable fetch optimization. 
- Extensions which delete global variables need to use new special function
- delete_global_variable() (I'm about to rename it) to remove them.
- Will post to internals@ or via commit messages if there's anything else.
 2004-10-04 19:54:35 +00:00
Anantha Kesari H Y
142e92bb70 NetWare specific stat structure access incorporated 2004-09-30 14:31:30 +00:00
Antony Dovgal
0ea23249da fix error message 2004-09-30 14:20:02 +00:00
Antony Dovgal
fcd702efe4 fix segfault when using unknown/unsupported save_handler and/or serialize_handler (bug #30282) 2004-09-30 12:19:59 +00:00
Ilia Alshanetsky
6784176b9c Fixed compiler warnings. 2004-09-14 23:57:53 +00:00
Ilia Alshanetsky
197d65770a Fixed bug #29925 (Added a check to prevent illegal characters in session 
key).
 2004-09-02 02:44:04 +00:00
Sascha Schumann
5890197024 fix empty_string issue 
Patch submitted by Antony Dovgal <tony2001@phpclub.net>
 2004-08-02 08:27:46 +00:00
Andi Gutmans
56f8195fe5 - Nuke empty_string. It is a reminanent from the time where RETURN_FALSE() 
used to return "" and not bool(false). It's not worth keeping it because
  STR_FREE() and zval_dtor() always have to check for it and it slows down
  the general case. In addition, it seems that empty_string has been abused
  quite a lot, and was used not only for setting zval's but generally in
  PHP code instead of "", which wasn't the intention. Last but not least,
  nuking empty_string should improve stability as I doubt every place
  correctly checked if they are not mistakenly erealloc()'ing it or
  calling efree() on it.
  NOTE: Some code is probably broken. Each extension maintainer should
  check and see that my changes are OK. Also, I haven't had time to touch
  PECL yet. Will try and do it tomorrow.
 2004-07-19 07:19:50 +00:00
Andi Gutmans
e5cfb1d05c - Better stability during premature shutdown of request startup 2004-07-10 07:46:17 +00:00
Sara Golemon
96132bf4fe if statement logic would never eval to false. 2004-05-08 05:58:18 +00:00
Ilia Alshanetsky
793140873b Another setting leak in session code (bug #27963). 2004-04-13 18:18:22 +00:00
Ilia Alshanetsky
254c8d6ce9 Fixed bug #27963 (Session lifetime setting may leak between requests). 2004-04-13 00:39:05 +00:00
Wez Furlong
32be6f268b Fix for Bug #26757: session.save_path defaults to bogus value on win32 
Merge from branch with one main difference: the default save_path is
set to the empty string on all platforms, whereas the code in the
branch only does so for win32.
 2004-03-29 21:44:07 +00:00
Moriyoshi Koizumi
75f83f7bb4 - Fix segfaults on deserialisation of referenced variables. 
# ALLOC_INIT_ZVAL() initialises the type field to IS_NULL, while
# MAKE_STD_ZVAL() doesn't. This caused a kind of random crash
# when zval_ptr_dtor() was applied on an intact zval created by
# the latter method.
#
# Please check relevant bugs again. There should be some that
# have already been marked as bogus.
 2004-02-29 00:26:36 +00:00
foobar
ac92c47b84 Fix bug #26005 (Random "cannot change the session ini settings" errors) 2004-02-24 08:47:35 +00:00
foobar
4441da2754 Improve error messages 2004-02-19 01:54:21 +00:00
Zeev Suraski
7c710a9f9b Use zval_ptr_dtor() to free variables as soon as they hit refcount of 0. 
Note:  You should not be using ZVAL_DELREF() in day to day usage.  Instead,
       you should use zval_ptr_dtor().  Use ZVAL_DELREF() only if you're
       messing with the refcount directly and know what you're doing.
Note #2:  For clarity, if you want to initialize a new zval with a refcount
          of 0, it's best to do that directly, instead of using ZVAL_DELREF
          after allocating the zval...
 2004-02-15 12:58:19 +00:00
Wez Furlong
6ac364048b export tsrm id for session globals. 2004-01-09 15:30:07 +00:00
Andi Gutmans
dbeb4158d2 - A belated happy holidays and PHP 5 2004-01-08 08:18:22 +00:00
Ilia Alshanetsky
d3639b1aa7 Fixed bug #24693 (Allow session.use_trans_sid to be enabled/disabled from 
inside the script).
 2003-12-14 23:24:50 +00:00
Derick Rethans
71f9227cc5 - Fixed bug #26548 (Malformed HTTP dates in headers). 2003-12-07 14:29:43 +00:00
Wez Furlong
30b631d9f6 Export this so that shared session modules can use it under win32. 2003-12-02 23:14:31 +00:00
foobar
e85a4cdbd2 - Fixed bug #25780 (ext/session: invalid session.cookie_lifetime causes crash in win32). 2003-10-08 10:22:51 +00:00
Sascha Schumann
394d3b82b0 Alias session_commit to session_write_close, a more intuitive name 
for the functionality.
 2003-09-21 11:53:12 +00:00
Sascha Schumann
a3c89a2e8f Fix a segfault which occured when using a storage format not capable 
of expressing references (e.g. WDDX) and deserializing a session variable
whose name conflicted with an existing symbol in the global scope.

PR: #25307
Submitted by: Jani Taskinen
Speling fixes: me
 2003-08-29 12:33:47 +00:00
Andrey Hristov
20383f9080 \n at the end of the message is not needed 2003-08-28 20:43:18 +00:00
Sascha Schumann
237da469d7 format string fix 2003-08-28 17:34:33 +00:00
foobar
625600af30 - Prevent crash if non-existing save/serializer handler is tried to be used 
- Added the registered serializers information to MINFO.
 2003-08-26 02:03:41 +00:00
Ilia Alshanetsky
b9b75991e3 Fixed bug #25084 (Make refer check not dependant on register_globals) 2003-08-14 01:30:06 +00:00
Ilia Alshanetsky
93bcd55eaf emalloc -> safe_emalloc 2003-08-12 00:58:52 +00:00
Ilia Alshanetsky
22c3346967 Fixed bug #22245 (References inside $_SESSION not being handled). 2003-08-11 19:20:44 +00:00
Sascha Schumann
5978734f30 MFB proper fix for #24592 2003-07-22 01:11:07 +00:00
Ilia Alshanetsky
f9a8fc0c09 Fixed bug #24592 (Possible crash in session extnsion, with NULL values) 2003-07-21 21:47:52 +00:00
James Cox
f68c7ff249 updating license information in the headers. 2003-06-10 20:04:29 +00:00
Sascha Schumann
3c58f69fc4 Print NOTICE upon session_start being called while another session is 
active
 2003-06-10 03:56:23 +00:00
foobar
bfe9e39673 MFB: fix proto 2003-05-31 02:33:55 +00:00
foobar
ed1378a975 MFB: Always send a new session cookie upon regenerating id 2003-05-31 02:33:21 +00:00
Sascha Schumann
289ad3960e Fix the way we create references to (sometimes non-)existing 
variables.

Credits go to Rob Richards <rrichards@digarc.com> and Zeev
 2003-05-15 13:33:18 +00:00
Stanislav Malyshev
cddface7f1 fix TSRM 2003-04-27 16:18:43 +00:00
Stanislav Malyshev
cad71d8c92 MFB 4_3: 
Fix very nasty bug - session cookie kills one of the cookies
set before it on certain non-Apache SAPIs.
# for example, this code:
# <?
# setcookie("abc", 1);
# setcookie("def", 2);
# session_start();
# ?>
# would output only 'def' cookie on CGI and ISAPI
 2003-04-27 16:04:53 +00:00
Sascha Schumann
4226fe67d1 dividend -> divisor 
Submitted by: Jesus M. Castagnetto <jmcastagnetto@yahoo.com>
 2003-04-05 11:22:15 +00:00
Sebastian Bergmann
5ca078779a Eliminate some TSRMLS_FETCH() calls. Tested with Win32 build of SAPI/CGI and SAPI/CLI on Win32. 2003-03-25 08:07:13 +00:00
foobar
3c9155e0cb Renamed OnUpdateInt -> OnUpdateLong to prevent further misunderstandings. 
# Intentionally left out any 'alias' for it, this way 3rd party extension
# maintainers will really NOTICE the change.
 2003-03-07 05:15:28 +00:00
Zeev Suraski
4e55747a2b Add JIT initialization for _SERVER and _ENV 
(it's less important for the others, even though it should be fairly
easy now too)
 2003-03-02 10:19:15 +00:00
Sascha Schumann
6f5b46c118 generally urlencode parameters 2003-02-20 06:18:16 +00:00