Ilia Alshanetsky
eb72fc8968
MFB: Fixed compiler warning
2007-06-17 14:26:16 +00:00
Stefan Esser
fde56bd858
Fix attribute injection security bug correctly by URL encoding session
...
name and session value. (in future maybe encode path/domain, too)
Remove backward compatibility breaking blacklist of characters.
2007-06-16 07:47:46 +00:00
Stanislav Malyshev
e4e1f60125
MF5: Disallow characters that Cookie RFC does not allow in unquoted cookies
2007-06-15 22:42:43 +00:00
Antony Dovgal
976a22df16
php_gmtime_r() fixes
2007-06-07 08:58:38 +00:00
Stanislav Malyshev
a66fbe2d5e
do not send cookie when session is passed in URL, same as it happens with GET/POST
2007-05-16 01:32:28 +00:00
Antony Dovgal
a8fe87efd3
fix build when ext/hash is compiled as shared module
2007-05-02 10:30:24 +00:00
Antony Dovgal
2c72351711
fix #40998 (long session array keys are truncated)
2007-04-04 19:46:42 +00:00
Antony Dovgal
03a3291262
MFB
2007-03-19 08:24:17 +00:00
Marcus Boerger
20a40063c5
- avoid sprintf
2007-02-24 16:25:58 +00:00
Sebastian Bergmann
4e8661438d
Fix ZTS issues.
2007-01-05 14:53:30 +00:00
Sara Golemon
5d988bb1aa
Allow ext/session to use ext/hash's algorithms for generating IDs
2007-01-05 03:57:57 +00:00
Sara Golemon
344cda1666
Unicode Updates
2007-01-05 02:07:59 +00:00
Sara Golemon
21bac192e9
Cleanup ext/session so that I can do a unicode update without going insane.
2007-01-04 22:04:38 +00:00
Sebastian Bergmann
3717df72ae
Bump year.
2007-01-01 09:29:37 +00:00
Ilia Alshanetsky
15f1692572
MFB: Added boundary checks to php_binary deserializer
2006-12-31 22:26:06 +00:00
Ilia Alshanetsky
4386719b07
MFB: Session deserializer protection.
2006-12-26 17:18:28 +00:00
Antony Dovgal
abac61eec7
remove register_globals remains
...
maintain an internal reference of _SESSION, so that it won't be possible to destroy it from userspace
2006-12-20 19:20:59 +00:00
Antony Dovgal
576797c7c1
fix retval type
...
it should be int, not zend_bool
2006-12-04 15:58:35 +00:00
Ilia Alshanetsky
fcaf113b33
MFB: Disallow \0 chars inside session.save_path
2006-12-01 00:27:33 +00:00
Hannes Magnusson
176b72284c
Error message clean up
...
(patch by Matt W (php_lists -AT- realpain.com))
2006-10-08 13:34:24 +00:00
Hannes Magnusson
e531458f89
Remove double "wrong param count" warnings
2006-10-07 22:55:18 +00:00
Ilia Alshanetsky
8786640da8
MFB: Expose session storage module locater and serialization function via
...
PHPAPI
2006-10-06 21:11:57 +00:00
Ilia Alshanetsky
30885c8d99
MFB: Fixed bug #38993 (Fixed safe_mode/open_basedir checks for
...
session.save_path, allowing them to account for extra parameters).
2006-10-01 21:00:00 +00:00
Dmitry Stogov
128548a5c0
Disabled autoconversion of hash keys (from string to unicode) for PHP arrays
2006-09-19 10:38:31 +00:00
Antony Dovgal
103d999dd1
fix typo
2006-08-30 17:57:25 +00:00
Antony Dovgal
1fcfbd873d
change ini handlers to produce E_ERROR if they are called during startup or per request
2006-08-30 16:24:31 +00:00
Antony Dovgal
5b79892659
change E_ERROR to E_WARNING when invalid argument has been passed
...
make sure ini_set() doesn't reset PS(mod) and PS(serializer) to invalid values
2006-08-30 15:42:40 +00:00
Ilia Alshanetsky
9a07b46e00
MFB: fix proto
2006-08-10 21:11:00 +00:00
Ilia Alshanetsky
b97c393f87
MFB: Added support for httpOnly flag for session extension and cookie
...
setting functions.
2006-08-10 13:56:54 +00:00
Antony Dovgal
9b63740847
fix #38289 (segfault in session_decode() when _SESSION is NULL)
2006-08-02 09:15:13 +00:00
Antony Dovgal
873b6d87c6
fix #38278 (session_cache_expire()'s value does not match phpinfo's session.cache_expire)
2006-08-01 08:31:37 +00:00
Ilia Alshanetsky
a081be13fc
MFB: An improved fix for bug #38224
2006-07-27 15:36:43 +00:00
Ilia Alshanetsky
3e00d90ff0
MFB: make C++ compilers happy
2006-07-27 14:13:53 +00:00
Ilia Alshanetsky
a3656ec923
Removed debug code
2006-07-27 14:05:38 +00:00
Ilia Alshanetsky
acbb531a12
MFB: Fixed bug #38224 (session extension can't handle broken cookies).
2006-07-27 14:00:27 +00:00
Ilia Alshanetsky
896c0e0690
MFB: Fixed compiler warnings.
2006-07-13 00:13:42 +00:00
Michael Wallner
1d6027adbd
- add note why replace is 0, so that I don't wonder again in 2 months
...
why session_regenerate_id() sends the session cookie twice
2006-07-12 15:28:18 +00:00
Dmitry Stogov
943960c324
Added automatic module globals management
2006-06-13 13:12:20 +00:00
Michael Wallner
231ad17475
- explicit usage of TS macros
...
# this could have been raised a lot earlier
2006-06-03 11:19:44 +00:00
Michael Wallner
4ce0141713
- new output control code
...
# scan README.NEW-OUTPUT-API to get a grasp
# tree has been tagged with BEFORE_NEW_OUTPUT_API
#
# TODO:
# - improve existing output handlers
# - move zlib.output_compression cruft from SAPI.c to zlib.c
# - output_encoding handling was ambigious, resp. is undefined yet
# - more tests
2006-06-02 19:51:43 +00:00
Marcus Boerger
a4471f70f0
- Fix bug #37510 session_regenerate_id changes session_id() even on failure
2006-05-18 22:07:31 +00:00
foobar
672266c735
- Cleanup
2006-04-10 15:06:51 +00:00
Dmitry Stogov
22055cb8fd
Dropped register_long_arrays, added E_CORE for all dropped setting
2006-03-16 09:44:42 +00:00
Pierre Joye
303bfea78f
- remove register_globals support (aka "Kill the f***ing thing" :)
2006-03-07 00:20:54 +00:00
Dmitry Stogov
0f1209ab3d
Portable unicode string API:
...
- use the same type (int) for zval.value.usr.len and zval.value.str.len
- use union "zstr" as char*/UChar* mixture instead of void*
- Z_UNISTR() and Z_UNILEN() no longer check for Z_TYPE()
- nuke int32_t from ZE (not finisned)
2006-02-21 20:12:43 +00:00
Andi Gutmans
e94e25e621
Start nuking safe_mode. Still a lot of work to do...
2006-02-19 00:55:22 +00:00
Rasmus Lerdorf
a5883cc89c
(Missing patch from the PHP 4 tree that got lost in the shuffle)
...
See: http://cvs.php.net/viewcvs.cgi/php-src/ext/session/session.c?r1=1.336.2.39&r2=1.336.2.40
- fix logic. if the client already sent us the cookie, we don't
need to send it again. if the id has been changed, we need to
update the client side.
2006-02-10 07:41:59 +00:00
Frank M. Kromann
921498e38b
MFB51 Export symbols that will allow building WDDX as shared object
2006-01-28 06:18:18 +00:00
Ilia Alshanetsky
0de9cf1e73
MFB51: Added a check for special characters in the session name.
2006-01-15 16:51:34 +00:00
foobar
251c5173fd
bump year and license version
2006-01-01 13:10:10 +00:00