clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-10-03 07:46:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
38,437 Commits 494 Branches 1,367 Tags 810 MiB
eb72fc8968
Commit Graph

473 Commits

Author SHA1 Message Date
Ilia Alshanetsky
eb72fc8968 MFB: Fixed compiler warning 2007-06-17 14:26:16 +00:00
Stefan Esser
fde56bd858 Fix attribute injection security bug correctly by URL encoding session 
name and session value. (in future maybe encode path/domain, too)

Remove backward compatibility breaking blacklist of characters.
 2007-06-16 07:47:46 +00:00
Stanislav Malyshev
e4e1f60125 MF5: Disallow characters that Cookie RFC does not allow in unquoted cookies 2007-06-15 22:42:43 +00:00
Antony Dovgal
976a22df16 php_gmtime_r() fixes 2007-06-07 08:58:38 +00:00
Stanislav Malyshev
a66fbe2d5e do not send cookie when session is passed in URL, same as it happens with GET/POST 2007-05-16 01:32:28 +00:00
Antony Dovgal
a8fe87efd3 fix build when ext/hash is compiled as shared module 2007-05-02 10:30:24 +00:00
Antony Dovgal
2c72351711 fix #40998 (long session array keys are truncated) 2007-04-04 19:46:42 +00:00
Antony Dovgal
03a3291262 MFB 2007-03-19 08:24:17 +00:00
Marcus Boerger
20a40063c5 - avoid sprintf 2007-02-24 16:25:58 +00:00
Sebastian Bergmann
4e8661438d Fix ZTS issues. 2007-01-05 14:53:30 +00:00
Sara Golemon
5d988bb1aa Allow ext/session to use ext/hash's algorithms for generating IDs 2007-01-05 03:57:57 +00:00
Sara Golemon
344cda1666 Unicode Updates 2007-01-05 02:07:59 +00:00
Sara Golemon
21bac192e9 Cleanup ext/session so that I can do a unicode update without going insane. 2007-01-04 22:04:38 +00:00
Sebastian Bergmann
3717df72ae Bump year. 2007-01-01 09:29:37 +00:00
Ilia Alshanetsky
15f1692572 MFB: Added boundary checks to php_binary deserializer 2006-12-31 22:26:06 +00:00
Ilia Alshanetsky
4386719b07 MFB: Session deserializer protection. 2006-12-26 17:18:28 +00:00
Antony Dovgal
abac61eec7 remove register_globals remains 
maintain an internal reference of _SESSION, so that it won't be possible to destroy it from userspace
 2006-12-20 19:20:59 +00:00
Antony Dovgal
576797c7c1 fix retval type 
it should be int, not zend_bool
 2006-12-04 15:58:35 +00:00
Ilia Alshanetsky
fcaf113b33 MFB: Disallow \0 chars inside session.save_path 2006-12-01 00:27:33 +00:00
Hannes Magnusson
176b72284c Error message clean up 
(patch by Matt W (php_lists -AT- realpain.com))
 2006-10-08 13:34:24 +00:00
Hannes Magnusson
e531458f89 Remove double "wrong param count" warnings 2006-10-07 22:55:18 +00:00
Ilia Alshanetsky
8786640da8 MFB: Expose session storage module locater and serialization function via 
PHPAPI
 2006-10-06 21:11:57 +00:00
Ilia Alshanetsky
30885c8d99 MFB: Fixed bug #38993 (Fixed safe_mode/open_basedir checks for 
session.save_path, allowing them to account for extra parameters).
 2006-10-01 21:00:00 +00:00
Dmitry Stogov
128548a5c0 Disabled autoconversion of hash keys (from string to unicode) for PHP arrays 2006-09-19 10:38:31 +00:00
Antony Dovgal
103d999dd1 fix typo 2006-08-30 17:57:25 +00:00
Antony Dovgal
1fcfbd873d change ini handlers to produce E_ERROR if they are called during startup or per request 2006-08-30 16:24:31 +00:00
Antony Dovgal
5b79892659 change E_ERROR to E_WARNING when invalid argument has been passed 
make sure ini_set() doesn't reset PS(mod) and PS(serializer) to invalid values
 2006-08-30 15:42:40 +00:00
Ilia Alshanetsky
9a07b46e00 MFB: fix proto 2006-08-10 21:11:00 +00:00
Ilia Alshanetsky
b97c393f87 MFB: Added support for httpOnly flag for session extension and cookie 
setting functions.
 2006-08-10 13:56:54 +00:00
Antony Dovgal
9b63740847 fix #38289 (segfault in session_decode() when _SESSION is NULL) 2006-08-02 09:15:13 +00:00
Antony Dovgal
873b6d87c6 fix #38278 (session_cache_expire()'s value does not match phpinfo's session.cache_expire) 2006-08-01 08:31:37 +00:00
Ilia Alshanetsky
a081be13fc MFB: An improved fix for bug #38224 2006-07-27 15:36:43 +00:00
Ilia Alshanetsky
3e00d90ff0 MFB: make C++ compilers happy 2006-07-27 14:13:53 +00:00
Ilia Alshanetsky
a3656ec923 Removed debug code 2006-07-27 14:05:38 +00:00
Ilia Alshanetsky
acbb531a12 MFB: Fixed bug #38224 (session extension can't handle broken cookies). 2006-07-27 14:00:27 +00:00
Ilia Alshanetsky
896c0e0690 MFB: Fixed compiler warnings. 2006-07-13 00:13:42 +00:00
Michael Wallner
1d6027adbd - add note why replace is 0, so that I don't wonder again in 2 months 
why session_regenerate_id() sends the session cookie twice
 2006-07-12 15:28:18 +00:00
Dmitry Stogov
943960c324 Added automatic module globals management 2006-06-13 13:12:20 +00:00
Michael Wallner
231ad17475 - explicit usage of TS macros 
# this could have been raised a lot earlier
 2006-06-03 11:19:44 +00:00
Michael Wallner
4ce0141713 - new output control code 
# scan README.NEW-OUTPUT-API to get a grasp
# tree has been tagged with BEFORE_NEW_OUTPUT_API
#
# TODO:
#  - improve existing output handlers
#  - move zlib.output_compression cruft from SAPI.c to zlib.c
#  - output_encoding handling was ambigious, resp. is undefined yet
#  - more tests
 2006-06-02 19:51:43 +00:00
Marcus Boerger
a4471f70f0 - Fix bug #37510 session_regenerate_id changes session_id() even on failure 2006-05-18 22:07:31 +00:00
foobar
672266c735 - Cleanup 2006-04-10 15:06:51 +00:00
Dmitry Stogov
22055cb8fd Dropped register_long_arrays, added E_CORE for all dropped setting 2006-03-16 09:44:42 +00:00
Pierre Joye
303bfea78f - remove register_globals support (aka "Kill the f***ing thing" :) 2006-03-07 00:20:54 +00:00
Dmitry Stogov
0f1209ab3d Portable unicode string API: 
- use the same type (int) for zval.value.usr.len and zval.value.str.len
  - use union "zstr" as char*/UChar* mixture instead of void*
  - Z_UNISTR() and Z_UNILEN() no longer check for Z_TYPE()
  - nuke int32_t from ZE (not finisned)
 2006-02-21 20:12:43 +00:00
Andi Gutmans
e94e25e621 Start nuking safe_mode. Still a lot of work to do... 2006-02-19 00:55:22 +00:00
Rasmus Lerdorf
a5883cc89c (Missing patch from the PHP 4 tree that got lost in the shuffle) 
See: http://cvs.php.net/viewcvs.cgi/php-src/ext/session/session.c?r1=1.336.2.39&r2=1.336.2.40
- fix logic. if the client already sent us the cookie, we don't
  need to send it again.  if the id has been changed, we need to
  update the client side.
 2006-02-10 07:41:59 +00:00
Frank M. Kromann
921498e38b MFB51 Export symbols that will allow building WDDX as shared object 2006-01-28 06:18:18 +00:00
Ilia Alshanetsky
0de9cf1e73 MFB51: Added a check for special characters in the session name. 2006-01-15 16:51:34 +00:00
foobar
251c5173fd bump year and license version 2006-01-01 13:10:10 +00:00