iliaa Thu Jul 27 14:00:13 2006 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/session session.c /php-src NEWS Log: Fixed bug #38224 (session extension can't handle broken cookies). http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.4&r2=1.417.2.8.2.5&diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.4 php-src/ext/session/session.c:1.417.2.8.2.5 --- php-src/ext/session/session.c:1.417.2.8.2.4 Thu Jul 13 00:13:19 2006 +++ php-src/ext/session/session.c Thu Jul 27 14:00:13 2006 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: session.c,v 1.417.2.8.2.4 2006/07/13 00:13:19 iliaa Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.5 2006/07/27 14:00:13 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -745,6 +745,7 @@ { char *val; int vallen; + zend_bool new = 0; /* check session name for invalid characters */ if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\")) { @@ -764,8 +765,15 @@ } /* If there is no ID, use session module to create one */ - if (!PS(id)) + if (!PS(id)) { +new_session: PS(id) = PS(mod)->s_create_sid(&PS(mod_data), NULL TSRMLS_CC); +php_error_docref(NULL TSRMLS_CC, E_WARNING, "Making a new session %s.", PS(id)); + if (PS(use_cookies)) { + PS(send_cookie) = 1; + } + new = 1; + } /* Read data */ /* Question: if you create a SID here, should you also try to read data? @@ -777,6 +785,8 @@ if (PS(mod)->s_read(&PS(mod_data), PS(id), &val, &vallen TSRMLS_CC) == SUCCESS) { php_session_decode(val, vallen TSRMLS_CC); efree(val); + } else if (!new) { + goto new_session; } } http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.156&r2=1.2027.2.547.2.157&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.156 php-src/NEWS:1.2027.2.547.2.157 --- php-src/NEWS:1.2027.2.547.2.156 Thu Jul 27 12:59:48 2006 +++ php-src/NEWS Thu Jul 27 14:00:13 2006 @@ -17,6 +17,7 @@ - Fixed bug #38234 (Exception in __clone makes memory leak). (Dmitry, Nuno) - Fixed bug #38229 (strtotime() does not parse YYYY-MM format). (Ilia) +- Fixed bug #38224 (session extension can't handle broken cookies). (Ilia) - Fixed bug #38220 (Crash on some object operations). (Dmitry) - Fixed bug #38217 (ReflectionClass::newInstanceArgs() tries to allocate too much memory). (Tony)
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php