Ilia Alshanetsky
995d15ebcc
Fixed bug #51338 (URL-Rewriter is still enabled if use_only_cookies is on).
2010-03-22 12:16:45 +00:00
Jani Taskinen
af49e58f51
- Reverted r296062 and r296065
2010-03-12 10:28:59 +00:00
Jani Taskinen
06f072cb5e
MFH: Improved / fixed output buffering (Michael Wallner)
2010-03-11 10:24:29 +00:00
Ilia Alshanetsky
dff4e7fda1
Fixed a possible open_basedir/safe_mode bypass in session extension identified by Grzegorz Stachowiak.
2010-01-31 18:06:29 +00:00
Sebastian Bergmann
9ba1e81665
sed -i "s#1997-2009#1997-2010#g" **/*.c **/*.h **/*.php
2010-01-03 09:23:27 +00:00
Dmitry Stogov
5ab649e65f
Fixed compilation
2009-12-04 07:11:37 +00:00
Stanislav Malyshev
3e6ac4fb6b
protect http_session_vars from interrupt corruption
...
improve save_path check
2009-12-04 01:21:32 +00:00
Guenter Knauf
824692fab8
removed now obsolete NetWare hack since I fixed this
...
with Novell some longer time ago in their SDK header.
2009-11-03 21:21:34 +00:00
Antony Dovgal
75fc702162
fix segfault in session/tests/031.phpt by adding optional extension
...
dependency (php_hash_hashtable has to be initialized when setting
session.hash_function)
2009-07-28 08:54:23 +00:00
Gwynne Raskind
2673b9be38
MFH: fix crash when session hash function generated long hashes with hash_bits_per_character larger than 4
2009-07-17 14:21:59 +00:00
Jani Taskinen
9ece649f7c
MFH: ws + sync
2009-05-18 16:10:09 +00:00
Hannes Magnusson
33aa4ac568
MFH: fix folding
2009-04-06 11:45:25 +00:00
Sebastian Bergmann
08659c2dcd
MFH: Bump copyright year, 3 of 3.
2008-12-31 11:15:49 +00:00
Scott MacVicar
2ea6780873
MFH Fix bug #35975 - Session cookie expires date format isn't the most compatible. Sync to that of setcookie().
2008-12-11 01:21:35 +00:00
Hannes Magnusson
76a17847c1
Deprecate session_register(), session_unregister() and
...
session_is_registered() (removed in HEAD)
2008-12-09 14:03:58 +00:00
Felipe Pena
fc2fb50d09
- MFH: Added 'static' into ZEND_BEGIN_ARG_INFO_EX macro
2008-11-17 11:28:01 +00:00
Felipe Pena
7a37fa2d6b
- Revert ZEND_BEGIN_ARG_INFO change
2008-11-02 21:19:39 +00:00
Felipe Pena
df10005563
- MFH: Added 'static' into ZEND_BEGIN_ARG_INFO_EX macro
2008-10-24 14:35:40 +00:00
Jani Taskinen
525f3c4793
MFH: General sync. WS / CS / etc. crap some people didn't bother to merge
...
MFH: before this commit..bunnies thank you all..
[DOC] - Added ext/hash support to ext/session's ID generator. (Sara)
[DOC] Ask Sara for explanation..
2008-08-06 05:53:31 +00:00
Jani Taskinen
9ad7800f52
- Nuke ending periods from error messages
2008-08-05 22:52:05 +00:00
Kalle Sommer Nielsen
874b456078
MFH: Fixes #45406 - Patch by oleg dot grenrus at dynamoid dot com
2008-08-04 06:21:55 +00:00
Felipe Pena
e304515ddb
- MFH: Added parameter TSRMLS_DC in zend_is_callable()
2008-08-02 04:46:07 +00:00
Felipe Pena
ca0c2340fe
- Added arginfo
2008-06-27 16:16:23 +00:00
Dmitry Stogov
9c3ebd10bb
Fixed memory leaks
2008-06-24 06:47:45 +00:00
Felipe Pena
015f82d219
- New parameter parsing API
2008-06-21 15:27:34 +00:00
Scott MacVicar
944061ba37
Fixed bug #44720 (Prevent infinite recursion within session_register)
2008-04-15 00:59:04 +00:00
Dmitry Stogov
1a08aadc9b
Fixed memory corruption because of double free()
2008-03-11 09:36:41 +00:00
Felipe Pena
84a8bb038a
MFH: New way for check void parameters
2008-03-10 22:15:36 +00:00
Gwynne Raskind
3e99d5cc5b
MFH: fix bug #32330 (session_destroy, "Failed to initialize storage module", custom session handler)
2008-03-07 23:20:32 +00:00
Sebastian Bergmann
d1dded8751
MFH: Bump copyright year, 2 of 2.
2007-12-31 07:17:19 +00:00
Yiduo (David) Wang
4b4d634cb9
MFH: Added macros for managing zval refcounts and is_ref statuses
2007-10-07 05:22:07 +00:00
Dmitry Stogov
6c810b0d4c
Improved memory usage by movig constants to read only memory. (Dmitry, Pierre)
2007-09-27 18:00:48 +00:00
Stanislav Malyshev
6b7f164803
correct fix for access control for save_path and .htaccess
2007-08-03 01:16:40 +00:00
Ilia Alshanetsky
3034092111
Fixed bug #42135 (Second call of session_start() causes creation of SID)
2007-07-29 14:43:30 +00:00
Ilia Alshanetsky
e2d606e18b
Fixed compiler warning
2007-06-17 14:25:46 +00:00
Stefan Esser
df7bfe0a0f
MFH
2007-06-16 07:48:07 +00:00
Stanislav Malyshev
70a8f9313b
Disallow characters that Cookie RFC does not allow in unquoted cookies
2007-06-15 22:40:00 +00:00
Antony Dovgal
d042fd0675
MFH: php_gmtime_r() fixes
2007-06-07 08:59:00 +00:00
Stanislav Malyshev
69650d0ebf
do not send cookie when session is passed in URL, same as it happens with GET/POST
2007-05-16 01:18:14 +00:00
Antony Dovgal
39f9184fa6
MFH: fix #40998 (long session array keys are truncated)
2007-04-04 19:52:19 +00:00
Ilia Alshanetsky
7aab16c333
Fixed MOPB-22-2007:PHP session_regenerate_id() Double Free Vulnerability
...
# Discovered by Stefan Esser
2007-03-14 19:37:07 +00:00
Ilia Alshanetsky
a500d1efe9
Adjust checks to allow paths without a trailing /
2007-03-03 15:07:31 +00:00
Ilia Alshanetsky
4735df26f8
Improve safe_mode check
2007-03-02 00:49:47 +00:00
Ilia Alshanetsky
efad70c2cc
snprintf() -> slprintf()
2007-02-27 03:28:17 +00:00
Marcus Boerger
50ea26760d
- Avoid sprintf, even when checked copy'n'paste or changes lead to errors
2007-02-24 02:17:47 +00:00
Stanislav Malyshev
3e262bd369
disallow negative length
2007-02-24 01:18:14 +00:00
Dmitry Stogov
ae792a06b0
Fixed SIGSEGV
2007-01-10 07:04:49 +00:00
Ilia Alshanetsky
81729c1ece
Prevent SESSION/GLOBALS overload via session decoding
2007-01-09 15:31:12 +00:00
Sebastian Bergmann
4223aa4d5e
MFH: Bump year.
2007-01-01 09:36:18 +00:00
Ilia Alshanetsky
ba64553913
Added boundary checks to php_binary deserializer
2006-12-31 22:25:55 +00:00
Ilia Alshanetsky
ffd41a503f
Session deserializer protection.
2006-12-26 16:53:47 +00:00
Antony Dovgal
7d2142a56e
protect _SESSION, HTTP_SESSION_VARS and GLOBALS
...
maintain an internal reference of _SESSION, so that it won't be possible to destroy it from userspace
2006-12-20 19:31:28 +00:00
Antony Dovgal
bcf457d828
MFH: fix retval type
2006-12-04 15:58:48 +00:00
Ilia Alshanetsky
35f78f221b
Fixed bug #37627 (session save_path check checks the parent directory).
2006-12-04 15:19:26 +00:00
Ilia Alshanetsky
5f3e233ea7
Disallow \0 chars inside session.save_path
2006-12-01 00:27:20 +00:00
Hannes Magnusson
050f94f746
MFH: Fix double "wron param count" messages
2006-11-03 14:46:48 +00:00
Ilia Alshanetsky
b1d8f7e09d
Expose session storage module locater and serialization function via PHPAPI
2006-10-06 21:11:36 +00:00
Ilia Alshanetsky
154f70acf1
Fixed bug #38993 (Fixed safe_mode/open_basedir checks for
...
session.save_path, allowing them to account for extra parameters).
2006-10-01 20:58:02 +00:00
Antony Dovgal
b6ced95187
change ini handlers to produce E_ERROR if they are called during startup
2006-08-30 16:24:40 +00:00
Antony Dovgal
f8fd45a735
MFH: change E_ERROR to E_WARNING when invalid argument has been passed
...
make sure ini_set() doesn't reset PS(mod) and PS(serializer) to invalid values
2006-08-30 15:43:10 +00:00
Ilia Alshanetsky
7dfae526c7
Fixed proto
2006-08-10 21:10:03 +00:00
Ilia Alshanetsky
e5fe441cbd
Added support for httpOnly flag for session extension and cookie setting
...
functions.
# Original patch by Scott MacVicar
2006-08-10 13:50:56 +00:00
Antony Dovgal
0c4ef446e2
MFH: fix #38289 (segfault in session_decode() when _SESSION is NULL)
2006-08-02 09:16:52 +00:00
Antony Dovgal
52e6ede06e
MFH: fix #38278 (session_cache_expire()'s value does not match phpinfo's session.cache_expire)
2006-08-01 08:32:07 +00:00
Ilia Alshanetsky
96324fb67f
An improved fix for bug #38224
2006-07-27 15:33:16 +00:00
Ilia Alshanetsky
bcc8854eaa
make C++ compilers happy
2006-07-27 14:13:30 +00:00
Ilia Alshanetsky
dcb4b314bf
removed debug code
2006-07-27 14:05:03 +00:00
Ilia Alshanetsky
e5a1182304
Fixed bug #38224 (session extension can't handle broken cookies).
2006-07-27 14:00:13 +00:00
Ilia Alshanetsky
1784db8087
Fixed compiler warnings.
2006-07-13 00:13:19 +00:00
Michael Wallner
33dbaff1ed
MFH: add note why replace is 0, so that I don't wonder again in 2 months
...
why session_regenerate_id() sends the session cookie twice
2006-07-12 15:28:44 +00:00
Dmitry Stogov
1dbaae2795
Added automatic module globals management
2006-06-15 18:33:09 +00:00
Marcus Boerger
aa0172a4da
- MFH Fix bug #37510 session_regenerate_id changes session_id() even on failure
2006-05-18 22:12:26 +00:00
Rasmus Lerdorf
6cc9f92d16
(Missing patch from the PHP 4 tree that got lost in the shuffle)
...
See: http://cvs.php.net/viewcvs.cgi/php-src/ext/session/session.c?r1=1.336.2.39&r2=1.336.2.40
- fix logic. if the client already sent us the cookie, we don't
need to send it again. if the id has been changed, we need to
update the client side.
2006-02-10 07:39:13 +00:00
Frank M. Kromann
80cc4867e3
Export symbols that will allow building WDDX as shared object
2006-01-28 06:18:01 +00:00
Ilia Alshanetsky
3d80bd0cdf
Added a check for special characters in the session name.
2006-01-15 16:51:18 +00:00
foobar
5bd93221a8
bump year and license version
2006-01-01 12:51:34 +00:00
foobar
3e669bc950
MFH: nuke php3 legacy
2005-12-06 02:28:41 +00:00
foobar
b5017bd725
MFH: Improved the fix for #21306 a bit
2005-09-23 08:14:13 +00:00
foobar
de6b4c0091
MFH: - Fixed bug #21306 (catch bailouts of write handler during RSHUTDOWN)
2005-09-20 20:56:54 +00:00
Stanislav Malyshev
bcb70109d2
fix crash on restarting static PHP having session modules loaded
2005-09-20 14:03:29 +00:00
foobar
23e671a51e
- Bumber up year
2005-08-03 14:08:58 +00:00
foobar
fd07bc5e6b
nuke duplicate code
2005-06-03 22:09:22 +00:00
Antony Dovgal
29319a81b8
fix typo
...
(see details here: http://news.php.net/php.internals/16350 )
2005-06-01 18:27:50 +00:00
Ilia Alshanetsky
c24900dfa4
Added an optional remove old session parameter to session_regenerate_id().
2005-05-29 16:51:25 +00:00
foobar
26d7b7fbc0
CS fix
2005-05-23 06:46:25 +00:00
Antony Dovgal
a186549ec0
fix compile warning
2005-05-22 12:57:26 +00:00
Rasmus Lerdorf
c1ef105535
Fixed bug 33072 - safemode/open_basedir check for runtime save_path change
2005-05-21 17:37:56 +00:00
Antony Dovgal
8f5ecf6da8
fix bug #32944 (Disabling session.use_cookies doesn't prevent reading session cookies)
2005-05-20 10:27:49 +00:00
Antony Dovgal
76e07faf87
fix leak when register_long_arrays is off
2005-03-24 00:17:16 +00:00
Antony Dovgal
5b78e4c025
hm..
...
fix #28324 _properly_
2005-02-10 20:22:07 +00:00
Antony Dovgal
94982058b6
fix bug #28324 (HTTP_SESSION_VARS appear when register_long_arrays is Off)
2005-02-10 19:38:11 +00:00
Stefan Esser
581265f4d1
Correctly initialize ZVAL
2005-01-21 16:03:47 +00:00
Antony Dovgal
d7072f8a9d
efree(name)
2005-01-09 17:49:51 +00:00
Antony Dovgal
c644b2a5a1
fix bug #31454 (session_set_save_handler crashes PHP when supplied non-existent object ref)
2005-01-09 17:42:02 +00:00
Antony Dovgal
ad76be844b
CS changes (as suggested by Ilia)
2004-12-09 17:15:52 +00:00
Antony Dovgal
e76824c91f
fix segfault in session_module_name() when session.save_handler is empty
2004-12-09 14:14:21 +00:00
Dmitry Stogov
a22fa4d109
Fixed crash in phpinfo() after graceful Apache restart.
2004-12-07 18:02:25 +00:00
Andi Gutmans
11bcaedfc8
- Rename delete_global_variable() to zend_delete_global_variable()
2004-10-04 20:17:06 +00:00
Andi Gutmans
db507dd153
- Commit the variable fetch optimization.
...
- Extensions which delete global variables need to use new special function
- delete_global_variable() (I'm about to rename it) to remove them.
- Will post to internals@ or via commit messages if there's anything else.
2004-10-04 19:54:35 +00:00
Anantha Kesari H Y
142e92bb70
NetWare specific stat structure access incorporated
2004-09-30 14:31:30 +00:00
Antony Dovgal
0ea23249da
fix error message
2004-09-30 14:20:02 +00:00
Antony Dovgal
fcd702efe4
fix segfault when using unknown/unsupported save_handler and/or serialize_handler (bug #30282 )
2004-09-30 12:19:59 +00:00
Ilia Alshanetsky
6784176b9c
Fixed compiler warnings.
2004-09-14 23:57:53 +00:00
Ilia Alshanetsky
197d65770a
Fixed bug #29925 (Added a check to prevent illegal characters in session
...
key).
2004-09-02 02:44:04 +00:00
Sascha Schumann
5890197024
fix empty_string issue
...
Patch submitted by Antony Dovgal <tony2001@phpclub.net>
2004-08-02 08:27:46 +00:00
Andi Gutmans
56f8195fe5
- Nuke empty_string. It is a reminanent from the time where RETURN_FALSE()
...
used to return "" and not bool(false). It's not worth keeping it because
STR_FREE() and zval_dtor() always have to check for it and it slows down
the general case. In addition, it seems that empty_string has been abused
quite a lot, and was used not only for setting zval's but generally in
PHP code instead of "", which wasn't the intention. Last but not least,
nuking empty_string should improve stability as I doubt every place
correctly checked if they are not mistakenly erealloc()'ing it or
calling efree() on it.
NOTE: Some code is probably broken. Each extension maintainer should
check and see that my changes are OK. Also, I haven't had time to touch
PECL yet. Will try and do it tomorrow.
2004-07-19 07:19:50 +00:00
Andi Gutmans
e5cfb1d05c
- Better stability during premature shutdown of request startup
2004-07-10 07:46:17 +00:00
Sara Golemon
96132bf4fe
if statement logic would never eval to false.
2004-05-08 05:58:18 +00:00
Ilia Alshanetsky
793140873b
Another setting leak in session code (bug #27963 ).
2004-04-13 18:18:22 +00:00
Ilia Alshanetsky
254c8d6ce9
Fixed bug #27963 (Session lifetime setting may leak between requests).
2004-04-13 00:39:05 +00:00
Wez Furlong
32be6f268b
Fix for Bug #26757 : session.save_path defaults to bogus value on win32
...
Merge from branch with one main difference: the default save_path is
set to the empty string on all platforms, whereas the code in the
branch only does so for win32.
2004-03-29 21:44:07 +00:00
Moriyoshi Koizumi
75f83f7bb4
- Fix segfaults on deserialisation of referenced variables.
...
# ALLOC_INIT_ZVAL() initialises the type field to IS_NULL, while
# MAKE_STD_ZVAL() doesn't. This caused a kind of random crash
# when zval_ptr_dtor() was applied on an intact zval created by
# the latter method.
#
# Please check relevant bugs again. There should be some that
# have already been marked as bogus.
2004-02-29 00:26:36 +00:00
foobar
ac92c47b84
Fix bug #26005 (Random "cannot change the session ini settings" errors)
2004-02-24 08:47:35 +00:00
foobar
4441da2754
Improve error messages
2004-02-19 01:54:21 +00:00
Zeev Suraski
7c710a9f9b
Use zval_ptr_dtor() to free variables as soon as they hit refcount of 0.
...
Note: You should not be using ZVAL_DELREF() in day to day usage. Instead,
you should use zval_ptr_dtor(). Use ZVAL_DELREF() only if you're
messing with the refcount directly and know what you're doing.
Note #2 : For clarity, if you want to initialize a new zval with a refcount
of 0, it's best to do that directly, instead of using ZVAL_DELREF
after allocating the zval...
2004-02-15 12:58:19 +00:00
Wez Furlong
6ac364048b
export tsrm id for session globals.
2004-01-09 15:30:07 +00:00
Andi Gutmans
dbeb4158d2
- A belated happy holidays and PHP 5
2004-01-08 08:18:22 +00:00
Ilia Alshanetsky
d3639b1aa7
Fixed bug #24693 (Allow session.use_trans_sid to be enabled/disabled from
...
inside the script).
2003-12-14 23:24:50 +00:00
Derick Rethans
71f9227cc5
- Fixed bug #26548 (Malformed HTTP dates in headers).
2003-12-07 14:29:43 +00:00
Wez Furlong
30b631d9f6
Export this so that shared session modules can use it under win32.
2003-12-02 23:14:31 +00:00
foobar
e85a4cdbd2
- Fixed bug #25780 (ext/session: invalid session.cookie_lifetime causes crash in win32).
2003-10-08 10:22:51 +00:00
Sascha Schumann
394d3b82b0
Alias session_commit to session_write_close, a more intuitive name
...
for the functionality.
2003-09-21 11:53:12 +00:00
Sascha Schumann
a3c89a2e8f
Fix a segfault which occured when using a storage format not capable
...
of expressing references (e.g. WDDX) and deserializing a session variable
whose name conflicted with an existing symbol in the global scope.
PR: #25307
Submitted by: Jani Taskinen
Speling fixes: me
2003-08-29 12:33:47 +00:00
Andrey Hristov
20383f9080
\n at the end of the message is not needed
2003-08-28 20:43:18 +00:00
Sascha Schumann
237da469d7
format string fix
2003-08-28 17:34:33 +00:00
foobar
625600af30
- Prevent crash if non-existing save/serializer handler is tried to be used
...
- Added the registered serializers information to MINFO.
2003-08-26 02:03:41 +00:00
Ilia Alshanetsky
b9b75991e3
Fixed bug #25084 (Make refer check not dependant on register_globals)
2003-08-14 01:30:06 +00:00
Ilia Alshanetsky
93bcd55eaf
emalloc -> safe_emalloc
2003-08-12 00:58:52 +00:00
Ilia Alshanetsky
22c3346967
Fixed bug #22245 (References inside $_SESSION not being handled).
2003-08-11 19:20:44 +00:00
Sascha Schumann
5978734f30
MFB proper fix for #24592
2003-07-22 01:11:07 +00:00
Ilia Alshanetsky
f9a8fc0c09
Fixed bug #24592 (Possible crash in session extnsion, with NULL values)
2003-07-21 21:47:52 +00:00
James Cox
f68c7ff249
updating license information in the headers.
2003-06-10 20:04:29 +00:00
Sascha Schumann
3c58f69fc4
Print NOTICE upon session_start being called while another session is
...
active
2003-06-10 03:56:23 +00:00
foobar
bfe9e39673
MFB: fix proto
2003-05-31 02:33:55 +00:00
foobar
ed1378a975
MFB: Always send a new session cookie upon regenerating id
2003-05-31 02:33:21 +00:00
Sascha Schumann
289ad3960e
Fix the way we create references to (sometimes non-)existing
...
variables.
Credits go to Rob Richards <rrichards@digarc.com> and Zeev
2003-05-15 13:33:18 +00:00
Stanislav Malyshev
cddface7f1
fix TSRM
2003-04-27 16:18:43 +00:00
Stanislav Malyshev
cad71d8c92
MFB 4_3:
...
Fix very nasty bug - session cookie kills one of the cookies
set before it on certain non-Apache SAPIs.
# for example, this code:
# <?
# setcookie("abc", 1);
# setcookie("def", 2);
# session_start();
# ?>
# would output only 'def' cookie on CGI and ISAPI
2003-04-27 16:04:53 +00:00
Sascha Schumann
4226fe67d1
dividend -> divisor
...
Submitted by: Jesus M. Castagnetto <jmcastagnetto@yahoo.com>
2003-04-05 11:22:15 +00:00
Sebastian Bergmann
5ca078779a
Eliminate some TSRMLS_FETCH() calls. Tested with Win32 build of SAPI/CGI and SAPI/CLI on Win32.
2003-03-25 08:07:13 +00:00
foobar
3c9155e0cb
Renamed OnUpdateInt -> OnUpdateLong to prevent further misunderstandings.
...
# Intentionally left out any 'alias' for it, this way 3rd party extension
# maintainers will really NOTICE the change.
2003-03-07 05:15:28 +00:00
Zeev Suraski
4e55747a2b
Add JIT initialization for _SERVER and _ENV
...
(it's less important for the others, even though it should be fairly
easy now too)
2003-03-02 10:19:15 +00:00
Sascha Schumann
6f5b46c118
generally urlencode parameters
2003-02-20 06:18:16 +00:00
Sascha Schumann
4ec77cfbb5
Refactor new-session-id code
2003-02-18 19:29:38 +00:00
Sascha Schumann
2699c26f42
Remember whether to send a cookie, so that we send out the correct
...
session id. Also improve check for active session
2003-02-18 19:13:49 +00:00
Sascha Schumann
32e0c8161c
add session_regenerate_id()
2003-02-18 18:50:44 +00:00
Sascha Schumann
5e601732a3
use appropiate prefixes in the ps_module structure so we don't clash
...
with syscalls
2003-02-11 00:42:14 +00:00
Ilia Alshanetsky
242a9a47c7
Fix compiler warning.
2003-01-30 22:37:50 +00:00
Sascha Schumann
330740f7cd
Remove ugly netware hacks from the code
2003-01-24 23:57:32 +00:00
Ilia Alshanetsky
3d8e54f3a2
Changed php_error to php_error_docref.
2003-01-19 00:45:53 +00:00