Ilia Alshanetsky
|
a500d1efe9
|
Adjust checks to allow paths without a trailing /
|
2007-03-03 15:07:31 +00:00 |
|
Ilia Alshanetsky
|
4735df26f8
|
Improve safe_mode check
|
2007-03-02 00:49:47 +00:00 |
|
Ilia Alshanetsky
|
efad70c2cc
|
snprintf() -> slprintf()
|
2007-02-27 03:28:17 +00:00 |
|
Marcus Boerger
|
50ea26760d
|
- Avoid sprintf, even when checked copy'n'paste or changes lead to errors
|
2007-02-24 02:17:47 +00:00 |
|
Stanislav Malyshev
|
3e262bd369
|
disallow negative length
|
2007-02-24 01:18:14 +00:00 |
|
Dmitry Stogov
|
ae792a06b0
|
Fixed SIGSEGV
|
2007-01-10 07:04:49 +00:00 |
|
Ilia Alshanetsky
|
81729c1ece
|
Prevent SESSION/GLOBALS overload via session decoding
|
2007-01-09 15:31:12 +00:00 |
|
Sebastian Bergmann
|
4223aa4d5e
|
MFH: Bump year.
|
2007-01-01 09:36:18 +00:00 |
|
Ilia Alshanetsky
|
ba64553913
|
Added boundary checks to php_binary deserializer
|
2006-12-31 22:25:55 +00:00 |
|
Ilia Alshanetsky
|
ffd41a503f
|
Session deserializer protection.
|
2006-12-26 16:53:47 +00:00 |
|
Antony Dovgal
|
7d2142a56e
|
protect _SESSION, HTTP_SESSION_VARS and GLOBALS
maintain an internal reference of _SESSION, so that it won't be possible to destroy it from userspace
|
2006-12-20 19:31:28 +00:00 |
|
Antony Dovgal
|
bcf457d828
|
MFH: fix retval type
|
2006-12-04 15:58:48 +00:00 |
|
Ilia Alshanetsky
|
35f78f221b
|
Fixed bug #37627 (session save_path check checks the parent directory).
|
2006-12-04 15:19:26 +00:00 |
|
Ilia Alshanetsky
|
5f3e233ea7
|
Disallow \0 chars inside session.save_path
|
2006-12-01 00:27:20 +00:00 |
|
Hannes Magnusson
|
050f94f746
|
MFH: Fix double "wron param count" messages
|
2006-11-03 14:46:48 +00:00 |
|
Ilia Alshanetsky
|
b1d8f7e09d
|
Expose session storage module locater and serialization function via PHPAPI
|
2006-10-06 21:11:36 +00:00 |
|
Ilia Alshanetsky
|
154f70acf1
|
Fixed bug #38993 (Fixed safe_mode/open_basedir checks for
session.save_path, allowing them to account for extra parameters).
|
2006-10-01 20:58:02 +00:00 |
|
Antony Dovgal
|
b6ced95187
|
change ini handlers to produce E_ERROR if they are called during startup
|
2006-08-30 16:24:40 +00:00 |
|
Antony Dovgal
|
f8fd45a735
|
MFH: change E_ERROR to E_WARNING when invalid argument has been passed
make sure ini_set() doesn't reset PS(mod) and PS(serializer) to invalid values
|
2006-08-30 15:43:10 +00:00 |
|
Ilia Alshanetsky
|
7dfae526c7
|
Fixed proto
|
2006-08-10 21:10:03 +00:00 |
|
Ilia Alshanetsky
|
e5fe441cbd
|
Added support for httpOnly flag for session extension and cookie setting
functions.
# Original patch by Scott MacVicar
|
2006-08-10 13:50:56 +00:00 |
|
Antony Dovgal
|
0c4ef446e2
|
MFH: fix #38289 (segfault in session_decode() when _SESSION is NULL)
|
2006-08-02 09:16:52 +00:00 |
|
Antony Dovgal
|
52e6ede06e
|
MFH: fix #38278 (session_cache_expire()'s value does not match phpinfo's session.cache_expire)
|
2006-08-01 08:32:07 +00:00 |
|
Ilia Alshanetsky
|
96324fb67f
|
An improved fix for bug #38224
|
2006-07-27 15:33:16 +00:00 |
|
Ilia Alshanetsky
|
bcc8854eaa
|
make C++ compilers happy
|
2006-07-27 14:13:30 +00:00 |
|
Ilia Alshanetsky
|
dcb4b314bf
|
removed debug code
|
2006-07-27 14:05:03 +00:00 |
|
Ilia Alshanetsky
|
e5a1182304
|
Fixed bug #38224 (session extension can't handle broken cookies).
|
2006-07-27 14:00:13 +00:00 |
|
Ilia Alshanetsky
|
1784db8087
|
Fixed compiler warnings.
|
2006-07-13 00:13:19 +00:00 |
|
Michael Wallner
|
33dbaff1ed
|
MFH: add note why replace is 0, so that I don't wonder again in 2 months
why session_regenerate_id() sends the session cookie twice
|
2006-07-12 15:28:44 +00:00 |
|
Dmitry Stogov
|
1dbaae2795
|
Added automatic module globals management
|
2006-06-15 18:33:09 +00:00 |
|
Marcus Boerger
|
aa0172a4da
|
- MFH Fix bug #37510 session_regenerate_id changes session_id() even on failure
|
2006-05-18 22:12:26 +00:00 |
|
Rasmus Lerdorf
|
6cc9f92d16
|
(Missing patch from the PHP 4 tree that got lost in the shuffle)
See: http://cvs.php.net/viewcvs.cgi/php-src/ext/session/session.c?r1=1.336.2.39&r2=1.336.2.40
- fix logic. if the client already sent us the cookie, we don't
need to send it again. if the id has been changed, we need to
update the client side.
|
2006-02-10 07:39:13 +00:00 |
|
Frank M. Kromann
|
80cc4867e3
|
Export symbols that will allow building WDDX as shared object
|
2006-01-28 06:18:01 +00:00 |
|
Ilia Alshanetsky
|
3d80bd0cdf
|
Added a check for special characters in the session name.
|
2006-01-15 16:51:18 +00:00 |
|
foobar
|
5bd93221a8
|
bump year and license version
|
2006-01-01 12:51:34 +00:00 |
|
foobar
|
3e669bc950
|
MFH: nuke php3 legacy
|
2005-12-06 02:28:41 +00:00 |
|
foobar
|
b5017bd725
|
MFH: Improved the fix for #21306 a bit
|
2005-09-23 08:14:13 +00:00 |
|
foobar
|
de6b4c0091
|
MFH: - Fixed bug #21306 (catch bailouts of write handler during RSHUTDOWN)
|
2005-09-20 20:56:54 +00:00 |
|
Stanislav Malyshev
|
bcb70109d2
|
fix crash on restarting static PHP having session modules loaded
|
2005-09-20 14:03:29 +00:00 |
|
foobar
|
23e671a51e
|
- Bumber up year
|
2005-08-03 14:08:58 +00:00 |
|
foobar
|
fd07bc5e6b
|
nuke duplicate code
|
2005-06-03 22:09:22 +00:00 |
|
Antony Dovgal
|
29319a81b8
|
fix typo
(see details here: http://news.php.net/php.internals/16350)
|
2005-06-01 18:27:50 +00:00 |
|
Ilia Alshanetsky
|
c24900dfa4
|
Added an optional remove old session parameter to session_regenerate_id().
|
2005-05-29 16:51:25 +00:00 |
|
foobar
|
26d7b7fbc0
|
CS fix
|
2005-05-23 06:46:25 +00:00 |
|
Antony Dovgal
|
a186549ec0
|
fix compile warning
|
2005-05-22 12:57:26 +00:00 |
|
Rasmus Lerdorf
|
c1ef105535
|
Fixed bug 33072 - safemode/open_basedir check for runtime save_path change
|
2005-05-21 17:37:56 +00:00 |
|
Antony Dovgal
|
8f5ecf6da8
|
fix bug #32944 (Disabling session.use_cookies doesn't prevent reading session cookies)
|
2005-05-20 10:27:49 +00:00 |
|
Antony Dovgal
|
76e07faf87
|
fix leak when register_long_arrays is off
|
2005-03-24 00:17:16 +00:00 |
|
Antony Dovgal
|
5b78e4c025
|
hm..
fix #28324 _properly_
|
2005-02-10 20:22:07 +00:00 |
|
Antony Dovgal
|
94982058b6
|
fix bug #28324 (HTTP_SESSION_VARS appear when register_long_arrays is Off)
|
2005-02-10 19:38:11 +00:00 |
|