Kalle Sommer Nielsen
a5304b138f
Removed register_long_arrays ini option (and $HTTP_SESSION_VARS from ext/session)
2010-04-15 16:36:08 +00:00
Rasmus Lerdorf
9692a3619c
Set session.entropy_file to /dev/urandom or /dev/arandom by
...
default if present at compile-time. Addresses part of bug #51436
2010-03-31 18:03:17 +00:00
Ilia Alshanetsky
8a9364080b
Added test for bug #51338
2010-03-23 11:51:38 +00:00
Ilia Alshanetsky
995d15ebcc
Fixed bug #51338 (URL-Rewriter is still enabled if use_only_cookies is on).
2010-03-22 12:16:45 +00:00
Jani Taskinen
af49e58f51
- Reverted r296062 and r296065
2010-03-12 10:28:59 +00:00
Jani Taskinen
06f072cb5e
MFH: Improved / fixed output buffering (Michael Wallner)
2010-03-11 10:24:29 +00:00
Ilia Alshanetsky
dff4e7fda1
Fixed a possible open_basedir/safe_mode bypass in session extension identified by Grzegorz Stachowiak.
2010-01-31 18:06:29 +00:00
Sebastian Bergmann
9ba1e81665
sed -i "s#1997-2009#1997-2010#g" **/*.c **/*.h **/*.php
2010-01-03 09:23:27 +00:00
Rasmus Lerdorf
e9b1ab57a4
Along with the valid char set, also add a length check to the
...
session id here to avoid a lower-level error on the open()
later on in case we exceed MAX_PATH. The lower level open()
error includes the session dir path in it, so this is a very
low-priority security fix. People should not be running
production systems with display_errors turned on.
2009-12-26 23:38:25 +00:00
Dmitry Stogov
5ab649e65f
Fixed compilation
2009-12-04 07:11:37 +00:00
Stanislav Malyshev
3e6ac4fb6b
protect http_session_vars from interrupt corruption
...
improve save_path check
2009-12-04 01:21:32 +00:00
Guenter Knauf
824692fab8
removed now obsolete NetWare hack since I fixed this
...
with Novell some longer time ago in their SDK header.
2009-11-03 21:21:34 +00:00
Dmitry Stogov
7bfe056174
Fixed tests
2009-09-21 09:52:19 +00:00
Antony Dovgal
421b6e0f2c
configure dependency has to be optional as well
2009-07-28 08:59:08 +00:00
Antony Dovgal
75fc702162
fix segfault in session/tests/031.phpt by adding optional extension
...
dependency (php_hash_hashtable has to be initialized when setting
session.hash_function)
2009-07-28 08:54:23 +00:00
Gwynne Raskind
2673b9be38
MFH: fix crash when session hash function generated long hashes with hash_bits_per_character larger than 4
2009-07-17 14:21:59 +00:00
Jani Taskinen
694566d6c4
fix test
2009-05-26 10:12:16 +00:00
Jani Taskinen
9ece649f7c
MFH: ws + sync
2009-05-18 16:10:09 +00:00
Felipe Pena
d64db73483
- Fixed tests
2009-05-05 18:19:16 +00:00
Kalle Sommer Nielsen
5a6d3cc42b
Added E_DEPRECATED startup notice (5.3 only)
2009-05-04 21:18:22 +00:00
Hannes Magnusson
e9c1d924b8
MFH: Add test for bug#42596
2009-04-06 12:12:37 +00:00
Hannes Magnusson
b8bc0f24b3
MFH: Fix segfault on invalid session.save_path
2009-04-06 11:48:49 +00:00
Hannes Magnusson
33aa4ac568
MFH: fix folding
2009-04-06 11:45:25 +00:00
Sebastian Bergmann
08659c2dcd
MFH: Bump copyright year, 3 of 3.
2008-12-31 11:15:49 +00:00
Andrei Zmievski
cae97c3b8e
MFH
2008-12-30 19:37:35 +00:00
Scott MacVicar
2ea6780873
MFH Fix bug #35975 - Session cookie expires date format isn't the most compatible. Sync to that of setcookie().
2008-12-11 01:21:35 +00:00
Hannes Magnusson
76a17847c1
Deprecate session_register(), session_unregister() and
...
session_is_registered() (removed in HEAD)
2008-12-09 14:03:58 +00:00
Ant Phillips
ec1ee12281
Fix broken tests (thanks to Johannes for spotting these).
2008-12-02 10:20:56 +00:00
Ant Phillips
45e14cea18
Latest and greatest versions of these session tests - checked on 5.3 snap on Windows, Linux and Linux 64 bit.
2008-11-27 13:50:28 +00:00
Felipe Pena
fc2fb50d09
- MFH: Added 'static' into ZEND_BEGIN_ARG_INFO_EX macro
2008-11-17 11:28:01 +00:00
Felipe Pena
7a37fa2d6b
- Revert ZEND_BEGIN_ARG_INFO change
2008-11-02 21:19:39 +00:00
Felipe Pena
df10005563
- MFH: Added 'static' into ZEND_BEGIN_ARG_INFO_EX macro
2008-10-24 14:35:40 +00:00
Jani Taskinen
6495909d16
- Revert idiotic patch (hint: Windows IS NOT the most important OS!)
2008-09-07 17:59:24 +00:00
Kalle Sommer Nielsen
1a1df46be2
MFH: Fix test on Windows
2008-09-07 00:42:40 +00:00
Alexey Zakhlestin
c9fab63584
remove special treatment of /tmp path
2008-08-31 14:49:58 +00:00
Alexey Zakhlestin
97e26d95b7
this test depends on session.hash_bits_per_character, but it was not explicitly set
2008-08-26 16:46:26 +00:00
Jani Taskinen
525f3c4793
MFH: General sync. WS / CS / etc. crap some people didn't bother to merge
...
MFH: before this commit..bunnies thank you all..
[DOC] - Added ext/hash support to ext/session's ID generator. (Sara)
[DOC] Ask Sara for explanation..
2008-08-06 05:53:31 +00:00
Jani Taskinen
927a84bdfb
- nuketh period from error message
2008-08-05 23:04:31 +00:00
Jani Taskinen
9ad7800f52
- Nuke ending periods from error messages
2008-08-05 22:52:05 +00:00
Kalle Sommer Nielsen
874b456078
MFH: Fixes #45406 - Patch by oleg dot grenrus at dynamoid dot com
2008-08-04 06:21:55 +00:00
Felipe Pena
e304515ddb
- MFH: Added parameter TSRMLS_DC in zend_is_callable()
2008-08-02 04:46:07 +00:00
Dmitry Stogov
833a2295d1
Support for closures
2008-07-17 09:53:42 +00:00
Jani Taskinen
cd913eb2d8
MFH:- Fix tests (do NOT assume things in php.ini always to be same...or sane)
2008-07-15 01:00:00 +00:00
Felipe Pena
ca0c2340fe
- Added arginfo
2008-06-27 16:16:23 +00:00
Dmitry Stogov
9c3ebd10bb
Fixed memory leaks
2008-06-24 06:47:45 +00:00
Felipe Pena
44fe6a6005
- Fixed tests
2008-06-22 19:16:44 +00:00
Felipe Pena
015f82d219
- New parameter parsing API
2008-06-21 15:27:34 +00:00
Ant Phillips
ad93b947a2
Fix session test failures as reported by Antony Dovgal.
...
These were caused by the tests assuming default values for some session
configuration settings, in particular session.save_path and session.name.
The tests now explicitly set these settings in the --INI-- section.
2008-04-30 15:20:18 +00:00
Ant Phillips
c55db17098
Fix session test failures as reported by Antony Dovgal.
...
These were caused by the tests assuming default values for some session
configuration settings, in particular session.save_path and session.name.
The tests now explicitly set these settings in the --INI-- section.
2008-04-30 09:28:02 +00:00
Ant Phillips
cdf5621b50
More session tests to improve code coverage for untested extension code
2008-04-29 09:24:19 +00:00
Ant Phillips
52af9124b5
More session tests to improve code coverage for untested extension code
2008-04-29 08:57:09 +00:00
Ant Phillips
57e0d2acec
These tests were backported from the PHP 6.0 branch, which in turn were ported from this branch and then updated to remove any dependencies on register_globals. With register_globals removed they are useful tests to run against the 5.X branches.
2008-04-22 16:04:31 +00:00
Ant Phillips
79b73d1218
New set of session extension tests for PHP 5.3 branch.
...
These hopefully test a reasonable set of basic, error and variations for
the twenty or so session functions. Note however that they do not
test all the session configuration settings, nor do they test anything
with register_globals enabled.
2008-04-22 16:04:30 +00:00
Scott MacVicar
944061ba37
Fixed bug #44720 (Prevent infinite recursion within session_register)
2008-04-15 00:59:04 +00:00
Dmitry Stogov
1a08aadc9b
Fixed memory corruption because of double free()
2008-03-11 09:36:41 +00:00
Felipe Pena
84a8bb038a
MFH: New way for check void parameters
2008-03-10 22:15:36 +00:00
Felipe Pena
77af81b8c3
Fix test (thanks Scoates!)
2008-03-08 23:31:05 +00:00
Gwynne Raskind
8bbef4f940
Forgot one file in last commit
2008-03-07 23:20:54 +00:00
Gwynne Raskind
3e99d5cc5b
MFH: fix bug #32330 (session_destroy, "Failed to initialize storage module", custom session handler)
2008-03-07 23:20:32 +00:00
Sebastian Bergmann
d1dded8751
MFH: Bump copyright year, 2 of 2.
2007-12-31 07:17:19 +00:00
Yiduo (David) Wang
4b4d634cb9
MFH: Added macros for managing zval refcounts and is_ref statuses
2007-10-07 05:22:07 +00:00
Dmitry Stogov
6c810b0d4c
Improved memory usage by movig constants to read only memory. (Dmitry, Pierre)
2007-09-27 18:00:48 +00:00
Ilia Alshanetsky
ea6de20d86
Fixed Bug #42596 (session.save_path MODE option does not work).
2007-09-10 23:42:54 +00:00
Jani Taskinen
de85bf4060
MFH: ws + cs changes (sync to ease merging patches around!)
2007-08-23 12:23:59 +00:00
Jani Taskinen
19401951c0
MFH: sync
2007-08-23 11:42:21 +00:00
Ilia Alshanetsky
89c0ba1685
Fixed bug #37273 (Symlinks and mod_files session handler allow open_basedir
...
bypass).
2007-08-23 02:04:39 +00:00
Stanislav Malyshev
6b7f164803
correct fix for access control for save_path and .htaccess
2007-08-03 01:16:40 +00:00
Ilia Alshanetsky
3034092111
Fixed bug #42135 (Second call of session_start() causes creation of SID)
2007-07-29 14:43:30 +00:00
Stanislav Malyshev
143badba52
always check save_path (issue reported by Maksymilian Arciemowicz)
2007-07-10 17:40:41 +00:00
Ilia Alshanetsky
e2d606e18b
Fixed compiler warning
2007-06-17 14:25:46 +00:00
Stefan Esser
df7bfe0a0f
MFH
2007-06-16 07:48:07 +00:00
Stanislav Malyshev
70a8f9313b
Disallow characters that Cookie RFC does not allow in unquoted cookies
2007-06-15 22:40:00 +00:00
Antony Dovgal
d042fd0675
MFH: php_gmtime_r() fixes
2007-06-07 08:59:00 +00:00
Ilia Alshanetsky
c38ad55e8e
Fixed bug #41600 (url rewriter tags doesn't work with namespaced tags).
2007-06-06 00:00:28 +00:00
Antony Dovgal
ffd09c0961
fix tests
2007-05-18 11:29:55 +00:00
Stanislav Malyshev
69650d0ebf
do not send cookie when session is passed in URL, same as it happens with GET/POST
2007-05-16 01:18:14 +00:00
Antony Dovgal
1f65545121
fix test names
2007-05-07 18:03:01 +00:00
Antony Dovgal
39f9184fa6
MFH: fix #40998 (long session array keys are truncated)
2007-04-04 19:52:19 +00:00
Ilia Alshanetsky
7aab16c333
Fixed MOPB-22-2007:PHP session_regenerate_id() Double Free Vulnerability
...
# Discovered by Stefan Esser
2007-03-14 19:37:07 +00:00
Martin Kraemer
9c62ddde34
Typo
2007-03-14 09:58:14 +00:00
Ilia Alshanetsky
a500d1efe9
Adjust checks to allow paths without a trailing /
2007-03-03 15:07:31 +00:00
Ilia Alshanetsky
4735df26f8
Improve safe_mode check
2007-03-02 00:49:47 +00:00
Ilia Alshanetsky
efad70c2cc
snprintf() -> slprintf()
2007-02-27 03:28:17 +00:00
Antony Dovgal
c667c70bdb
fix typo
2007-02-26 17:47:21 +00:00
Marcus Boerger
50ea26760d
- Avoid sprintf, even when checked copy'n'paste or changes lead to errors
2007-02-24 02:17:47 +00:00
Stanislav Malyshev
3e262bd369
disallow negative length
2007-02-24 01:18:14 +00:00
Ilia Alshanetsky
c6402df3a7
Eliminate strcat() usage.
2007-02-19 23:53:00 +00:00
Ilia Alshanetsky
629d7cf43f
Fixed Bug #40274 (Sessions fail with numeric root keys).
2007-02-06 00:01:18 +00:00
Dmitry Stogov
ae792a06b0
Fixed SIGSEGV
2007-01-10 07:04:49 +00:00
Ilia Alshanetsky
81729c1ece
Prevent SESSION/GLOBALS overload via session decoding
2007-01-09 15:31:12 +00:00
Ilia Alshanetsky
d1891c3d8a
removed dl() block
2007-01-06 17:35:44 +00:00
Hannes Magnusson
630254d55e
Fix skipif
2007-01-06 16:56:38 +00:00
Ilia Alshanetsky
7ba84b8807
Added missing open_basedir checks
2007-01-04 23:49:35 +00:00
Sebastian Bergmann
4223aa4d5e
MFH: Bump year.
2007-01-01 09:36:18 +00:00
Ilia Alshanetsky
ba64553913
Added boundary checks to php_binary deserializer
2006-12-31 22:25:55 +00:00
Nuno Lopes
66e555c66f
die("skip this is for PHP < 4.2.3");
2006-12-27 15:22:28 +00:00
Ilia Alshanetsky
ffd41a503f
Session deserializer protection.
2006-12-26 16:53:47 +00:00
Antony Dovgal
7d2142a56e
protect _SESSION, HTTP_SESSION_VARS and GLOBALS
...
maintain an internal reference of _SESSION, so that it won't be possible to destroy it from userspace
2006-12-20 19:31:28 +00:00
Antony Dovgal
bcf457d828
MFH: fix retval type
2006-12-04 15:58:48 +00:00
Ilia Alshanetsky
35f78f221b
Fixed bug #37627 (session save_path check checks the parent directory).
2006-12-04 15:19:26 +00:00
Ilia Alshanetsky
5f3e233ea7
Disallow \0 chars inside session.save_path
2006-12-01 00:27:20 +00:00
Hannes Magnusson
050f94f746
MFH: Fix double "wron param count" messages
2006-11-03 14:46:48 +00:00
Ilia Alshanetsky
3f71251ffa
MFH: Fixed bug #39265 (Fixed path handling inside mod_files.sh).
2006-11-03 13:19:07 +00:00
Ilia Alshanetsky
b1d8f7e09d
Expose session storage module locater and serialization function via PHPAPI
2006-10-06 21:11:36 +00:00
Ilia Alshanetsky
154f70acf1
Fixed bug #38993 (Fixed safe_mode/open_basedir checks for
...
session.save_path, allowing them to account for extra parameters).
2006-10-01 20:58:02 +00:00
Hannes Magnusson
6affa7d3e9
Fix tests
2006-09-18 16:12:13 +00:00
Antony Dovgal
b6ced95187
change ini handlers to produce E_ERROR if they are called during startup
2006-08-30 16:24:40 +00:00
Antony Dovgal
f8fd45a735
MFH: change E_ERROR to E_WARNING when invalid argument has been passed
...
make sure ini_set() doesn't reset PS(mod) and PS(serializer) to invalid values
2006-08-30 15:43:10 +00:00
Antony Dovgal
a6088ffc5a
fix test
2006-08-11 10:35:22 +00:00
Ilia Alshanetsky
7dfae526c7
Fixed proto
2006-08-10 21:10:03 +00:00
Ilia Alshanetsky
e5fe441cbd
Added support for httpOnly flag for session extension and cookie setting
...
functions.
# Original patch by Scott MacVicar
2006-08-10 13:50:56 +00:00
Ilia Alshanetsky
d58b3869a7
Fixed bug #38377 (session_destroy() gives warning after
...
session_regenerate_id()).
2006-08-08 14:54:49 +00:00
Antony Dovgal
0c4ef446e2
MFH: fix #38289 (segfault in session_decode() when _SESSION is NULL)
2006-08-02 09:16:52 +00:00
Antony Dovgal
52e6ede06e
MFH: fix #38278 (session_cache_expire()'s value does not match phpinfo's session.cache_expire)
2006-08-01 08:32:07 +00:00
Ilia Alshanetsky
96324fb67f
An improved fix for bug #38224
2006-07-27 15:33:16 +00:00
Ilia Alshanetsky
bcc8854eaa
make C++ compilers happy
2006-07-27 14:13:30 +00:00
Ilia Alshanetsky
dcb4b314bf
removed debug code
2006-07-27 14:05:03 +00:00
Ilia Alshanetsky
e5a1182304
Fixed bug #38224 (session extension can't handle broken cookies).
2006-07-27 14:00:13 +00:00
Ilia Alshanetsky
1784db8087
Fixed compiler warnings.
2006-07-13 00:13:19 +00:00
Michael Wallner
33dbaff1ed
MFH: add note why replace is 0, so that I don't wonder again in 2 months
...
why session_regenerate_id() sends the session cookie twice
2006-07-12 15:28:44 +00:00
Dmitry Stogov
1dbaae2795
Added automatic module globals management
2006-06-15 18:33:09 +00:00
Marcus Boerger
aa0172a4da
- MFH Fix bug #37510 session_regenerate_id changes session_id() even on failure
2006-05-18 22:12:26 +00:00
Ilia Alshanetsky
101d925baa
Commit the actual fix
2006-04-18 00:31:45 +00:00
Ilia Alshanetsky
3022080d84
Fixed bug #36459 (Incorrect adding PHPSESSID to links, which contains \r\n).
2006-02-28 14:45:18 +00:00
Rasmus Lerdorf
6cc9f92d16
(Missing patch from the PHP 4 tree that got lost in the shuffle)
...
See: http://cvs.php.net/viewcvs.cgi/php-src/ext/session/session.c?r1=1.336.2.39&r2=1.336.2.40
- fix logic. if the client already sent us the cookie, we don't
need to send it again. if the id has been changed, we need to
update the client side.
2006-02-10 07:39:13 +00:00
Frank M. Kromann
80cc4867e3
Export symbols that will allow building WDDX as shared object
2006-01-28 06:18:01 +00:00
Ilia Alshanetsky
3d80bd0cdf
Added a check for special characters in the session name.
2006-01-15 16:51:18 +00:00
foobar
5bd93221a8
bump year and license version
2006-01-01 12:51:34 +00:00
foobar
3e669bc950
MFH: nuke php3 legacy
2005-12-06 02:28:41 +00:00
foobar
b5017bd725
MFH: Improved the fix for #21306 a bit
2005-09-23 08:14:13 +00:00
foobar
de6b4c0091
MFH: - Fixed bug #21306 (catch bailouts of write handler during RSHUTDOWN)
2005-09-20 20:56:54 +00:00
Stanislav Malyshev
bcb70109d2
fix crash on restarting static PHP having session modules loaded
2005-09-20 14:03:29 +00:00
foobar
9477097564
MFH: Nuked EOLs from error messages
2005-08-18 13:34:41 +00:00
foobar
23e671a51e
- Bumber up year
2005-08-03 14:08:58 +00:00
Dmitry Stogov
319cbe1c5a
Fixed test file
2005-07-05 14:10:31 +00:00
foobar
73dd4043b3
Make sure files-save handler is used always
2005-07-04 13:09:14 +00:00
foobar
56c1b316da
- Added session.hash_bits_per_character support. (3rd param)
...
(Changes by: waltzer at autumnweave dot com)
2005-06-20 13:37:32 +00:00
foobar
fd07bc5e6b
nuke duplicate code
2005-06-03 22:09:22 +00:00
Antony Dovgal
29319a81b8
fix typo
...
(see details here: http://news.php.net/php.internals/16350 )
2005-06-01 18:27:50 +00:00
foobar
a20383ba06
- Unify the "configure --help" texts
2005-05-29 23:17:16 +00:00
Ilia Alshanetsky
c24900dfa4
Added an optional remove old session parameter to session_regenerate_id().
2005-05-29 16:51:25 +00:00
foobar
26d7b7fbc0
CS fix
2005-05-23 06:46:25 +00:00
Antony Dovgal
a186549ec0
fix compile warning
2005-05-22 12:57:26 +00:00
Rasmus Lerdorf
c1ef105535
Fixed bug 33072 - safemode/open_basedir check for runtime save_path change
2005-05-21 17:37:56 +00:00
Antony Dovgal
8f5ecf6da8
fix bug #32944 (Disabling session.use_cookies doesn't prevent reading session cookies)
2005-05-20 10:27:49 +00:00
foobar
626253940e
- Added PHP_INSTALL_HEADERS() macro
...
- Fixed several VPATH build issues
- Changed all awk calls to use $AWK
- Changed all mkdir calls to use "$php_shtool mkdir"
2005-05-07 02:51:53 +00:00
foobar
a119050ebb
These tests require register_long_arrays=1
2005-03-31 19:47:19 +00:00
Antony Dovgal
76e07faf87
fix leak when register_long_arrays is off
2005-03-24 00:17:16 +00:00
foobar
3ca8ad73a4
- Missing $Id$ tags
2005-02-13 17:54:04 +00:00
foobar
7281cd8082
MFB_4_3: cvs diff -r1.84.2.5 -r1.84.2.6 php_session.h
2005-02-13 07:55:27 +00:00