clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-10-03 15:56:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
38,437 Commits 494 Branches 1,367 Tags 813 MiB
eb72fc8968
Commit Graph

473 Commits

Author SHA1 Message Date
foobar
a208d9a966 - Nuke php3 legacy 2005-12-06 02:28:26 +00:00
foobar
ecd8376f36 - Changed "session.use_only_cookies" to be on by default. 2005-12-02 18:42:41 +00:00
foobar
be3a2c634d - Improved the fix for #21306 a bit 2005-09-23 08:13:57 +00:00
foobar
6f0648dab6 - Fixed bug #21306 (catch bailouts of write handler during RSHUTDOWN) 2005-09-20 20:56:21 +00:00
Stanislav Malyshev
961d12fa2d fix crash on restarting static PHP having session modules loaded 2005-09-20 14:05:16 +00:00
Derick Rethans
0f391bb0b3 - Add E_RECOVERABLE. 
#- Thought I did this before already actually...
 2005-09-15 16:19:48 +00:00
Dmitry Stogov
6b622046dc zend_is_callable() and zend_make_callable() were changed to return readable function name as zval (instead of string). 2005-08-22 12:22:16 +00:00
foobar
23e671a51e - Bumber up year 2005-08-03 14:08:58 +00:00
foobar
fd07bc5e6b nuke duplicate code 2005-06-03 22:09:22 +00:00
Antony Dovgal
29319a81b8 fix typo 
(see details here: http://news.php.net/php.internals/16350)
 2005-06-01 18:27:50 +00:00
Ilia Alshanetsky
c24900dfa4 Added an optional remove old session parameter to session_regenerate_id(). 2005-05-29 16:51:25 +00:00
foobar
26d7b7fbc0 CS fix 2005-05-23 06:46:25 +00:00
Antony Dovgal
a186549ec0 fix compile warning 2005-05-22 12:57:26 +00:00
Rasmus Lerdorf
c1ef105535 Fixed bug 33072 - safemode/open_basedir check for runtime save_path change 2005-05-21 17:37:56 +00:00
Antony Dovgal
8f5ecf6da8 fix bug #32944 (Disabling session.use_cookies doesn't prevent reading session cookies) 2005-05-20 10:27:49 +00:00
Antony Dovgal
76e07faf87 fix leak when register_long_arrays is off 2005-03-24 00:17:16 +00:00
Antony Dovgal
5b78e4c025 hm.. 
fix #28324 _properly_
 2005-02-10 20:22:07 +00:00
Antony Dovgal
94982058b6 fix bug #28324 (HTTP_SESSION_VARS appear when register_long_arrays is Off) 2005-02-10 19:38:11 +00:00
Stefan Esser
581265f4d1 Correctly initialize ZVAL 2005-01-21 16:03:47 +00:00
Antony Dovgal
d7072f8a9d efree(name) 2005-01-09 17:49:51 +00:00
Antony Dovgal
c644b2a5a1 fix bug #31454 (session_set_save_handler crashes PHP when supplied non-existent object ref) 2005-01-09 17:42:02 +00:00
Antony Dovgal
ad76be844b CS changes (as suggested by Ilia) 2004-12-09 17:15:52 +00:00
Antony Dovgal
e76824c91f fix segfault in session_module_name() when session.save_handler is empty 2004-12-09 14:14:21 +00:00
Dmitry Stogov
a22fa4d109 Fixed crash in phpinfo() after graceful Apache restart. 2004-12-07 18:02:25 +00:00
Andi Gutmans
11bcaedfc8 - Rename delete_global_variable() to zend_delete_global_variable() 2004-10-04 20:17:06 +00:00
Andi Gutmans
db507dd153 - Commit the variable fetch optimization. 
- Extensions which delete global variables need to use new special function
- delete_global_variable() (I'm about to rename it) to remove them.
- Will post to internals@ or via commit messages if there's anything else.
 2004-10-04 19:54:35 +00:00
Anantha Kesari H Y
142e92bb70 NetWare specific stat structure access incorporated 2004-09-30 14:31:30 +00:00
Antony Dovgal
0ea23249da fix error message 2004-09-30 14:20:02 +00:00
Antony Dovgal
fcd702efe4 fix segfault when using unknown/unsupported save_handler and/or serialize_handler (bug #30282) 2004-09-30 12:19:59 +00:00
Ilia Alshanetsky
6784176b9c Fixed compiler warnings. 2004-09-14 23:57:53 +00:00
Ilia Alshanetsky
197d65770a Fixed bug #29925 (Added a check to prevent illegal characters in session 
key).
 2004-09-02 02:44:04 +00:00
Sascha Schumann
5890197024 fix empty_string issue 
Patch submitted by Antony Dovgal <tony2001@phpclub.net>
 2004-08-02 08:27:46 +00:00
Andi Gutmans
56f8195fe5 - Nuke empty_string. It is a reminanent from the time where RETURN_FALSE() 
used to return "" and not bool(false). It's not worth keeping it because
  STR_FREE() and zval_dtor() always have to check for it and it slows down
  the general case. In addition, it seems that empty_string has been abused
  quite a lot, and was used not only for setting zval's but generally in
  PHP code instead of "", which wasn't the intention. Last but not least,
  nuking empty_string should improve stability as I doubt every place
  correctly checked if they are not mistakenly erealloc()'ing it or
  calling efree() on it.
  NOTE: Some code is probably broken. Each extension maintainer should
  check and see that my changes are OK. Also, I haven't had time to touch
  PECL yet. Will try and do it tomorrow.
 2004-07-19 07:19:50 +00:00
Andi Gutmans
e5cfb1d05c - Better stability during premature shutdown of request startup 2004-07-10 07:46:17 +00:00
Sara Golemon
96132bf4fe if statement logic would never eval to false. 2004-05-08 05:58:18 +00:00
Ilia Alshanetsky
793140873b Another setting leak in session code (bug #27963). 2004-04-13 18:18:22 +00:00
Ilia Alshanetsky
254c8d6ce9 Fixed bug #27963 (Session lifetime setting may leak between requests). 2004-04-13 00:39:05 +00:00
Wez Furlong
32be6f268b Fix for Bug #26757: session.save_path defaults to bogus value on win32 
Merge from branch with one main difference: the default save_path is
set to the empty string on all platforms, whereas the code in the
branch only does so for win32.
 2004-03-29 21:44:07 +00:00
Moriyoshi Koizumi
75f83f7bb4 - Fix segfaults on deserialisation of referenced variables. 
# ALLOC_INIT_ZVAL() initialises the type field to IS_NULL, while
# MAKE_STD_ZVAL() doesn't. This caused a kind of random crash
# when zval_ptr_dtor() was applied on an intact zval created by
# the latter method.
#
# Please check relevant bugs again. There should be some that
# have already been marked as bogus.
 2004-02-29 00:26:36 +00:00
foobar
ac92c47b84 Fix bug #26005 (Random "cannot change the session ini settings" errors) 2004-02-24 08:47:35 +00:00
foobar
4441da2754 Improve error messages 2004-02-19 01:54:21 +00:00
Zeev Suraski
7c710a9f9b Use zval_ptr_dtor() to free variables as soon as they hit refcount of 0. 
Note:  You should not be using ZVAL_DELREF() in day to day usage.  Instead,
       you should use zval_ptr_dtor().  Use ZVAL_DELREF() only if you're
       messing with the refcount directly and know what you're doing.
Note #2:  For clarity, if you want to initialize a new zval with a refcount
          of 0, it's best to do that directly, instead of using ZVAL_DELREF
          after allocating the zval...
 2004-02-15 12:58:19 +00:00
Wez Furlong
6ac364048b export tsrm id for session globals. 2004-01-09 15:30:07 +00:00
Andi Gutmans
dbeb4158d2 - A belated happy holidays and PHP 5 2004-01-08 08:18:22 +00:00
Ilia Alshanetsky
d3639b1aa7 Fixed bug #24693 (Allow session.use_trans_sid to be enabled/disabled from 
inside the script).
 2003-12-14 23:24:50 +00:00
Derick Rethans
71f9227cc5 - Fixed bug #26548 (Malformed HTTP dates in headers). 2003-12-07 14:29:43 +00:00
Wez Furlong
30b631d9f6 Export this so that shared session modules can use it under win32. 2003-12-02 23:14:31 +00:00
foobar
e85a4cdbd2 - Fixed bug #25780 (ext/session: invalid session.cookie_lifetime causes crash in win32). 2003-10-08 10:22:51 +00:00
Sascha Schumann
394d3b82b0 Alias session_commit to session_write_close, a more intuitive name 
for the functionality.
 2003-09-21 11:53:12 +00:00
Sascha Schumann
a3c89a2e8f Fix a segfault which occured when using a storage format not capable 
of expressing references (e.g. WDDX) and deserializing a session variable
whose name conflicted with an existing symbol in the global scope.

PR: #25307
Submitted by: Jani Taskinen
Speling fixes: me
 2003-08-29 12:33:47 +00:00
Andrey Hristov
20383f9080 \n at the end of the message is not needed 2003-08-28 20:43:18 +00:00
Sascha Schumann
237da469d7 format string fix 2003-08-28 17:34:33 +00:00
foobar
625600af30 - Prevent crash if non-existing save/serializer handler is tried to be used 
- Added the registered serializers information to MINFO.
 2003-08-26 02:03:41 +00:00
Ilia Alshanetsky
b9b75991e3 Fixed bug #25084 (Make refer check not dependant on register_globals) 2003-08-14 01:30:06 +00:00
Ilia Alshanetsky
93bcd55eaf emalloc -> safe_emalloc 2003-08-12 00:58:52 +00:00
Ilia Alshanetsky
22c3346967 Fixed bug #22245 (References inside $_SESSION not being handled). 2003-08-11 19:20:44 +00:00
Sascha Schumann
5978734f30 MFB proper fix for #24592 2003-07-22 01:11:07 +00:00
Ilia Alshanetsky
f9a8fc0c09 Fixed bug #24592 (Possible crash in session extnsion, with NULL values) 2003-07-21 21:47:52 +00:00
James Cox
f68c7ff249 updating license information in the headers. 2003-06-10 20:04:29 +00:00
Sascha Schumann
3c58f69fc4 Print NOTICE upon session_start being called while another session is 
active
 2003-06-10 03:56:23 +00:00
foobar
bfe9e39673 MFB: fix proto 2003-05-31 02:33:55 +00:00
foobar
ed1378a975 MFB: Always send a new session cookie upon regenerating id 2003-05-31 02:33:21 +00:00
Sascha Schumann
289ad3960e Fix the way we create references to (sometimes non-)existing 
variables.

Credits go to Rob Richards <rrichards@digarc.com> and Zeev
 2003-05-15 13:33:18 +00:00
Stanislav Malyshev
cddface7f1 fix TSRM 2003-04-27 16:18:43 +00:00
Stanislav Malyshev
cad71d8c92 MFB 4_3: 
Fix very nasty bug - session cookie kills one of the cookies
set before it on certain non-Apache SAPIs.
# for example, this code:
# <?
# setcookie("abc", 1);
# setcookie("def", 2);
# session_start();
# ?>
# would output only 'def' cookie on CGI and ISAPI
 2003-04-27 16:04:53 +00:00
Sascha Schumann
4226fe67d1 dividend -> divisor 
Submitted by: Jesus M. Castagnetto <jmcastagnetto@yahoo.com>
 2003-04-05 11:22:15 +00:00
Sebastian Bergmann
5ca078779a Eliminate some TSRMLS_FETCH() calls. Tested with Win32 build of SAPI/CGI and SAPI/CLI on Win32. 2003-03-25 08:07:13 +00:00
foobar
3c9155e0cb Renamed OnUpdateInt -> OnUpdateLong to prevent further misunderstandings. 
# Intentionally left out any 'alias' for it, this way 3rd party extension
# maintainers will really NOTICE the change.
 2003-03-07 05:15:28 +00:00
Zeev Suraski
4e55747a2b Add JIT initialization for _SERVER and _ENV 
(it's less important for the others, even though it should be fairly
easy now too)
 2003-03-02 10:19:15 +00:00
Sascha Schumann
6f5b46c118 generally urlencode parameters 2003-02-20 06:18:16 +00:00
Sascha Schumann
4ec77cfbb5 Refactor new-session-id code 2003-02-18 19:29:38 +00:00
Sascha Schumann
2699c26f42 Remember whether to send a cookie, so that we send out the correct 
session id.  Also improve check for active session
 2003-02-18 19:13:49 +00:00
Sascha Schumann
32e0c8161c add session_regenerate_id() 2003-02-18 18:50:44 +00:00
Sascha Schumann
5e601732a3 use appropiate prefixes in the ps_module structure so we don't clash 
with syscalls
 2003-02-11 00:42:14 +00:00
Ilia Alshanetsky
242a9a47c7 Fix compiler warning. 2003-01-30 22:37:50 +00:00
Sascha Schumann
330740f7cd Remove ugly netware hacks from the code 2003-01-24 23:57:32 +00:00
Ilia Alshanetsky
3d8e54f3a2 Changed php_error to php_error_docref. 2003-01-19 00:45:53 +00:00
Ilia Alshanetsky
72b356c1bc Removed pointless memory allocation checks. 2003-01-18 19:28:10 +00:00
Sascha Schumann
db8b4c6762 Add INI setting session.hash_bits_per_character which enables developers 
to choose how session ids are represented, regardless of the hash algorithm.
 2003-01-16 07:21:49 +00:00
Sascha Schumann
f2f1f94e36 add INI setting session.hash_function 
add support for creating session ids using SHA-1
source more entropy for session ids
 2003-01-12 13:07:14 +00:00
Zeev Suraski
ada5c4009e Fix UMR 2003-01-08 13:28:16 +00:00
Anantha Kesari H Y
90ba724072 Modified for NetWare. 2003-01-03 14:24:07 +00:00
Sebastian Bergmann
b506f5c8f8 Bump year. 2002-12-31 16:08:15 +00:00
Ilia Alshanetsky
c731daeda7 Fixed bug #21268 (session_decode() returned FALSE on success). 2002-12-29 18:50:55 +00:00
Marcus Boerger
3cf581b1b3 correct code that is guarded by "#if 0" 2002-12-05 20:41:55 +00:00
Marcus Boerger
dcfe988820 php_error -> php_error_docref 2002-12-05 20:13:35 +00:00
Sascha Schumann
a257d758a5 Add an error message to the ini handlers 2002-11-20 17:15:00 +00:00
Sascha Schumann
e9ed065afc add protective checks to ini updates 
Noticed by: Derick Rethans <d.rethans@jdimedia.nl>
PR: #20284
 2002-11-20 16:06:29 +00:00
Sascha Schumann
e60c601bd1 improved warning message 
# this should really link to an external page which explains the issue deeply
 2002-10-24 10:40:48 +00:00
Sascha Schumann
2dde6fb594 Print out warning only, if a variable was actually migrated 2002-10-07 02:37:50 +00:00
Sebastian Bergmann
d7f9e8526f Silence warning. 2002-10-06 21:47:54 +00:00
Ilia Alshanetsky
6b5575a101 Code cleanup. Thanks Andi. 2002-10-06 17:17:38 +00:00
Sascha Schumann
5fe046c4c3 session_decode should not segfault 2002-10-03 15:33:00 +00:00
Sascha Schumann
7e03310a6a Don't emit warning, if there is nothing to send 2002-10-03 15:10:36 +00:00
Andi Gutmans
b276a96f4b - Fix ZTS build 2002-10-03 07:23:50 +00:00
Sascha Schumann
13f5db1b67 Make the interpretation of gc_probability configurable by adding 
session.gc_dividend. The probability of running gc on each request is then
gc_probability/gc_dividend.
 2002-10-03 06:45:15 +00:00
Sascha Schumann
0ed434a13b Use ZEND_SET_SYMBOL_WITH_LENGTH correctly (hopefully) 
It strikes me as awkward that a Zend API user needs to take care of
doing the engine's reference counting.

This fixes a memory overrun in a testcase.  All ZEND_SET_* calls
should be correct now.
 2002-10-03 06:29:58 +00:00
Sascha Schumann
15b23945ad (track_init) Use is_ref/refcount parameters of SET_SYMBOL macros 
(save_current_state) Prevent a possible deadlock which occurs when
the track vars are inaccessible
 2002-10-03 05:53:45 +00:00
Sascha Schumann
8a586103fc Align behaviour with 4.2 with regard to register_globals=1 
session_register("c");
unset($c);
$c = time();

If a user unsets a global session variable, it is not a reference
to a $_SESSION slot anymore.

During serialization, PHP 4.2 will not find the respective entry in
$_SESSION and fall back to the global sym table.
 2002-10-03 04:53:05 +00:00
Sascha Schumann
b9077e5a9d Nuke PS(vars), we keep the state of registered session variables now 
completely in PS(http_session_vars). This avoids bugs which are caused
by a lack of synchronization between the two hashes. We also don't need
to worry about prioritizing one of them.

Add session.bug_compat_42 and session.bug_compat_warn which are enabled
by default. The logic behind bug_compat_42:

IF bug_compat_42 is on, and
IF register_globals is off, and
IF any value of $_SESSION["key"] is NULL, and
IF there is a global variable $key, then
$_SESSION["key"] is set to $key.

The extension emits this warning once per script, unless told otherwise.

"Your script possibly relies on a session side-effect which existed until
PHP 4.2.3. Please be advised that the session extension does not consider
global variables as a source of data, unless register_globals is enabled.
You can disable this functionality and this warning by setting
session.bug_compat_42 or session.bug_compat_warn.
 2002-10-03 03:23:02 +00:00