clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-25 20:07:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
33,827 Commits 493 Branches 1,366 Tags 850 MiB
9e3b87056f
Commit Graph

431 Commits

Author SHA1 Message Date
Wez Furlong
6ac364048b export tsrm id for session globals. 2004-01-09 15:30:07 +00:00
Andi Gutmans
dbeb4158d2 - A belated happy holidays and PHP 5 2004-01-08 08:18:22 +00:00
Ilia Alshanetsky
d3639b1aa7 Fixed bug #24693 (Allow session.use_trans_sid to be enabled/disabled from 
inside the script).
 2003-12-14 23:24:50 +00:00
Derick Rethans
71f9227cc5 - Fixed bug #26548 (Malformed HTTP dates in headers). 2003-12-07 14:29:43 +00:00
Wez Furlong
30b631d9f6 Export this so that shared session modules can use it under win32. 2003-12-02 23:14:31 +00:00
foobar
e85a4cdbd2 - Fixed bug #25780 (ext/session: invalid session.cookie_lifetime causes crash in win32). 2003-10-08 10:22:51 +00:00
Sascha Schumann
394d3b82b0 Alias session_commit to session_write_close, a more intuitive name 
for the functionality.
 2003-09-21 11:53:12 +00:00
Sascha Schumann
a3c89a2e8f Fix a segfault which occured when using a storage format not capable 
of expressing references (e.g. WDDX) and deserializing a session variable
whose name conflicted with an existing symbol in the global scope.

PR: #25307
Submitted by: Jani Taskinen
Speling fixes: me
 2003-08-29 12:33:47 +00:00
Andrey Hristov
20383f9080 \n at the end of the message is not needed 2003-08-28 20:43:18 +00:00
Sascha Schumann
237da469d7 format string fix 2003-08-28 17:34:33 +00:00
foobar
625600af30 - Prevent crash if non-existing save/serializer handler is tried to be used 
- Added the registered serializers information to MINFO.
 2003-08-26 02:03:41 +00:00
Ilia Alshanetsky
b9b75991e3 Fixed bug #25084 (Make refer check not dependant on register_globals) 2003-08-14 01:30:06 +00:00
Ilia Alshanetsky
93bcd55eaf emalloc -> safe_emalloc 2003-08-12 00:58:52 +00:00
Ilia Alshanetsky
22c3346967 Fixed bug #22245 (References inside $_SESSION not being handled). 2003-08-11 19:20:44 +00:00
Sascha Schumann
5978734f30 MFB proper fix for #24592 2003-07-22 01:11:07 +00:00
Ilia Alshanetsky
f9a8fc0c09 Fixed bug #24592 (Possible crash in session extnsion, with NULL values) 2003-07-21 21:47:52 +00:00
James Cox
f68c7ff249 updating license information in the headers. 2003-06-10 20:04:29 +00:00
Sascha Schumann
3c58f69fc4 Print NOTICE upon session_start being called while another session is 
active
 2003-06-10 03:56:23 +00:00
foobar
bfe9e39673 MFB: fix proto 2003-05-31 02:33:55 +00:00
foobar
ed1378a975 MFB: Always send a new session cookie upon regenerating id 2003-05-31 02:33:21 +00:00
Sascha Schumann
289ad3960e Fix the way we create references to (sometimes non-)existing 
variables.

Credits go to Rob Richards <rrichards@digarc.com> and Zeev
 2003-05-15 13:33:18 +00:00
Stanislav Malyshev
cddface7f1 fix TSRM 2003-04-27 16:18:43 +00:00
Stanislav Malyshev
cad71d8c92 MFB 4_3: 
Fix very nasty bug - session cookie kills one of the cookies
set before it on certain non-Apache SAPIs.
# for example, this code:
# <?
# setcookie("abc", 1);
# setcookie("def", 2);
# session_start();
# ?>
# would output only 'def' cookie on CGI and ISAPI
 2003-04-27 16:04:53 +00:00
Sascha Schumann
4226fe67d1 dividend -> divisor 
Submitted by: Jesus M. Castagnetto <jmcastagnetto@yahoo.com>
 2003-04-05 11:22:15 +00:00
Sebastian Bergmann
5ca078779a Eliminate some TSRMLS_FETCH() calls. Tested with Win32 build of SAPI/CGI and SAPI/CLI on Win32. 2003-03-25 08:07:13 +00:00
foobar
3c9155e0cb Renamed OnUpdateInt -> OnUpdateLong to prevent further misunderstandings. 
# Intentionally left out any 'alias' for it, this way 3rd party extension
# maintainers will really NOTICE the change.
 2003-03-07 05:15:28 +00:00
Zeev Suraski
4e55747a2b Add JIT initialization for _SERVER and _ENV 
(it's less important for the others, even though it should be fairly
easy now too)
 2003-03-02 10:19:15 +00:00
Sascha Schumann
6f5b46c118 generally urlencode parameters 2003-02-20 06:18:16 +00:00
Sascha Schumann
4ec77cfbb5 Refactor new-session-id code 2003-02-18 19:29:38 +00:00
Sascha Schumann
2699c26f42 Remember whether to send a cookie, so that we send out the correct 
session id.  Also improve check for active session
 2003-02-18 19:13:49 +00:00
Sascha Schumann
32e0c8161c add session_regenerate_id() 2003-02-18 18:50:44 +00:00
Sascha Schumann
5e601732a3 use appropiate prefixes in the ps_module structure so we don't clash 
with syscalls
 2003-02-11 00:42:14 +00:00
Ilia Alshanetsky
242a9a47c7 Fix compiler warning. 2003-01-30 22:37:50 +00:00
Sascha Schumann
330740f7cd Remove ugly netware hacks from the code 2003-01-24 23:57:32 +00:00
Ilia Alshanetsky
3d8e54f3a2 Changed php_error to php_error_docref. 2003-01-19 00:45:53 +00:00
Ilia Alshanetsky
72b356c1bc Removed pointless memory allocation checks. 2003-01-18 19:28:10 +00:00
Sascha Schumann
db8b4c6762 Add INI setting session.hash_bits_per_character which enables developers 
to choose how session ids are represented, regardless of the hash algorithm.
 2003-01-16 07:21:49 +00:00
Sascha Schumann
f2f1f94e36 add INI setting session.hash_function 
add support for creating session ids using SHA-1
source more entropy for session ids
 2003-01-12 13:07:14 +00:00
Zeev Suraski
ada5c4009e Fix UMR 2003-01-08 13:28:16 +00:00
Anantha Kesari H Y
90ba724072 Modified for NetWare. 2003-01-03 14:24:07 +00:00
Sebastian Bergmann
b506f5c8f8 Bump year. 2002-12-31 16:08:15 +00:00
Ilia Alshanetsky
c731daeda7 Fixed bug #21268 (session_decode() returned FALSE on success). 2002-12-29 18:50:55 +00:00
Marcus Boerger
3cf581b1b3 correct code that is guarded by "#if 0" 2002-12-05 20:41:55 +00:00
Marcus Boerger
dcfe988820 php_error -> php_error_docref 2002-12-05 20:13:35 +00:00
Sascha Schumann
a257d758a5 Add an error message to the ini handlers 2002-11-20 17:15:00 +00:00
Sascha Schumann
e9ed065afc add protective checks to ini updates 
Noticed by: Derick Rethans <d.rethans@jdimedia.nl>
PR: #20284
 2002-11-20 16:06:29 +00:00
Sascha Schumann
e60c601bd1 improved warning message 
# this should really link to an external page which explains the issue deeply
 2002-10-24 10:40:48 +00:00
Sascha Schumann
2dde6fb594 Print out warning only, if a variable was actually migrated 2002-10-07 02:37:50 +00:00
Sebastian Bergmann
d7f9e8526f Silence warning. 2002-10-06 21:47:54 +00:00
Ilia Alshanetsky
6b5575a101 Code cleanup. Thanks Andi. 2002-10-06 17:17:38 +00:00
Sascha Schumann
5fe046c4c3 session_decode should not segfault 2002-10-03 15:33:00 +00:00
Sascha Schumann
7e03310a6a Don't emit warning, if there is nothing to send 2002-10-03 15:10:36 +00:00
Andi Gutmans
b276a96f4b - Fix ZTS build 2002-10-03 07:23:50 +00:00
Sascha Schumann
13f5db1b67 Make the interpretation of gc_probability configurable by adding 
session.gc_dividend. The probability of running gc on each request is then
gc_probability/gc_dividend.
 2002-10-03 06:45:15 +00:00
Sascha Schumann
0ed434a13b Use ZEND_SET_SYMBOL_WITH_LENGTH correctly (hopefully) 
It strikes me as awkward that a Zend API user needs to take care of
doing the engine's reference counting.

This fixes a memory overrun in a testcase.  All ZEND_SET_* calls
should be correct now.
 2002-10-03 06:29:58 +00:00
Sascha Schumann
15b23945ad (track_init) Use is_ref/refcount parameters of SET_SYMBOL macros 
(save_current_state) Prevent a possible deadlock which occurs when
the track vars are inaccessible
 2002-10-03 05:53:45 +00:00
Sascha Schumann
8a586103fc Align behaviour with 4.2 with regard to register_globals=1 
session_register("c");
unset($c);
$c = time();

If a user unsets a global session variable, it is not a reference
to a $_SESSION slot anymore.

During serialization, PHP 4.2 will not find the respective entry in
$_SESSION and fall back to the global sym table.
 2002-10-03 04:53:05 +00:00
Sascha Schumann
b9077e5a9d Nuke PS(vars), we keep the state of registered session variables now 
completely in PS(http_session_vars). This avoids bugs which are caused
by a lack of synchronization between the two hashes. We also don't need
to worry about prioritizing one of them.

Add session.bug_compat_42 and session.bug_compat_warn which are enabled
by default. The logic behind bug_compat_42:

IF bug_compat_42 is on, and
IF register_globals is off, and
IF any value of $_SESSION["key"] is NULL, and
IF there is a global variable $key, then
$_SESSION["key"] is set to $key.

The extension emits this warning once per script, unless told otherwise.

"Your script possibly relies on a session side-effect which existed until
PHP 4.2.3. Please be advised that the session extension does not consider
global variables as a source of data, unless register_globals is enabled.
You can disable this functionality and this warning by setting
session.bug_compat_42 or session.bug_compat_warn.
 2002-10-03 03:23:02 +00:00
Sascha Schumann
4ea4f294b6 Fix harmless memory leaks and simplify track_vars_init. 2002-10-02 21:51:32 +00:00
Sascha Schumann
856cd5e17a The session extension ensures now that get_session_var can rely 
on the state of $_SESSION/$HTTP_SESSION_VARS. It does not look up
symbols in the global symbol table anymore.

This was achieved by actually planting references between every
$_SESSION["x"] and $x, not only when restoring a session, but also
when registering a session variable (in a register_globals=1 context).

Upon registering a new variable, this memory leak continues to show
up, regardless of register_globals.

ext/session/session.c(272) :  Freeing 0x0818F01C (12 bytes), script=test

Obviously, the newly allocated empty zval is not properly freed.  If anyone
has any idea on how to fix that, please step forward.
 2002-10-01 11:59:45 +00:00
foobar
5346391d16 ws fix 2002-09-29 19:28:12 +00:00
Ilia Alshanetsky
4c4d5a617b Fixed a crash, which would occur when save_handler is invalid. 2002-09-29 18:33:14 +00:00
Ilia Alshanetsky
2af630f87d Fixed bug #17281 2002-09-29 15:55:11 +00:00
Ilia Alshanetsky
1142e16075 Fixed bugs #16995 and #19392 2002-09-29 15:26:50 +00:00
Ilia Alshanetsky
57c91b571e Fixed bug #11643 2002-09-26 18:12:27 +00:00
foobar
6b8480fab6 Fix bug: #14991 (changing session.use_trans_sid does not work in scripts) 2002-09-26 16:46:21 +00:00
Ilia Alshanetsky
7ae2196852 Fixed bugs #18167 & #16859 2002-09-25 13:26:03 +00:00
Sascha Schumann
ff12826fc1 (php_get_session_var) Always return FAILURE if no data source was found. 
Noticed by: Sebastian Bergmann
 2002-09-23 14:04:50 +00:00
Sascha Schumann
e20c6c8e9c Because track vars are always initialized, get_session_var failed 
to work in the register_globals=1 case.

It is now possible again to store session variables in global vars.
 2002-09-21 05:46:32 +00:00
Dan Kalowsky
26986164b4 Correcting some english in the comment... 2002-08-15 19:32:08 +00:00
Yasuo Ohgaki
13a3dd7b77 Forgot to update source default. 2002-08-14 22:31:39 +00:00
foobar
29aae162e0 ws fix 2002-07-03 02:16:46 +00:00
foobar
087f2be56f - Fixed bug: #17977, session build as shared works now with mm handler too. 
- Added listing of save handlers into phpinfo() output
 2002-06-28 02:27:02 +00:00
Sascha Schumann
dcf67c4433 This option enables administrators to make their users invulnerable to 
attacks which involve passing session ids in URLs.
 2002-06-12 08:18:36 +00:00
Andrei Zmievski
1668570e4d Changing email address. 2002-05-13 17:28:38 +00:00
Sascha Schumann
38ad391894 - Fix the way code was outcommented 
- Remove unused STR_CAT macro
- Remove limits/tests based on unused macro
- Implement cache_limiter(private) using private_no_expire
 2002-05-12 12:51:42 +00:00
Sander Roobol
375d7960a7 Revert Preston's patch 2002-05-09 20:02:47 +00:00
Preston L. Bannister
9fdec2e345 Change default directory for session data from /tmp (non-portable) to none. 
Default directory for session data (if not specified) is same (platform-specific) directory used for temporary files.
This is backwards compatible and removes the need for explicitly specifying the session.save_path on Win32.
 2002-05-09 19:42:00 +00:00
Thies C. Arntzen
23251ebd1a re-add accidentily nuked session_adapt_url() 2002-05-05 16:39:49 +00:00
Sascha Schumann
9743860d35 simplify handling of variables by maintaining two strings which 
are simply appended instead of traversing the hash table on each
URL/form.

also fix an unconditional segfault in rshutdown due to efree'ing
a static char *.

remove remove_var, add reset_vars.  move the function declarations
into the right header file.
 2002-05-04 18:33:13 +00:00
Sebastian Bergmann
8193ca7891 Fix ZTS build. 2002-05-03 08:10:43 +00:00
Thies C. Arntzen
9712a4b3c8 @ - Added output_add_rewrite_var() and output_remove_rewrite_var() to inject 
@   and remove variables from the URL-Rewriter. (thies)
i have also modified the session module to use this - so it doesn't
need to fiddle with the output-system any more
 2002-05-03 08:00:41 +00:00
Thies C. Arntzen
42158ef7c8 revert session_set_userdata - diffent patch will come shortly 2002-04-28 11:45:45 +00:00
Thies C. Arntzen
eb105693b8 @ - added session_set_userdata() which enables you to specify one variable 
@   that will be kept in the browser in addition to the session-id. This
@   only works when using trans-sid sessions (no cookie). (thies)
 2002-04-27 14:07:52 +00:00
Sascha Schumann
2b07dd4fe3 three less strlen invocations 2002-04-26 21:27:38 +00:00
Sascha Schumann
3a3acee3c9 - Proper use of underscores (s/createsid/create_sid/) 
- Bump the API date and remove extra cpp macro
- Pass TSRMLS appropiately to the create_sid function
 2002-03-30 16:29:15 +00:00
Mark L. Woodward
346d74a146 Added field to ps_module structure to hold function pointer for the creation 
of the session ID string. Default PS_MOD() macro sets this to be the default
creation routine. PS_MOD_SID() macro sets this to a handlers session ID
creation routine.
 2002-03-29 16:00:27 +00:00
Sascha Schumann
730800a96d Because of the feature "don't try to send a cookie, if the sid 
was contained in get/post variables" (which I still am not convinced
of completely), we need a separate variable which determines whether
to define SID in the event that a cookie was not sent.

Noticed by: Matt Allen
 2002-03-13 13:08:49 +00:00
foobar
131f125fdd whitespace.. 2002-03-09 00:24:42 +00:00
Sascha Schumann
b5660126d0 Do the estrdups after checking for parameter constraints. 
No real memory leaks though, because they are catched by the
memory manager.
 2002-03-06 12:34:47 +00:00
Sascha Schumann
0bf5fc14be SID shall be defined to name=id, if the client did not supply 
a cookie.
 2002-03-06 12:12:39 +00:00
Sascha Schumann
8141c7761c Merge in session API changes (carry around tsrm context) 
Now PHP_SESSION_API is defined to the date of the last change,
so that externa source-code can handle changes more gracefully.
 2002-03-06 11:49:51 +00:00
Sascha Schumann
398b1011dc Always initialize the track-vars 2002-03-06 11:41:17 +00:00
Sascha Schumann
ca59cb7cf9 Weep out all recent commits of Yasuo. 
I don't have time right now to leave in the good ones and remove
only the bad ones.

There are some semantical changes which I reject, because
they aim at fixing a bug which is at a completely other location.

Then SID does not gefined anymore properly. (This broken patch
has not been sent to me at all.)

Also, there were *so* many whitespace changes which already
make these commits bogus.
 2002-03-06 09:02:31 +00:00
Yasuo Ohgaki
92facba86f Oops. Fix compile failure 2002-03-06 00:42:39 +00:00
Yasuo Ohgaki
a2fecc2d79 Using session_save_path() after starting session is obvious error. 
Riase E_NOTICE error instead of E_WARNING. Since it is valid if
user uses session_save_path() with session_module_name().
 2002-03-06 00:40:42 +00:00
Yasuo Ohgaki
09e6133e84 Return FALSE when session_module_name() failed. Fix a little leak. 2002-03-06 00:34:57 +00:00
Yasuo Ohgaki
b17fd60310 Raise error when session module failed to open or read 2002-03-06 00:26:38 +00:00
Yasuo Ohgaki
4042334882 Remove TSRMLS_FETCH() and use TSRMLS_C/TSRMLS_D 
# Need a little more work for backword compatibility
 2002-03-06 00:05:21 +00:00
Yasuo Ohgaki
d809d046df Fix bug #15322 and fix a little memory leak 2002-03-05 23:37:00 +00:00