Yiduo (David) Wang
95da0dc570
Added macros for managing zval refcounts and is_ref statuses
2007-10-07 05:15:07 +00:00
Dmitry Stogov
8146078f7b
Improved memory usage by movig constants to read only memory. (Dmitry, Pierre)
2007-09-27 18:28:44 +00:00
Ilia Alshanetsky
3a802820e8
MFB: Fixed Bug #42596 (session.save_path MODE option does not work).
2007-09-10 23:43:08 +00:00
Jani Taskinen
24c98f8aa3
MFB: Fixed bug #37273 (Symlinks and mod_files session handler allow open_basedir bypass)
2007-08-23 13:38:49 +00:00
Jani Taskinen
197b51e796
MFB: -r1.100.2.3.2.5
2007-08-23 13:09:27 +00:00
Jani Taskinen
af83e1cad2
missing )
2007-08-23 11:38:56 +00:00
Jani Taskinen
5735862a92
MFB (since Ilia is too lazy..): Fix bug #42135
2007-08-05 13:10:32 +00:00
Stanislav Malyshev
d4cc7daba2
MF5: fix for access control with .htaccess
2007-08-03 01:40:05 +00:00
Stanislav Malyshev
5d0a261394
always check save_path (issue reported by Maksymilian Arciemowicz)
2007-07-10 17:52:32 +00:00
Ilia Alshanetsky
eb72fc8968
MFB: Fixed compiler warning
2007-06-17 14:26:16 +00:00
Stefan Esser
fde56bd858
Fix attribute injection security bug correctly by URL encoding session
...
name and session value. (in future maybe encode path/domain, too)
Remove backward compatibility breaking blacklist of characters.
2007-06-16 07:47:46 +00:00
Stanislav Malyshev
e4e1f60125
MF5: Disallow characters that Cookie RFC does not allow in unquoted cookies
2007-06-15 22:42:43 +00:00
Antony Dovgal
976a22df16
php_gmtime_r() fixes
2007-06-07 08:58:38 +00:00
Ilia Alshanetsky
886cb0c783
MFB: Fixed bug #41600 (url rewriter tags doesn't work with namespaced tags).
2007-06-06 00:01:13 +00:00
Stanislav Malyshev
a66fbe2d5e
do not send cookie when session is passed in URL, same as it happens with GET/POST
2007-05-16 01:32:28 +00:00
Antony Dovgal
8d9be0338b
fix test names
2007-05-07 16:50:40 +00:00
Antony Dovgal
a8fe87efd3
fix build when ext/hash is compiled as shared module
2007-05-02 10:30:24 +00:00
Antony Dovgal
2c72351711
fix #40998 (long session array keys are truncated)
2007-04-04 19:46:42 +00:00
Antony Dovgal
03a3291262
MFB
2007-03-19 08:24:17 +00:00
Martin Kraemer
e46b1b3747
Typo
2007-03-14 09:49:58 +00:00
Marcus Boerger
20a40063c5
- avoid sprintf
2007-02-24 16:25:58 +00:00
Hannes Magnusson
71a68db63e
MFB: fix skipif
2007-01-06 16:57:42 +00:00
Sara Golemon
851a151712
Don't bother with conversion when the converter is already UTF8
2007-01-05 17:29:30 +00:00
Sebastian Bergmann
4e8661438d
Fix ZTS issues.
2007-01-05 14:53:30 +00:00
Sara Golemon
5d988bb1aa
Allow ext/session to use ext/hash's algorithms for generating IDs
2007-01-05 03:57:57 +00:00
Sara Golemon
344cda1666
Unicode Updates
2007-01-05 02:07:59 +00:00
Ilia Alshanetsky
b21b4c01c3
MFB: Added missing open_basedir checks
2007-01-04 23:50:19 +00:00
Sara Golemon
21bac192e9
Cleanup ext/session so that I can do a unicode update without going insane.
2007-01-04 22:04:38 +00:00
Sebastian Bergmann
3717df72ae
Bump year.
2007-01-01 09:29:37 +00:00
Ilia Alshanetsky
15f1692572
MFB: Added boundary checks to php_binary deserializer
2006-12-31 22:26:06 +00:00
Antony Dovgal
9e41e0fda3
fix tests
2006-12-27 19:22:29 +00:00
Ilia Alshanetsky
4386719b07
MFB: Session deserializer protection.
2006-12-26 17:18:28 +00:00
Antony Dovgal
abac61eec7
remove register_globals remains
...
maintain an internal reference of _SESSION, so that it won't be possible to destroy it from userspace
2006-12-20 19:20:59 +00:00
Antony Dovgal
576797c7c1
fix retval type
...
it should be int, not zend_bool
2006-12-04 15:58:35 +00:00
Ilia Alshanetsky
fcaf113b33
MFB: Disallow \0 chars inside session.save_path
2006-12-01 00:27:33 +00:00
Ilia Alshanetsky
b0f8e77d17
Fixed bug #39265 (Fixed path handling inside mod_files.sh)
...
# Patch by michal dot taborsky at gmail dot com
2006-11-03 13:18:19 +00:00
Hannes Magnusson
176b72284c
Error message clean up
...
(patch by Matt W (php_lists -AT- realpain.com))
2006-10-08 13:34:24 +00:00
Hannes Magnusson
e531458f89
Remove double "wrong param count" warnings
2006-10-07 22:55:18 +00:00
Ilia Alshanetsky
8786640da8
MFB: Expose session storage module locater and serialization function via
...
PHPAPI
2006-10-06 21:11:57 +00:00
Ilia Alshanetsky
30885c8d99
MFB: Fixed bug #38993 (Fixed safe_mode/open_basedir checks for
...
session.save_path, allowing them to account for extra parameters).
2006-10-01 21:00:00 +00:00
Dmitry Stogov
128548a5c0
Disabled autoconversion of hash keys (from string to unicode) for PHP arrays
2006-09-19 10:38:31 +00:00
Antony Dovgal
103d999dd1
fix typo
2006-08-30 17:57:25 +00:00
Antony Dovgal
1fcfbd873d
change ini handlers to produce E_ERROR if they are called during startup or per request
2006-08-30 16:24:31 +00:00
Antony Dovgal
5b79892659
change E_ERROR to E_WARNING when invalid argument has been passed
...
make sure ini_set() doesn't reset PS(mod) and PS(serializer) to invalid values
2006-08-30 15:42:40 +00:00
Antony Dovgal
d3bb8d11f9
fix test
2006-08-11 10:36:07 +00:00
Ilia Alshanetsky
9a07b46e00
MFB: fix proto
2006-08-10 21:11:00 +00:00
Ilia Alshanetsky
b97c393f87
MFB: Added support for httpOnly flag for session extension and cookie
...
setting functions.
2006-08-10 13:56:54 +00:00
Ilia Alshanetsky
936ebdbe1f
MFB: Fixed bug #38377 (session_destroy() gives warning after
...
session_regenerate_id()).
2006-08-08 14:57:33 +00:00
Antony Dovgal
9b63740847
fix #38289 (segfault in session_decode() when _SESSION is NULL)
2006-08-02 09:15:13 +00:00
Antony Dovgal
873b6d87c6
fix #38278 (session_cache_expire()'s value does not match phpinfo's session.cache_expire)
2006-08-01 08:31:37 +00:00
Ilia Alshanetsky
a081be13fc
MFB: An improved fix for bug #38224
2006-07-27 15:36:43 +00:00
Ilia Alshanetsky
3e00d90ff0
MFB: make C++ compilers happy
2006-07-27 14:13:53 +00:00
Ilia Alshanetsky
a3656ec923
Removed debug code
2006-07-27 14:05:38 +00:00
Ilia Alshanetsky
acbb531a12
MFB: Fixed bug #38224 (session extension can't handle broken cookies).
2006-07-27 14:00:27 +00:00
Ilia Alshanetsky
896c0e0690
MFB: Fixed compiler warnings.
2006-07-13 00:13:42 +00:00
Michael Wallner
1d6027adbd
- add note why replace is 0, so that I don't wonder again in 2 months
...
why session_regenerate_id() sends the session cookie twice
2006-07-12 15:28:18 +00:00
Dmitry Stogov
943960c324
Added automatic module globals management
2006-06-13 13:12:20 +00:00
Michael Wallner
231ad17475
- explicit usage of TS macros
...
# this could have been raised a lot earlier
2006-06-03 11:19:44 +00:00
Michael Wallner
4ce0141713
- new output control code
...
# scan README.NEW-OUTPUT-API to get a grasp
# tree has been tagged with BEFORE_NEW_OUTPUT_API
#
# TODO:
# - improve existing output handlers
# - move zlib.output_compression cruft from SAPI.c to zlib.c
# - output_encoding handling was ambigious, resp. is undefined yet
# - more tests
2006-06-02 19:51:43 +00:00
Marcus Boerger
a4471f70f0
- Fix bug #37510 session_regenerate_id changes session_id() even on failure
2006-05-18 22:07:31 +00:00
Ilia Alshanetsky
333787ff7f
MFB51: Fixed Bug #36872 (session_destroy() fails after call to
...
session_regenerate_id(true)).
2006-04-17 23:29:46 +00:00
foobar
672266c735
- Cleanup
2006-04-10 15:06:51 +00:00
Dmitry Stogov
c4d2bc4c46
Fixed test
2006-03-27 14:08:10 +00:00
Dmitry Stogov
22055cb8fd
Dropped register_long_arrays, added E_CORE for all dropped setting
2006-03-16 09:44:42 +00:00
Pierre Joye
303bfea78f
- remove register_globals support (aka "Kill the f***ing thing" :)
2006-03-07 00:20:54 +00:00
Ilia Alshanetsky
1a3bb9f4bd
MFB51: Fixed bug #36459 (Incorrect adding PHPSESSID to links, which
...
contains \r\n).
2006-02-28 14:45:52 +00:00
Dmitry Stogov
36002f16c3
Fixed test file
2006-02-22 12:22:07 +00:00
Dmitry Stogov
0f1209ab3d
Portable unicode string API:
...
- use the same type (int) for zval.value.usr.len and zval.value.str.len
- use union "zstr" as char*/UChar* mixture instead of void*
- Z_UNISTR() and Z_UNILEN() no longer check for Z_TYPE()
- nuke int32_t from ZE (not finisned)
2006-02-21 20:12:43 +00:00
Andi Gutmans
e94e25e621
Start nuking safe_mode. Still a lot of work to do...
2006-02-19 00:55:22 +00:00
Dmitry Stogov
09ca61c125
Made server wide switch for unicode on/off (according to PDM).
2006-02-13 10:23:59 +00:00
Rasmus Lerdorf
a5883cc89c
(Missing patch from the PHP 4 tree that got lost in the shuffle)
...
See: http://cvs.php.net/viewcvs.cgi/php-src/ext/session/session.c?r1=1.336.2.39&r2=1.336.2.40
- fix logic. if the client already sent us the cookie, we don't
need to send it again. if the id has been changed, we need to
update the client side.
2006-02-10 07:41:59 +00:00
Frank M. Kromann
921498e38b
MFB51 Export symbols that will allow building WDDX as shared object
2006-01-28 06:18:18 +00:00
Ilia Alshanetsky
0de9cf1e73
MFB51: Added a check for special characters in the session name.
2006-01-15 16:51:34 +00:00
foobar
251c5173fd
bump year and license version
2006-01-01 13:10:10 +00:00
foobar
a208d9a966
- Nuke php3 legacy
2005-12-06 02:28:26 +00:00
foobar
ecd8376f36
- Changed "session.use_only_cookies" to be on by default.
2005-12-02 18:42:41 +00:00
foobar
be3a2c634d
- Improved the fix for #21306 a bit
2005-09-23 08:13:57 +00:00
foobar
6f0648dab6
- Fixed bug #21306 (catch bailouts of write handler during RSHUTDOWN)
2005-09-20 20:56:21 +00:00
Stanislav Malyshev
961d12fa2d
fix crash on restarting static PHP having session modules loaded
2005-09-20 14:05:16 +00:00
Derick Rethans
0f391bb0b3
- Add E_RECOVERABLE.
...
#- Thought I did this before already actually...
2005-09-15 16:19:48 +00:00
Dmitry Stogov
6b622046dc
zend_is_callable() and zend_make_callable() were changed to return readable function name as zval (instead of string).
2005-08-22 12:22:16 +00:00
foobar
03cec74a0d
Nuked EOLs from error messages
2005-08-18 13:34:04 +00:00
foobar
23e671a51e
- Bumber up year
2005-08-03 14:08:58 +00:00
Dmitry Stogov
319cbe1c5a
Fixed test file
2005-07-05 14:10:31 +00:00
foobar
73dd4043b3
Make sure files-save handler is used always
2005-07-04 13:09:14 +00:00
foobar
56c1b316da
- Added session.hash_bits_per_character support. (3rd param)
...
(Changes by: waltzer at autumnweave dot com)
2005-06-20 13:37:32 +00:00
foobar
fd07bc5e6b
nuke duplicate code
2005-06-03 22:09:22 +00:00
Antony Dovgal
29319a81b8
fix typo
...
(see details here: http://news.php.net/php.internals/16350 )
2005-06-01 18:27:50 +00:00
foobar
a20383ba06
- Unify the "configure --help" texts
2005-05-29 23:17:16 +00:00
Ilia Alshanetsky
c24900dfa4
Added an optional remove old session parameter to session_regenerate_id().
2005-05-29 16:51:25 +00:00
foobar
26d7b7fbc0
CS fix
2005-05-23 06:46:25 +00:00
Antony Dovgal
a186549ec0
fix compile warning
2005-05-22 12:57:26 +00:00
Rasmus Lerdorf
c1ef105535
Fixed bug 33072 - safemode/open_basedir check for runtime save_path change
2005-05-21 17:37:56 +00:00
Antony Dovgal
8f5ecf6da8
fix bug #32944 (Disabling session.use_cookies doesn't prevent reading session cookies)
2005-05-20 10:27:49 +00:00
foobar
626253940e
- Added PHP_INSTALL_HEADERS() macro
...
- Fixed several VPATH build issues
- Changed all awk calls to use $AWK
- Changed all mkdir calls to use "$php_shtool mkdir"
2005-05-07 02:51:53 +00:00
foobar
a119050ebb
These tests require register_long_arrays=1
2005-03-31 19:47:19 +00:00
Antony Dovgal
76e07faf87
fix leak when register_long_arrays is off
2005-03-24 00:17:16 +00:00
foobar
3ca8ad73a4
- Missing $Id$ tags
2005-02-13 17:54:04 +00:00
foobar
7281cd8082
MFB_4_3: cvs diff -r1.84.2.5 -r1.84.2.6 php_session.h
2005-02-13 07:55:27 +00:00
Antony Dovgal
5b78e4c025
hm..
...
fix #28324 _properly_
2005-02-10 20:22:07 +00:00