iliaa Thu Jul 27 15:36:43 2006 UTC
Modified files:
/php-src/ext/session mod_files.c php_session.h session.c
Log:
MFB: An improved fix for bug #38224
http://cvs.php.net/viewvc.cgi/php-src/ext/session/mod_files.c?r1=1.103&r2=1.104&diff_format=u
Index: php-src/ext/session/mod_files.c
diff -u php-src/ext/session/mod_files.c:1.103
php-src/ext/session/mod_files.c:1.104
--- php-src/ext/session/mod_files.c:1.103 Mon Apr 17 23:29:46 2006
+++ php-src/ext/session/mod_files.c Thu Jul 27 15:36:43 2006
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: mod_files.c,v 1.103 2006/04/17 23:29:46 iliaa Exp $ */
+/* $Id: mod_files.c,v 1.104 2006/07/27 15:36:43 iliaa Exp $ */
#include "php.h"
@@ -152,6 +152,7 @@
if (!ps_files_valid_key(key)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "The
session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and
'-,'");
+ PS(invalid_session_id) = 1;
return;
}
if (!ps_files_path_create(buf, sizeof(buf), data, key))
http://cvs.php.net/viewvc.cgi/php-src/ext/session/php_session.h?r1=1.106&r2=1.107&diff_format=u
Index: php-src/ext/session/php_session.h
diff -u php-src/ext/session/php_session.h:1.106
php-src/ext/session/php_session.h:1.107
--- php-src/ext/session/php_session.h:1.106 Mon Apr 10 15:06:51 2006
+++ php-src/ext/session/php_session.h Thu Jul 27 15:36:43 2006
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: php_session.h,v 1.106 2006/04/10 15:06:51 sniper Exp $ */
+/* $Id: php_session.h,v 1.107 2006/07/27 15:36:43 iliaa Exp $ */
#ifndef PHP_SESSION_H
#define PHP_SESSION_H
@@ -123,6 +123,7 @@
long hash_bits_per_character;
int send_cookie;
int define_sid;
+ zend_bool invalid_session_id; /* allows the driver to report about an
invalid session id and request id regeneration */
} php_ps_globals;
typedef php_ps_globals zend_ps_globals;
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.442&r2=1.443&diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.442 php-src/ext/session/session.c:1.443
--- php-src/ext/session/session.c:1.442 Thu Jul 27 14:13:53 2006
+++ php-src/ext/session/session.c Thu Jul 27 15:36:43 2006
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: session.c,v 1.442 2006/07/27 14:13:53 iliaa Exp $ */
+/* $Id: session.c,v 1.443 2006/07/27 15:36:43 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -653,7 +653,6 @@
{
char *val;
int vallen;
- zend_bool make_new = 0;
/* check session name for invalid characters */
if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\")) {
@@ -679,7 +678,6 @@
if (PS(use_cookies)) {
PS(send_cookie) = 1;
}
- make_new = 1;
}
/* Read data */
@@ -689,10 +687,13 @@
* session information
*/
php_session_track_init(TSRMLS_C);
+ PS(invalid_session_id) = 0;
if (PS(mod)->s_read(&PS(mod_data), PS(id), &val, &vallen TSRMLS_CC) ==
SUCCESS) {
php_session_decode(val, vallen TSRMLS_CC);
efree(val);
- } else if (!make_new) {
+ } else if (PS(invalid_session_id)) { /* address instances where the
session read fails due to an invalid id */
+ PS(invalid_session_id) = 0;
+ efree(PS(id));
goto new_session;
}
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
