Felipe Pena
a1e8d340c3
New macro for check void parameters
2008-02-28 14:16:25 +00:00
Sebastian Bergmann
9b620d50b4
Bump copyright year, 2 of 2.
2007-12-31 07:12:20 +00:00
Yiduo (David) Wang
95da0dc570
Added macros for managing zval refcounts and is_ref statuses
2007-10-07 05:15:07 +00:00
Dmitry Stogov
8146078f7b
Improved memory usage by movig constants to read only memory. (Dmitry, Pierre)
2007-09-27 18:28:44 +00:00
Jani Taskinen
5735862a92
MFB (since Ilia is too lazy..): Fix bug #42135
2007-08-05 13:10:32 +00:00
Stanislav Malyshev
d4cc7daba2
MF5: fix for access control with .htaccess
2007-08-03 01:40:05 +00:00
Ilia Alshanetsky
eb72fc8968
MFB: Fixed compiler warning
2007-06-17 14:26:16 +00:00
Stefan Esser
fde56bd858
Fix attribute injection security bug correctly by URL encoding session
...
name and session value. (in future maybe encode path/domain, too)
Remove backward compatibility breaking blacklist of characters.
2007-06-16 07:47:46 +00:00
Stanislav Malyshev
e4e1f60125
MF5: Disallow characters that Cookie RFC does not allow in unquoted cookies
2007-06-15 22:42:43 +00:00
Antony Dovgal
976a22df16
php_gmtime_r() fixes
2007-06-07 08:58:38 +00:00
Stanislav Malyshev
a66fbe2d5e
do not send cookie when session is passed in URL, same as it happens with GET/POST
2007-05-16 01:32:28 +00:00
Antony Dovgal
a8fe87efd3
fix build when ext/hash is compiled as shared module
2007-05-02 10:30:24 +00:00
Antony Dovgal
2c72351711
fix #40998 (long session array keys are truncated)
2007-04-04 19:46:42 +00:00
Antony Dovgal
03a3291262
MFB
2007-03-19 08:24:17 +00:00
Marcus Boerger
20a40063c5
- avoid sprintf
2007-02-24 16:25:58 +00:00
Sebastian Bergmann
4e8661438d
Fix ZTS issues.
2007-01-05 14:53:30 +00:00
Sara Golemon
5d988bb1aa
Allow ext/session to use ext/hash's algorithms for generating IDs
2007-01-05 03:57:57 +00:00
Sara Golemon
344cda1666
Unicode Updates
2007-01-05 02:07:59 +00:00
Sara Golemon
21bac192e9
Cleanup ext/session so that I can do a unicode update without going insane.
2007-01-04 22:04:38 +00:00
Sebastian Bergmann
3717df72ae
Bump year.
2007-01-01 09:29:37 +00:00
Ilia Alshanetsky
15f1692572
MFB: Added boundary checks to php_binary deserializer
2006-12-31 22:26:06 +00:00
Ilia Alshanetsky
4386719b07
MFB: Session deserializer protection.
2006-12-26 17:18:28 +00:00
Antony Dovgal
abac61eec7
remove register_globals remains
...
maintain an internal reference of _SESSION, so that it won't be possible to destroy it from userspace
2006-12-20 19:20:59 +00:00
Antony Dovgal
576797c7c1
fix retval type
...
it should be int, not zend_bool
2006-12-04 15:58:35 +00:00
Ilia Alshanetsky
fcaf113b33
MFB: Disallow \0 chars inside session.save_path
2006-12-01 00:27:33 +00:00
Hannes Magnusson
176b72284c
Error message clean up
...
(patch by Matt W (php_lists -AT- realpain.com))
2006-10-08 13:34:24 +00:00
Hannes Magnusson
e531458f89
Remove double "wrong param count" warnings
2006-10-07 22:55:18 +00:00
Ilia Alshanetsky
8786640da8
MFB: Expose session storage module locater and serialization function via
...
PHPAPI
2006-10-06 21:11:57 +00:00
Ilia Alshanetsky
30885c8d99
MFB: Fixed bug #38993 (Fixed safe_mode/open_basedir checks for
...
session.save_path, allowing them to account for extra parameters).
2006-10-01 21:00:00 +00:00
Dmitry Stogov
128548a5c0
Disabled autoconversion of hash keys (from string to unicode) for PHP arrays
2006-09-19 10:38:31 +00:00
Antony Dovgal
103d999dd1
fix typo
2006-08-30 17:57:25 +00:00
Antony Dovgal
1fcfbd873d
change ini handlers to produce E_ERROR if they are called during startup or per request
2006-08-30 16:24:31 +00:00
Antony Dovgal
5b79892659
change E_ERROR to E_WARNING when invalid argument has been passed
...
make sure ini_set() doesn't reset PS(mod) and PS(serializer) to invalid values
2006-08-30 15:42:40 +00:00
Ilia Alshanetsky
9a07b46e00
MFB: fix proto
2006-08-10 21:11:00 +00:00
Ilia Alshanetsky
b97c393f87
MFB: Added support for httpOnly flag for session extension and cookie
...
setting functions.
2006-08-10 13:56:54 +00:00
Antony Dovgal
9b63740847
fix #38289 (segfault in session_decode() when _SESSION is NULL)
2006-08-02 09:15:13 +00:00
Antony Dovgal
873b6d87c6
fix #38278 (session_cache_expire()'s value does not match phpinfo's session.cache_expire)
2006-08-01 08:31:37 +00:00
Ilia Alshanetsky
a081be13fc
MFB: An improved fix for bug #38224
2006-07-27 15:36:43 +00:00
Ilia Alshanetsky
3e00d90ff0
MFB: make C++ compilers happy
2006-07-27 14:13:53 +00:00
Ilia Alshanetsky
a3656ec923
Removed debug code
2006-07-27 14:05:38 +00:00
Ilia Alshanetsky
acbb531a12
MFB: Fixed bug #38224 (session extension can't handle broken cookies).
2006-07-27 14:00:27 +00:00
Ilia Alshanetsky
896c0e0690
MFB: Fixed compiler warnings.
2006-07-13 00:13:42 +00:00
Michael Wallner
1d6027adbd
- add note why replace is 0, so that I don't wonder again in 2 months
...
why session_regenerate_id() sends the session cookie twice
2006-07-12 15:28:18 +00:00
Dmitry Stogov
943960c324
Added automatic module globals management
2006-06-13 13:12:20 +00:00
Michael Wallner
231ad17475
- explicit usage of TS macros
...
# this could have been raised a lot earlier
2006-06-03 11:19:44 +00:00
Michael Wallner
4ce0141713
- new output control code
...
# scan README.NEW-OUTPUT-API to get a grasp
# tree has been tagged with BEFORE_NEW_OUTPUT_API
#
# TODO:
# - improve existing output handlers
# - move zlib.output_compression cruft from SAPI.c to zlib.c
# - output_encoding handling was ambigious, resp. is undefined yet
# - more tests
2006-06-02 19:51:43 +00:00
Marcus Boerger
a4471f70f0
- Fix bug #37510 session_regenerate_id changes session_id() even on failure
2006-05-18 22:07:31 +00:00
foobar
672266c735
- Cleanup
2006-04-10 15:06:51 +00:00
Dmitry Stogov
22055cb8fd
Dropped register_long_arrays, added E_CORE for all dropped setting
2006-03-16 09:44:42 +00:00
Pierre Joye
303bfea78f
- remove register_globals support (aka "Kill the f***ing thing" :)
2006-03-07 00:20:54 +00:00