It strikes me as awkward that a Zend API user needs to take care of
doing the engine's reference counting.
This fixes a memory overrun in a testcase. All ZEND_SET_* calls
should be correct now.
session_register("c");
unset($c);
$c = time();
If a user unsets a global session variable, it is not a reference
to a $_SESSION slot anymore.
During serialization, PHP 4.2 will not find the respective entry in
$_SESSION and fall back to the global sym table.
completely in PS(http_session_vars). This avoids bugs which are caused
by a lack of synchronization between the two hashes. We also don't need
to worry about prioritizing one of them.
Add session.bug_compat_42 and session.bug_compat_warn which are enabled
by default. The logic behind bug_compat_42:
IF bug_compat_42 is on, and
IF register_globals is off, and
IF any value of $_SESSION["key"] is NULL, and
IF there is a global variable $key, then
$_SESSION["key"] is set to $key.
The extension emits this warning once per script, unless told otherwise.
"Your script possibly relies on a session side-effect which existed until
PHP 4.2.3. Please be advised that the session extension does not consider
global variables as a source of data, unless register_globals is enabled.
You can disable this functionality and this warning by setting
session.bug_compat_42 or session.bug_compat_warn.
The bug causes the kernel not to return -1/EAGAIN. The new test case
has been borrowed from the Linux Test Project.
This also fixes a bug which apparently caused HAVE_PREAD/WRITE to be
defined even if the more complex checks failed (ac_cv_func_NAME=no
was set albeit with no difference).
on the state of $_SESSION/$HTTP_SESSION_VARS. It does not look up
symbols in the global symbol table anymore.
This was achieved by actually planting references between every
$_SESSION["x"] and $x, not only when restoring a session, but also
when registering a session variable (in a register_globals=1 context).
Upon registering a new variable, this memory leak continues to show
up, regardless of register_globals.
ext/session/session.c(272) : Freeing 0x0818F01C (12 bytes), script=test
Obviously, the newly allocated empty zval is not properly freed. If anyone
has any idea on how to fix that, please step forward.
The old checks supposed that pread/pwrite worked, if a declaration was
found in <unistd.h>. We now actually check whether they work successfully
before using them.
Default directory for session data (if not specified) is same (platform-specific) directory used for temporary files.
This is backwards compatible and removes the need for explicitly specifying the session.save_path on Win32.
are simply appended instead of traversing the hash table on each
URL/form.
also fix an unconditional segfault in rshutdown due to efree'ing
a static char *.
remove remove_var, add reset_vars. move the function declarations
into the right header file.
@ and remove variables from the URL-Rewriter. (thies)
i have also modified the session module to use this - so it doesn't
need to fiddle with the output-system any more
the fd.
Also rip out the broken O_EXCL use. Our file names are not unique and
this left a small window open where creating a session file would fail
(a, b notice that the file does not exist; a creates the file successfully;
b tries to create, but fails due to O_EXCL).
of the session ID string. Default PS_MOD() macro sets this to be the default
creation routine. PS_MOD_SID() macro sets this to a handlers session ID
creation routine.
was contained in get/post variables" (which I still am not convinced
of completely), we need a separate variable which determines whether
to define SID in the event that a cookie was not sent.
Noticed by: Matt Allen
I don't have time right now to leave in the good ones and remove
only the bad ones.
There are some semantical changes which I reject, because
they aim at fixing a bug which is at a completely other location.
Then SID does not gefined anymore properly. (This broken patch
has not been sent to me at all.)
Also, there were *so* many whitespace changes which already
make these commits bogus.
(DO NOT document this function yet)
Fixed crash bug with ob_end_*() function. ob_end_*() will not delete
buffers that may not be deleted.
php_start_ob_buffer() and php_ob_set_internal_handler() takes parameter for
if the buffer created may be deleted or not.
Added 3rd parameter "bool erase" to ob_start(). If FALSE, buffer may not be
deleted until script finshes.
Changed ob_*() function that have void return type to bool. All ob_*()
functions return TRUE for success, FALSE for failure.
@ - Added ob_get_status() to get array of buffers and it's status. (Yasuo)
@ - Fixed crash bug with ob_end_*() function. ob_end_*() will not delete
@ buffers that may not be deleted. (Yasuo)
@ - Added 3rd parameter "bool erase" to ob_start(). If FALSE, buffer may not be
@ deleted until script finshes. (Yasuo)
@ - Changed ob_*() function that have void return type to bool. All ob_*()
@ functions return TRUE for success, FALSE for failure. (Yasuo)
@ to off. (Thies)
guys, shoot me if i'm wrong, but when we have set register_globals to off we
should _not_ touch any global variables at any time, right? so all session
register/unregister should only work on $HTTP_SESSION_VARS and $_SESSION. this
patch fixes at least one spot where we were touching globals even with
register_globals set to off.
would be shared among the threads which is quite pointless. Also
use a function of the current time as one factor.
Use gettimeofday() instead of time(), because it is faster on some
operating systems.
Advantages:
- Would work with the output buffering mechanism in general, and with
output compression in particular
- Should yield better performance (untested as of yet)
take any args. In some cases we probably want to skip the check for
performance reasons, but in other cases where performance is unlikely
to be a factor, not throwing a warning on the wrong number of args passed
to a function is at best inconsistent, and at worst it could hide a bug.
So, add a few such checks. There are still lots of cases out there.
- Move to the new ts_allocate_id() API
This patch is *bound* to break some files, as I must have had typos somewhere.
If you use any uncommon extension, please try to build it...
when an Apache children died.
Dynamically resize hash-table.
The hash key is now stored as part of the hash entry structure which
saves a mm_malloc.
ps_sd_new has been restructured to avoid code duplication.
A bug concerning moving existing entries to the top of a linked list
has been fixed.
Fix warning regarding the initial hash value.
Use php_uint32 everywhere.
Speedup linked-list traversal by using the hash value.
Degrade linked-list to singledly linked-list.
Allocate a new shared memory buffer, if the data does not fit into the
current one. Prior to this change, we always allocated a new buffer.
Fix debug prints to be compatible with non-GCC compilers.
NUL-terminate string return values.
and handle some corner cases better. The scanner has been changed
to the format as proposed in "RE2C - A More Versatile Scanner Generator"
by Cowan et al.
- regression test checked (this time;-)
- added new regression test for references
- references _between_ session variables also work in when the session var
replaces an already existing global var (this was a brain twister)
- saved one strlen call per session variable
- fixed one tiny leak
@ WDDX session-serializer. Also improved speed of sessions. (Thies)
from now on php_set_session_var no longer copies the variable recovered from a
session (tested with php, php_binary and wddx). this should speed up session
deserializing quite a bit. (this damn thing has cost me 6 hours of my life;-)
might be called before that registration takes place and hence the
INI update is dismissed. In that case, we defer the lookup to the
first request init.