clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-23 19:07:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
68,928 Commits 491 Branches 1,363 Tags 846 MiB
9be55beb91
Commit Graph

851 Commits

Author SHA1 Message Date
Antony Dovgal
7d2142a56e protect _SESSION, HTTP_SESSION_VARS and GLOBALS 
maintain an internal reference of _SESSION, so that it won't be possible to destroy it from userspace
 2006-12-20 19:31:28 +00:00
Antony Dovgal
bcf457d828 MFH: fix retval type 2006-12-04 15:58:48 +00:00
Ilia Alshanetsky
35f78f221b Fixed bug #37627 (session save_path check checks the parent directory). 2006-12-04 15:19:26 +00:00
Ilia Alshanetsky
5f3e233ea7 Disallow \0 chars inside session.save_path 2006-12-01 00:27:20 +00:00
Hannes Magnusson
050f94f746 MFH: Fix double "wron param count" messages 2006-11-03 14:46:48 +00:00
Ilia Alshanetsky
3f71251ffa MFH: Fixed bug #39265 (Fixed path handling inside mod_files.sh). 2006-11-03 13:19:07 +00:00
Ilia Alshanetsky
b1d8f7e09d Expose session storage module locater and serialization function via PHPAPI 2006-10-06 21:11:36 +00:00
Ilia Alshanetsky
154f70acf1 Fixed bug #38993 (Fixed safe_mode/open_basedir checks for 
session.save_path, allowing them to account for extra parameters).
 2006-10-01 20:58:02 +00:00
Hannes Magnusson
6affa7d3e9 Fix tests 2006-09-18 16:12:13 +00:00
Antony Dovgal
b6ced95187 change ini handlers to produce E_ERROR if they are called during startup 2006-08-30 16:24:40 +00:00
Antony Dovgal
f8fd45a735 MFH: change E_ERROR to E_WARNING when invalid argument has been passed 
make sure ini_set() doesn't reset PS(mod) and PS(serializer) to invalid values
 2006-08-30 15:43:10 +00:00
Antony Dovgal
a6088ffc5a fix test 2006-08-11 10:35:22 +00:00
Ilia Alshanetsky
7dfae526c7 Fixed proto 2006-08-10 21:10:03 +00:00
Ilia Alshanetsky
e5fe441cbd Added support for httpOnly flag for session extension and cookie setting 
functions.

# Original patch by Scott MacVicar
 2006-08-10 13:50:56 +00:00
Ilia Alshanetsky
d58b3869a7 Fixed bug #38377 (session_destroy() gives warning after 
session_regenerate_id()).
 2006-08-08 14:54:49 +00:00
Antony Dovgal
0c4ef446e2 MFH: fix #38289 (segfault in session_decode() when _SESSION is NULL) 2006-08-02 09:16:52 +00:00
Antony Dovgal
52e6ede06e MFH: fix #38278 (session_cache_expire()'s value does not match phpinfo's session.cache_expire) 2006-08-01 08:32:07 +00:00
Ilia Alshanetsky
96324fb67f An improved fix for bug #38224 2006-07-27 15:33:16 +00:00
Ilia Alshanetsky
bcc8854eaa make C++ compilers happy 2006-07-27 14:13:30 +00:00
Ilia Alshanetsky
dcb4b314bf removed debug code 2006-07-27 14:05:03 +00:00
Ilia Alshanetsky
e5a1182304 Fixed bug #38224 (session extension can't handle broken cookies). 2006-07-27 14:00:13 +00:00
Ilia Alshanetsky
1784db8087 Fixed compiler warnings. 2006-07-13 00:13:19 +00:00
Michael Wallner
33dbaff1ed MFH: add note why replace is 0, so that I don't wonder again in 2 months 
why session_regenerate_id() sends the session cookie twice
 2006-07-12 15:28:44 +00:00
Dmitry Stogov
1dbaae2795 Added automatic module globals management 2006-06-15 18:33:09 +00:00
Marcus Boerger
aa0172a4da - MFH Fix bug #37510 session_regenerate_id changes session_id() even on failure 2006-05-18 22:12:26 +00:00
Ilia Alshanetsky
101d925baa Commit the actual fix 2006-04-18 00:31:45 +00:00
Ilia Alshanetsky
3022080d84 Fixed bug #36459 (Incorrect adding PHPSESSID to links, which contains \r\n). 2006-02-28 14:45:18 +00:00
Rasmus Lerdorf
6cc9f92d16 (Missing patch from the PHP 4 tree that got lost in the shuffle) 
See: http://cvs.php.net/viewcvs.cgi/php-src/ext/session/session.c?r1=1.336.2.39&r2=1.336.2.40
- fix logic. if the client already sent us the cookie, we don't
  need to send it again.  if the id has been changed, we need to
  update the client side.
 2006-02-10 07:39:13 +00:00
Frank M. Kromann
80cc4867e3 Export symbols that will allow building WDDX as shared object 2006-01-28 06:18:01 +00:00
Ilia Alshanetsky
3d80bd0cdf Added a check for special characters in the session name. 2006-01-15 16:51:18 +00:00
foobar
5bd93221a8 bump year and license version 2006-01-01 12:51:34 +00:00
foobar
3e669bc950 MFH: nuke php3 legacy 2005-12-06 02:28:41 +00:00
foobar
b5017bd725 MFH: Improved the fix for #21306 a bit 2005-09-23 08:14:13 +00:00
foobar
de6b4c0091 MFH: - Fixed bug #21306 (catch bailouts of write handler during RSHUTDOWN) 2005-09-20 20:56:54 +00:00
Stanislav Malyshev
bcb70109d2 fix crash on restarting static PHP having session modules loaded 2005-09-20 14:03:29 +00:00
foobar
9477097564 MFH: Nuked EOLs from error messages 2005-08-18 13:34:41 +00:00
foobar
23e671a51e - Bumber up year 2005-08-03 14:08:58 +00:00
Dmitry Stogov
319cbe1c5a Fixed test file 2005-07-05 14:10:31 +00:00
foobar
73dd4043b3 Make sure files-save handler is used always 2005-07-04 13:09:14 +00:00
foobar
56c1b316da - Added session.hash_bits_per_character support. (3rd param) 
(Changes by: waltzer at autumnweave dot com)
 2005-06-20 13:37:32 +00:00
foobar
fd07bc5e6b nuke duplicate code 2005-06-03 22:09:22 +00:00
Antony Dovgal
29319a81b8 fix typo 
(see details here: http://news.php.net/php.internals/16350)
 2005-06-01 18:27:50 +00:00
foobar
a20383ba06 - Unify the "configure --help" texts 2005-05-29 23:17:16 +00:00
Ilia Alshanetsky
c24900dfa4 Added an optional remove old session parameter to session_regenerate_id(). 2005-05-29 16:51:25 +00:00
foobar
26d7b7fbc0 CS fix 2005-05-23 06:46:25 +00:00
Antony Dovgal
a186549ec0 fix compile warning 2005-05-22 12:57:26 +00:00
Rasmus Lerdorf
c1ef105535 Fixed bug 33072 - safemode/open_basedir check for runtime save_path change 2005-05-21 17:37:56 +00:00
Antony Dovgal
8f5ecf6da8 fix bug #32944 (Disabling session.use_cookies doesn't prevent reading session cookies) 2005-05-20 10:27:49 +00:00
foobar
626253940e - Added PHP_INSTALL_HEADERS() macro 
- Fixed several VPATH build issues
- Changed all awk calls to use $AWK
- Changed all mkdir calls to use "$php_shtool mkdir"
 2005-05-07 02:51:53 +00:00
foobar
a119050ebb These tests require register_long_arrays=1 2005-03-31 19:47:19 +00:00
Antony Dovgal
76e07faf87 fix leak when register_long_arrays is off 2005-03-24 00:17:16 +00:00
foobar
3ca8ad73a4 - Missing $Id$ tags 2005-02-13 17:54:04 +00:00
foobar
7281cd8082 MFB_4_3: cvs diff -r1.84.2.5 -r1.84.2.6 php_session.h 2005-02-13 07:55:27 +00:00
Antony Dovgal
5b78e4c025 hm.. 
fix #28324 _properly_
 2005-02-10 20:22:07 +00:00
Antony Dovgal
94982058b6 fix bug #28324 (HTTP_SESSION_VARS appear when register_long_arrays is Off) 2005-02-10 19:38:11 +00:00
Stefan Esser
581265f4d1 Correctly initialize ZVAL 2005-01-21 16:03:47 +00:00
foobar
64e40c2271 - Make sure FD_CLOEXEC is always defined. 2005-01-18 15:44:33 +00:00
Antony Dovgal
37d3ea836e add skipif section 2005-01-09 18:22:12 +00:00
Antony Dovgal
68d73f8cf9 add test for bug #31454 2005-01-09 18:15:49 +00:00
Antony Dovgal
d7072f8a9d efree(name) 2005-01-09 17:49:51 +00:00
Antony Dovgal
c644b2a5a1 fix bug #31454 (session_set_save_handler crashes PHP when supplied non-existent object ref) 2005-01-09 17:42:02 +00:00
Antony Dovgal
ad76be844b CS changes (as suggested by Ilia) 2004-12-09 17:15:52 +00:00
Antony Dovgal
e76824c91f fix segfault in session_module_name() when session.save_handler is empty 2004-12-09 14:14:21 +00:00
Dmitry Stogov
a22fa4d109 Fixed crash in phpinfo() after graceful Apache restart. 2004-12-07 18:02:25 +00:00
Joe Orton
2685ca935f Update extensions to use /path/to/$PHP_LIBDIR rather than /path/to/lib 
to support multi-ABI platforms.
 2004-11-03 14:32:52 +00:00
Andi Gutmans
11bcaedfc8 - Rename delete_global_variable() to zend_delete_global_variable() 2004-10-04 20:17:06 +00:00
Andi Gutmans
db507dd153 - Commit the variable fetch optimization. 
- Extensions which delete global variables need to use new special function
- delete_global_variable() (I'm about to rename it) to remove them.
- Will post to internals@ or via commit messages if there's anything else.
 2004-10-04 19:54:35 +00:00
Anantha Kesari H Y
47e4f575c2 modified to 3rd argument of fcntl to FD_CLOEXEC 2004-10-04 08:52:53 +00:00
Anantha Kesari H Y
142e92bb70 NetWare specific stat structure access incorporated 2004-09-30 14:31:30 +00:00
Anantha Kesari H Y
ccbeace1ff handled NetWare F_SETFD and stat differences 2004-09-30 14:23:51 +00:00
Antony Dovgal
0ea23249da fix error message 2004-09-30 14:20:02 +00:00
Antony Dovgal
fcd702efe4 fix segfault when using unknown/unsupported save_handler and/or serialize_handler (bug #30282) 2004-09-30 12:19:59 +00:00
Ilia Alshanetsky
6784176b9c Fixed compiler warnings. 2004-09-14 23:57:53 +00:00
Ilia Alshanetsky
197d65770a Fixed bug #29925 (Added a check to prevent illegal characters in session 
key).
 2004-09-02 02:44:04 +00:00
Sascha Schumann
5890197024 fix empty_string issue 
Patch submitted by Antony Dovgal <tony2001@phpclub.net>
 2004-08-02 08:27:46 +00:00
Sascha Schumann
26cb5355e0 don't read empty files 
0 malloc noticed by Antony Dovgal <tony2001@phpclub.net>
 2004-08-02 08:27:24 +00:00
Andi Gutmans
56f8195fe5 - Nuke empty_string. It is a reminanent from the time where RETURN_FALSE() 
used to return "" and not bool(false). It's not worth keeping it because
  STR_FREE() and zval_dtor() always have to check for it and it slows down
  the general case. In addition, it seems that empty_string has been abused
  quite a lot, and was used not only for setting zval's but generally in
  PHP code instead of "", which wasn't the intention. Last but not least,
  nuking empty_string should improve stability as I doubt every place
  correctly checked if they are not mistakenly erealloc()'ing it or
  calling efree() on it.
  NOTE: Some code is probably broken. Each extension maintainer should
  check and see that my changes are OK. Also, I haven't had time to touch
  PECL yet. Will try and do it tomorrow.
 2004-07-19 07:19:50 +00:00
Andi Gutmans
e5cfb1d05c - Better stability during premature shutdown of request startup 2004-07-10 07:46:17 +00:00
Ilia Alshanetsky
690ca62dd3 Do not use alloca() where it can be abused through user input. 2004-06-30 01:12:06 +00:00
Ilia Alshanetsky
df71910d0e Better skip condition check for session tests. 2004-05-27 20:53:26 +00:00
Marcus Boerger
29cfd6d24f - Remove unused blocks 2004-05-19 08:56:50 +00:00
Ilia Alshanetsky
f7f966f96f Skip session tests if session.save_path is not writable. 2004-05-13 12:53:47 +00:00
Sara Golemon
96132bf4fe if statement logic would never eval to false. 2004-05-08 05:58:18 +00:00
Ilia Alshanetsky
dda0dd4825 Fixed test failure if session.use_trans_sid is enabled. 2004-04-15 13:37:50 +00:00
Ilia Alshanetsky
793140873b Another setting leak in session code (bug #27963). 2004-04-13 18:18:22 +00:00
Ilia Alshanetsky
254c8d6ce9 Fixed bug #27963 (Session lifetime setting may leak between requests). 2004-04-13 00:39:05 +00:00
Wez Furlong
32be6f268b Fix for Bug #26757: session.save_path defaults to bogus value on win32 
Merge from branch with one main difference: the default save_path is
set to the empty string on all platforms, whereas the code in the
branch only does so for win32.
 2004-03-29 21:44:07 +00:00
Hartmut Holzgraefe
cc0894b788 more visa to sibira ;) 2004-03-24 18:43:23 +00:00
Moriyoshi Koizumi
75f83f7bb4 - Fix segfaults on deserialisation of referenced variables. 
# ALLOC_INIT_ZVAL() initialises the type field to IS_NULL, while
# MAKE_STD_ZVAL() doesn't. This caused a kind of random crash
# when zval_ptr_dtor() was applied on an intact zval created by
# the latter method.
#
# Please check relevant bugs again. There should be some that
# have already been marked as bogus.
 2004-02-29 00:26:36 +00:00
foobar
ac92c47b84 Fix bug #26005 (Random "cannot change the session ini settings" errors) 2004-02-24 08:47:35 +00:00
foobar
4441da2754 Improve error messages 2004-02-19 01:54:21 +00:00
Zeev Suraski
7c710a9f9b Use zval_ptr_dtor() to free variables as soon as they hit refcount of 0. 
Note:  You should not be using ZVAL_DELREF() in day to day usage.  Instead,
       you should use zval_ptr_dtor().  Use ZVAL_DELREF() only if you're
       messing with the refcount directly and know what you're doing.
Note #2:  For clarity, if you want to initialize a new zval with a refcount
          of 0, it's best to do that directly, instead of using ZVAL_DELREF
          after allocating the zval...
 2004-02-15 12:58:19 +00:00
Ilia Alshanetsky
0fc2bb9d49 Fixed bug #26862 (ob_flush() followed by output_reset_rewrite_vars() may 
result in data loss).
 2004-02-11 17:00:48 +00:00
Stanislav Malyshev
8487383ede fix test - remove warning 2004-02-05 09:03:37 +00:00
foobar
6a1d0114a7 Silence some compile warnings 2004-01-23 03:28:59 +00:00
Wez Furlong
6ac364048b export tsrm id for session globals. 2004-01-09 15:30:07 +00:00
foobar
ccfc46b0aa - Happy new year and PHP 5 for rest of the files too.. 
# Should the LICENSE and Zend/LICENSE dates be updated too?
 2004-01-08 17:33:29 +00:00
Andi Gutmans
dbeb4158d2 - A belated happy holidays and PHP 5 2004-01-08 08:18:22 +00:00
Marcus Boerger
45277ec5d7 Preserve casing 2003-12-22 23:17:17 +00:00
Dmitry Stogov
fca9c0c669 Incorrect test file was fixed. (Use pattern insted of absolute filename) 2003-12-16 11:19:20 +00:00
Ilia Alshanetsky
5264d34578 Update test to reflect new functionality. 2003-12-14 23:27:32 +00:00
Ilia Alshanetsky
d3639b1aa7 Fixed bug #24693 (Allow session.use_trans_sid to be enabled/disabled from 
inside the script).
 2003-12-14 23:24:50 +00:00
Derick Rethans
71f9227cc5 - Fixed bug #26548 (Malformed HTTP dates in headers). 2003-12-07 14:29:43 +00:00
Wez Furlong
98f1021dd8 Make these tests work under win32 2003-12-05 13:42:04 +00:00
Wez Furlong
05b9b20ed8 Add new (optional!) win32 build infrastructure. 
Will follow up to internals@ shortly.
 2003-12-02 23:17:04 +00:00
Wez Furlong
30b631d9f6 Export this so that shared session modules can use it under win32. 2003-12-02 23:14:31 +00:00
Marcus Boerger
c3fddcab62 Fix tests for E_STRICT and check for E_STRICT in run-tests.php. 2003-11-30 13:57:20 +00:00
foobar
e85a4cdbd2 - Fixed bug #25780 (ext/session: invalid session.cookie_lifetime causes crash in win32). 2003-10-08 10:22:51 +00:00
foobar
dc080a5db6 - Always look into /usr/local before /usr 
- Added breaks to make sure the preferred value is used.
 2003-10-01 02:53:23 +00:00
Ilia Alshanetsky
526a3d9ce2 Always prefer user specified paths over the default /usr /usr/local. 
This may fix compilation problems with on systems with multiple copies of
the same library.
 2003-09-30 22:36:43 +00:00
foobar
72de75c99a This is only needed for Windows. 2003-09-25 14:53:41 +00:00
Ilia Alshanetsky
569bd005d2 Fixed bug #25070 (Don't forget to unlock session files on win32 before 
closing them).

Regions should be locked only briefly and should be unlocked before
closing a file or exiting the program. On Win32 locked files that are
closed without being explicitly unlocked will be unlocked only when "system
resources become avaliable".
 2003-09-24 23:39:14 +00:00
Sascha Schumann
394d3b82b0 Alias session_commit to session_write_close, a more intuitive name 
for the functionality.
 2003-09-21 11:53:12 +00:00
Sascha Schumann
a3c89a2e8f Fix a segfault which occured when using a storage format not capable 
of expressing references (e.g. WDDX) and deserializing a session variable
whose name conflicted with an existing symbol in the global scope.

PR: #25307
Submitted by: Jani Taskinen
Speling fixes: me
 2003-08-29 12:33:47 +00:00
Andrey Hristov
20383f9080 \n at the end of the message is not needed 2003-08-28 20:43:18 +00:00
Sascha Schumann
237da469d7 format string fix 2003-08-28 17:34:33 +00:00
foobar
625600af30 - Prevent crash if non-existing save/serializer handler is tried to be used 
- Added the registered serializers information to MINFO.
 2003-08-26 02:03:41 +00:00
Ilia Alshanetsky
b9b75991e3 Fixed bug #25084 (Make refer check not dependant on register_globals) 2003-08-14 01:30:06 +00:00
Ilia Alshanetsky
5eb23bf01e Added missing skip condition 2003-08-14 00:54:28 +00:00
Ilia Alshanetsky
93bcd55eaf emalloc -> safe_emalloc 2003-08-12 00:58:52 +00:00
Ilia Alshanetsky
22c3346967 Fixed bug #22245 (References inside $_SESSION not being handled). 2003-08-11 19:20:44 +00:00
Sascha Schumann
5978734f30 MFB proper fix for #24592 2003-07-22 01:11:07 +00:00
Ilia Alshanetsky
f9a8fc0c09 Fixed bug #24592 (Possible crash in session extnsion, with NULL values) 2003-07-21 21:47:52 +00:00
Sterling Hughes
7da8fbd7ef fix this test when using a save_handler other than files... 2003-07-02 04:34:18 +00:00
Sascha Schumann
f25ff93cc6 MFB 2003-06-13 09:19:52 +00:00
foobar
9706fcd17f Fix the test. (second session init call produces a notice) 2003-06-13 09:15:56 +00:00
James Cox
f68c7ff249 updating license information in the headers. 2003-06-10 20:04:29 +00:00
Sascha Schumann
3c58f69fc4 Print NOTICE upon session_start being called while another session is 
active
 2003-06-10 03:56:23 +00:00
Marcus Boerger
d1c19eb5a1 Fix tests 2003-05-31 13:10:00 +00:00
foobar
bfe9e39673 MFB: fix proto 2003-05-31 02:33:55 +00:00
foobar
ed1378a975 MFB: Always send a new session cookie upon regenerating id 2003-05-31 02:33:21 +00:00
Sascha Schumann
289ad3960e Fix the way we create references to (sometimes non-)existing 
variables.

Credits go to Rob Richards <rrichards@digarc.com> and Zeev
 2003-05-15 13:33:18 +00:00
Sascha Schumann
ed68ca44ec Fix types of bug_compat entries 
PR: #21312
Submitted by: Rob Richards <rrichards@ctindustries.net>
 2003-05-10 16:49:21 +00:00
Stanislav Malyshev
cddface7f1 fix TSRM 2003-04-27 16:18:43 +00:00
Stanislav Malyshev
cad71d8c92 MFB 4_3: 
Fix very nasty bug - session cookie kills one of the cookies
set before it on certain non-Apache SAPIs.
# for example, this code:
# <?
# setcookie("abc", 1);
# setcookie("def", 2);
# session_start();
# ?>
# would output only 'def' cookie on CGI and ISAPI
 2003-04-27 16:04:53 +00:00
Sascha Schumann
4226fe67d1 dividend -> divisor 
Submitted by: Jesus M. Castagnetto <jmcastagnetto@yahoo.com>
 2003-04-05 11:22:15 +00:00
Sebastian Bergmann
5ca078779a Eliminate some TSRMLS_FETCH() calls. Tested with Win32 build of SAPI/CGI and SAPI/CLI on Win32. 2003-03-25 08:07:13 +00:00
foobar
3c9155e0cb Renamed OnUpdateInt -> OnUpdateLong to prevent further misunderstandings. 
# Intentionally left out any 'alias' for it, this way 3rd party extension
# maintainers will really NOTICE the change.
 2003-03-07 05:15:28 +00:00
Zeev Suraski
4e55747a2b Add JIT initialization for _SERVER and _ENV 
(it's less important for the others, even though it should be fairly
easy now too)
 2003-03-02 10:19:15 +00:00
Sascha Schumann
6f5b46c118 generally urlencode parameters 2003-02-20 06:18:16 +00:00
Sascha Schumann
4ec77cfbb5 Refactor new-session-id code 2003-02-18 19:29:38 +00:00
Sascha Schumann
2699c26f42 Remember whether to send a cookie, so that we send out the correct 
session id.  Also improve check for active session
 2003-02-18 19:13:49 +00:00
Sascha Schumann
32e0c8161c add session_regenerate_id() 2003-02-18 18:50:44 +00:00
Sascha Schumann
a10f0830e6 support setting the filemode using session.save_path 2003-02-11 00:42:54 +00:00
Sascha Schumann
5e601732a3 use appropiate prefixes in the ps_module structure so we don't clash 
with syscalls
 2003-02-11 00:42:14 +00:00
Ilia Alshanetsky
242a9a47c7 Fix compiler warning. 2003-01-30 22:37:50 +00:00
Sascha Schumann
330740f7cd Remove ugly netware hacks from the code 2003-01-24 23:57:32 +00:00
Ilia Alshanetsky
3d8e54f3a2 Changed php_error to php_error_docref. 2003-01-19 00:45:53 +00:00
Ilia Alshanetsky
72b356c1bc Removed pointless memory allocation checks. 2003-01-18 19:28:10 +00:00
Sascha Schumann
db8b4c6762 Add INI setting session.hash_bits_per_character which enables developers 
to choose how session ids are represented, regardless of the hash algorithm.
 2003-01-16 07:21:49 +00:00
Sascha Schumann
f2f1f94e36 add INI setting session.hash_function 
add support for creating session ids using SHA-1
source more entropy for session ids
 2003-01-12 13:07:14 +00:00
Sascha Schumann
0b8401bf27 handle ERANGE from strtol properly 2003-01-12 13:05:32 +00:00
Zeev Suraski
ada5c4009e Fix UMR 2003-01-08 13:28:16 +00:00
Anantha Kesari H Y
90ba724072 Modified for NetWare. 2003-01-03 14:24:07 +00:00
Sebastian Bergmann
b506f5c8f8 Bump year. 2002-12-31 16:08:15 +00:00
Ilia Alshanetsky
c731daeda7 Fixed bug #21268 (session_decode() returned FALSE on success). 2002-12-29 18:50:55 +00:00
Marcus Boerger
3cf581b1b3 correct code that is guarded by "#if 0" 2002-12-05 20:41:55 +00:00
Marcus Boerger
9a04528061 fix ZTS build 2002-12-05 20:39:43 +00:00
Marcus Boerger
dcfe988820 php_error -> php_error_docref 2002-12-05 20:13:35 +00:00
Ilia Alshanetsky
9497ba9d49 MFH (test failure if session.serialize_handler is not set to php). 2002-11-25 23:20:05 +00:00
Sascha Schumann
a257d758a5 Add an error message to the ini handlers 2002-11-20 17:15:00 +00:00
Sascha Schumann
e9ed065afc add protective checks to ini updates 
Noticed by: Derick Rethans <d.rethans@jdimedia.nl>
PR: #20284
 2002-11-20 16:06:29 +00:00
John Coggeshall
6ac365896c Modified the experimental new test class to make it easier to port to the 
web. Pushed all echo statements through a function that can be
overwritten, changed the way pass/skip/fail is handled (separate function)
that of course can also be overwritten. To begin testing of a web-based
test script also created a webHarness class which will output HTML. To
use, just $a = new webHarness(); instead of $a = new testHarness(); A few
modifications still must be made to remove the CLI reliance completely.

Also modified a test script description.
 2002-11-01 00:22:02 +00:00
Marcus Boerger
62667ee6a6 -Only accept one single message which is expected. 
-Move error related settings to --INI-- section
#Now see we can do it correct
 2002-10-29 14:03:37 +00:00
Marcus Boerger
b9eda54711 This test requires special settings 
#wait/read next commit on run-test.php
 2002-10-27 23:56:08 +00:00
Ilia Alshanetsky
c88e0fd5de Fixed a bug in the test that would cause it to always fail. 2002-10-25 17:52:32 +00:00
Marcus Boerger
86465058a4 one version for php<4.2.3 and one for php>=4.2.3 2002-10-24 18:18:44 +00:00
Sascha Schumann
e60c601bd1 improved warning message 
# this should really link to an external page which explains the issue deeply
 2002-10-24 10:40:48 +00:00
Derick Rethans
bfc3250187 - Hardcode dependent ini setting 2002-10-13 11:14:49 +00:00
Derick Rethans
db89afc45b - Hardcode setting which affects the test 2002-10-12 17:12:43 +00:00
Derick Rethans
4a54968c71 - hardcode default rewriting tags 2002-10-08 18:30:38 +00:00
Sascha Schumann
8ca10fb5e8 Call ob_flush to force the buffer contents to go through the rewriter. 2002-10-07 10:07:27 +00:00
Sascha Schumann
2dde6fb594 Print out warning only, if a variable was actually migrated 2002-10-07 02:37:50 +00:00
Sebastian Bergmann
d7f9e8526f Silence warning. 2002-10-06 21:47:54 +00:00
Ilia Alshanetsky
6b5575a101 Code cleanup. Thanks Andi. 2002-10-06 17:17:38 +00:00
Sascha Schumann
fb84b3e1d0 remove trans_sid=1 2002-10-03 23:13:36 +00:00
Sascha Schumann
5db24fbb7b 20: rewriter uses arg_seperator.output for modifying URLs 
21: rewriter handles <form> and <fieldset> correctly
 2002-10-03 23:12:16 +00:00
Sascha Schumann
47cc29c9d1 19: serializing references test case using globals 
18: rewriter correctly handles attribute names which contain dashes
 2002-10-03 22:54:15 +00:00
Sascha Schumann
eab0f5965f code from ancient bug #5271 
setting $_SESSION before session_start() should not cause segfault
 2002-10-03 16:55:08 +00:00
Sascha Schumann
3998374a0d invalid session.save_path should not cause a segfault 2002-10-03 16:49:52 +00:00
Sascha Schumann
61e47a342e use_trans_sid should not affect SID 2002-10-03 16:43:44 +00:00
Sascha Schumann
8882b28e60 editing 2002-10-03 16:14:55 +00:00
Sascha Schumann
d661fa4b46 A script should not be able to modify session.use_trans_sid 2002-10-03 15:58:10 +00:00
Sascha Schumann
bb4f911035 There should not be any warning with regard to redefining SID 2002-10-03 15:52:36 +00:00
Sascha Schumann
dba3e4c7ad Registering _SESSION should not segfault. 2002-10-03 15:48:18 +00:00
Sascha Schumann
d4e1ac6c26 Mini test cases for fixed segfaults 2002-10-03 15:39:29 +00:00
Sascha Schumann
5fe046c4c3 session_decode should not segfault 2002-10-03 15:33:00 +00:00
Sascha Schumann
e24247e632 Remove ob_start() 2002-10-03 15:19:55 +00:00
Sascha Schumann
16f54aaca8 Add test for unset($_SESSION["x"]); behaviour 2002-10-03 15:19:43 +00:00
Sascha Schumann
c4adf94fbd make tests work with CLI 2002-10-03 15:11:01 +00:00
Sascha Schumann
7e03310a6a Don't emit warning, if there is nothing to send 2002-10-03 15:10:36 +00:00
Sascha Schumann
114c544b9b Purge ini_set calls and replace through INI sections. 2002-10-03 08:07:21 +00:00
Andi Gutmans
b276a96f4b - Fix ZTS build 2002-10-03 07:23:50 +00:00
Sascha Schumann
13f5db1b67 Make the interpretation of gc_probability configurable by adding 
session.gc_dividend. The probability of running gc on each request is then
gc_probability/gc_dividend.
 2002-10-03 06:45:15 +00:00
Sascha Schumann
be319c721a Reenable E_WARNING and test session.bug_compat_warn in addition. 2002-10-03 06:41:25 +00:00
Sascha Schumann
afb1458910 session_destroy resets the sid, so we need to set it again here 2002-10-03 06:33:19 +00:00
Sascha Schumann
356ea7ffbd Verify PHP 4.2 compatibility: global is used albeit register_globals=0 2002-10-03 06:32:45 +00:00
Sascha Schumann
0ed434a13b Use ZEND_SET_SYMBOL_WITH_LENGTH correctly (hopefully) 
It strikes me as awkward that a Zend API user needs to take care of
doing the engine's reference counting.

This fixes a memory overrun in a testcase.  All ZEND_SET_* calls
should be correct now.
 2002-10-03 06:29:58 +00:00
Sascha Schumann
15b23945ad (track_init) Use is_ref/refcount parameters of SET_SYMBOL macros 
(save_current_state) Prevent a possible deadlock which occurs when
the track vars are inaccessible
 2002-10-03 05:53:45 +00:00
Sascha Schumann
d4ef4079de Verify PHP 4.2 compatibility: unset($c) with enabled register_globals 2002-10-03 05:06:01 +00:00
Sascha Schumann
8a586103fc Align behaviour with 4.2 with regard to register_globals=1 
session_register("c");
unset($c);
$c = time();

If a user unsets a global session variable, it is not a reference
to a $_SESSION slot anymore.

During serialization, PHP 4.2 will not find the respective entry in
$_SESSION and fall back to the global sym table.
 2002-10-03 04:53:05 +00:00
Sascha Schumann
b9077e5a9d Nuke PS(vars), we keep the state of registered session variables now 
completely in PS(http_session_vars). This avoids bugs which are caused
by a lack of synchronization between the two hashes. We also don't need
to worry about prioritizing one of them.

Add session.bug_compat_42 and session.bug_compat_warn which are enabled
by default. The logic behind bug_compat_42:

IF bug_compat_42 is on, and
IF register_globals is off, and
IF any value of $_SESSION["key"] is NULL, and
IF there is a global variable $key, then
$_SESSION["key"] is set to $key.

The extension emits this warning once per script, unless told otherwise.

"Your script possibly relies on a session side-effect which existed until
PHP 4.2.3. Please be advised that the session extension does not consider
global variables as a source of data, unless register_globals is enabled.
You can disable this functionality and this warning by setting
session.bug_compat_42 or session.bug_compat_warn.
 2002-10-03 03:23:02 +00:00
Sascha Schumann
4ea4f294b6 Fix harmless memory leaks and simplify track_vars_init. 2002-10-02 21:51:32 +00:00
Sascha Schumann
e1dd35bddb The pread/pwrite macros check for a bug in the Linux glibc now. 
The bug causes the kernel not to return -1/EAGAIN. The new test case
has been borrowed from the Linux Test Project.

This also fixes a bug which apparently caused HAVE_PREAD/WRITE to be
defined even if the more complex checks failed (ac_cv_func_NAME=no
was set albeit with no difference).
 2002-10-02 06:05:16 +00:00
Sascha Schumann
8b78c78973 Disable pread/pwrite for now until we can clarify why it should be 
impossible to write a check for a broken OS feature.
 2002-10-01 19:19:10 +00:00
Sascha Schumann
856cd5e17a The session extension ensures now that get_session_var can rely 
on the state of $_SESSION/$HTTP_SESSION_VARS. It does not look up
symbols in the global symbol table anymore.

This was achieved by actually planting references between every
$_SESSION["x"] and $x, not only when restoring a session, but also
when registering a session variable (in a register_globals=1 context).

Upon registering a new variable, this memory leak continues to show
up, regardless of register_globals.

ext/session/session.c(272) :  Freeing 0x0818F01C (12 bytes), script=test

Obviously, the newly allocated empty zval is not properly freed.  If anyone
has any idea on how to fix that, please step forward.
 2002-10-01 11:59:45 +00:00
Wez Furlong
7bcc97c82e Add header file required for pread/pwrite (on my system at least). 2002-09-30 10:18:57 +00:00
foobar
5346391d16 ws fix 2002-09-29 19:28:12 +00:00
Ilia Alshanetsky
4c4d5a617b Fixed a crash, which would occur when save_handler is invalid. 2002-09-29 18:33:14 +00:00
Ilia Alshanetsky
2af630f87d Fixed bug #17281 2002-09-29 15:55:11 +00:00
Ilia Alshanetsky
1142e16075 Fixed bugs #16995 and #19392 2002-09-29 15:26:50 +00:00
Ilia Alshanetsky
57c91b571e Fixed bug #11643 2002-09-26 18:12:27 +00:00
foobar
6b8480fab6 Fix bug: #14991 (changing session.use_trans_sid does not work in scripts) 2002-09-26 16:46:21 +00:00
Ilia Alshanetsky
7ae2196852 Fixed bugs #18167 & #16859 2002-09-25 13:26:03 +00:00
Sascha Schumann
03c07308d3 Improve error messages 2002-09-25 12:38:45 +00:00
Sascha Schumann
ff12826fc1 (php_get_session_var) Always return FAILURE if no data source was found. 
Noticed by: Sebastian Bergmann
 2002-09-23 14:04:50 +00:00
Sascha Schumann
e20c6c8e9c Because track vars are always initialized, get_session_var failed 
to work in the register_globals=1 case.

It is now possible again to store session variables in global vars.
 2002-09-21 05:46:32 +00:00
Sascha Schumann
702d7afc3c Reenable pwrite/pread support 
The old checks supposed that pread/pwrite worked, if a declaration was
found in <unistd.h>.  We now actually check whether they work successfully
before using them.
 2002-09-06 10:27:26 +00:00
foobar
3bf7519210 @- Added --disable-all configure option. (Jani) 2002-09-04 18:47:28 +00:00
Dan Kalowsky
e5324723d0 sniper claims its safe to take these out as well. 2002-09-04 13:52:41 +00:00
Dan Kalowsky
65df9d5127 taking out the PWRITE calls too 2002-09-04 13:51:08 +00:00
Dan Kalowsky
31fe6a549f This fixes Bug #19022 and #15983 2002-09-04 13:42:59 +00:00
Zeev Suraski
3b646f0e5d Use mtime instead of atime, as we always update the session file anyway. 2002-08-17 20:32:26 +00:00
Zeev Suraski
900651b7ab Make unset($_SESSION['foo']) actually remove the variable from the session, 
if register_globals is off.
 2002-08-15 21:44:44 +00:00
Dan Kalowsky
26986164b4 Correcting some english in the comment... 2002-08-15 19:32:08 +00:00
Yasuo Ohgaki
13a3dd7b77 Forgot to update source default. 2002-08-14 22:31:39 +00:00
foobar
29aae162e0 ws fix 2002-07-03 02:16:46 +00:00
foobar
087f2be56f - Fixed bug: #17977, session build as shared works now with mm handler too. 
- Added listing of save handlers into phpinfo() output
 2002-06-28 02:27:02 +00:00
Sascha Schumann
dcf67c4433 This option enables administrators to make their users invulnerable to 
attacks which involve passing session ids in URLs.
 2002-06-12 08:18:36 +00:00
Markus Fischer
39f16dbc65 - Tell the user why his session doesn't work if he uses custom session_id()s. 2002-05-30 11:41:37 +00:00
Andrei Zmievski
1668570e4d Changing email address. 2002-05-13 17:28:38 +00:00
Sascha Schumann
38ad391894 - Fix the way code was outcommented 
- Remove unused STR_CAT macro
- Remove limits/tests based on unused macro
- Implement cache_limiter(private) using private_no_expire
 2002-05-12 12:51:42 +00:00
Sander Roobol
375d7960a7 Revert Preston's patch 2002-05-09 20:02:47 +00:00
Preston L. Bannister
9fdec2e345 Change default directory for session data from /tmp (non-portable) to none. 
Default directory for session data (if not specified) is same (platform-specific) directory used for temporary files.
This is backwards compatible and removes the need for explicitly specifying the session.save_path on Win32.
 2002-05-09 19:42:00 +00:00
Thies C. Arntzen
23251ebd1a re-add accidentily nuked session_adapt_url() 2002-05-05 16:39:49 +00:00
Sascha Schumann
9743860d35 simplify handling of variables by maintaining two strings which 
are simply appended instead of traversing the hash table on each
URL/form.

also fix an unconditional segfault in rshutdown due to efree'ing
a static char *.

remove remove_var, add reset_vars.  move the function declarations
into the right header file.
 2002-05-04 18:33:13 +00:00
Sascha Schumann
9517ff0689 Fix --enable-session=shared 2002-05-04 16:48:48 +00:00
Sebastian Bergmann
8193ca7891 Fix ZTS build. 2002-05-03 08:10:43 +00:00
Thies C. Arntzen
9712a4b3c8 @ - Added output_add_rewrite_var() and output_remove_rewrite_var() to inject 
@   and remove variables from the URL-Rewriter. (thies)
i have also modified the session module to use this - so it doesn't
need to fiddle with the output-system any more
 2002-05-03 08:00:41 +00:00
Thies C. Arntzen
42158ef7c8 revert session_set_userdata - diffent patch will come shortly 2002-04-28 11:45:45 +00:00
Thies C. Arntzen
eb105693b8 @ - added session_set_userdata() which enables you to specify one variable 
@   that will be kept in the browser in addition to the session-id. This
@   only works when using trans-sid sessions (no cookie). (thies)
 2002-04-27 14:07:52 +00:00
Sascha Schumann
2b07dd4fe3 three less strlen invocations 2002-04-26 21:27:38 +00:00
Sascha Schumann
1d22766fb1 Add #ifdef.. around F_SETFD. 2002-04-23 19:58:31 +00:00
Sascha Schumann
5a83ad6dc1 Set the close-on-exec flag for fds. Child processes should not inherit 
the fd.

Also rip out the broken O_EXCL use.  Our file names are not unique and
this left a small window open where creating a session file would fail
(a, b notice that the file does not exist; a creates the file successfully;
 b tries to create, but fails due to O_EXCL).
 2002-04-22 20:39:24 +00:00
Yasuo Ohgaki
c1ae59c588 Fixed file include error 2002-04-19 07:55:24 +00:00
Sascha Schumann
3a3acee3c9 - Proper use of underscores (s/createsid/create_sid/) 
- Bump the API date and remove extra cpp macro
- Pass TSRMLS appropiately to the create_sid function
 2002-03-30 16:29:15 +00:00
Mark L. Woodward
346d74a146 Added field to ps_module structure to hold function pointer for the creation 
of the session ID string. Default PS_MOD() macro sets this to be the default
creation routine. PS_MOD_SID() macro sets this to a handlers session ID
creation routine.
 2002-03-29 16:00:27 +00:00
jim winstead
d3400b2b5f the 'setup' script was removed more than two years ago. 
these can be safely removed from the 4.2 branch, too.
 2002-03-16 00:21:40 +00:00
Sascha Schumann
730800a96d Because of the feature "don't try to send a cookie, if the sid 
was contained in get/post variables" (which I still am not convinced
of completely), we need a separate variable which determines whether
to define SID in the event that a cookie was not sent.

Noticed by: Matt Allen
 2002-03-13 13:08:49 +00:00
Yasuo Ohgaki
e0867ffcf1 Add missing skipif.inc 2002-03-12 05:42:43 +00:00