[PHP-CVS] cvs: php-src(PHP_4_3) / NEWS /ext/session session.c
rasmus Sat May 21 15:46:35 2005 EDT Modified files: (Branch: PHP_4_3) /php-srcNEWS /php-src/ext/sessionsession.c Log: Fixed bug #33072 - Add a safemode/open_basedir check for runtime save_path change http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.908r2=1.1247.2.909ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.908 php-src/NEWS:1.1247.2.909 --- php-src/NEWS:1.1247.2.908 Fri May 20 07:15:33 2005 +++ php-src/NEWSSat May 21 15:46:32 2005 @@ -7,6 +7,8 @@ them sort based on the current locale. (Derick) - Changed sha1_file() and md5_file() functions to use streams instead of low level IO. (Uwe) +- Fixed bug #33072 (Add a safemode/open_basedir check for runtime save_path + change) (Rasmus) - Fixed bug #33057 (Don't send extraneous entity-headers on a 304 as per RFC 2616 section 10.3.5) (Rasmus, Choitel) - Fixed bug #33019 (socket errors cause memory leaks in php_strerror()). http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.336.2.51r2=1.336.2.52ty=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.51 php-src/ext/session/session.c:1.336.2.52 --- php-src/ext/session/session.c:1.336.2.51Fri May 20 06:28:35 2005 +++ php-src/ext/session/session.c Sat May 21 15:46:34 2005 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.51 2005/05/20 10:28:35 tony2001 Exp $ */ +/* $Id: session.c,v 1.336.2.52 2005/05/21 19:46:34 rasmus Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -117,6 +117,19 @@ return SUCCESS; } +static PHP_INI_MH(OnUpdateSaveDir) { + /* Only do the safemode/open_basedir check at runtime */ + if(stage == PHP_INI_STAGE_RUNTIME) { + if (PG(safe_mode) (!php_checkuid(new_value, NULL, CHECKUID_ALLOW_ONLY_DIR))) { + return FAILURE; + } + + if (php_check_open_basedir(new_value TSRMLS_CC)) { + return FAILURE; + } + } + OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); +} /* {{{ PHP_INI */ @@ -124,9 +137,9 @@ STD_PHP_INI_BOOLEAN(session.bug_compat_42,1, PHP_INI_ALL, OnUpdateBool, bug_compat, php_ps_globals,ps_globals) STD_PHP_INI_BOOLEAN(session.bug_compat_warn, 1, PHP_INI_ALL, OnUpdateBool, bug_compat_warn,php_ps_globals,ps_globals) #ifdef PHP_WIN32 - STD_PHP_INI_ENTRY(session.save_path, , PHP_INI_ALL, OnUpdateString, save_path, php_ps_globals,ps_globals) + STD_PHP_INI_ENTRY(session.save_path, , PHP_INI_ALL, OnUpdateSaveDir,save_path, php_ps_globals,ps_globals) #else - STD_PHP_INI_ENTRY(session.save_path, /tmp, PHP_INI_ALL, OnUpdateString, save_path, php_ps_globals,ps_globals) + STD_PHP_INI_ENTRY(session.save_path, /tmp, PHP_INI_ALL, OnUpdateSaveDir,save_path, php_ps_globals,ps_globals) #endif STD_PHP_INI_ENTRY(session.name, PHPSESSID, PHP_INI_ALL, OnUpdateString, session_name, php_ps_globals,ps_globals) PHP_INI_ENTRY(session.save_handler, files, PHP_INI_ALL, OnUpdateSaveHandler) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) / NEWS /ext/session session.c
tony2001Fri May 20 06:28:35 2005 EDT Modified files: (Branch: PHP_4_3) /php-srcNEWS /php-src/ext/sessionsession.c Log: MFH: fix bug #32944 (Disabling session.use_cookies doesn't prevent reading session cookies) http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.906r2=1.1247.2.907ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.906 php-src/NEWS:1.1247.2.907 --- php-src/NEWS:1.1247.2.906 Fri May 20 02:36:56 2005 +++ php-src/NEWSFri May 20 06:28:34 2005 @@ -12,6 +12,8 @@ - Fixed bug #33019 (socket errors cause memory leaks in php_strerror()). (jwozniak23 at poczta dot onet dot pl, Tony). - Fixed bug #32974 (pcntl calls malloc() from a signal handler). (Wez) +- Fixed bug #32944 (Disabling session.use_cookies doesn't prevent reading + session cookies). (Jani, Tony) - Fixed bug #32936 (http redirects URLs are not checked for control chars). (Ilia) - Fixed bug #32932 (Oracle LDAP: ldap_get_entries invalid pointer). (Jani) - Fixed bug #32904 (pg_get_notify() ignores result_type parameter). (Tony) http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.336.2.50r2=1.336.2.51ty=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.50 php-src/ext/session/session.c:1.336.2.51 --- php-src/ext/session/session.c:1.336.2.50Sun Feb 13 12:51:32 2005 +++ php-src/ext/session/session.c Fri May 20 06:28:35 2005 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.50 2005/02/13 17:51:32 sniper Exp $ */ +/* $Id: session.c,v 1.336.2.51 2005/05/20 10:28:35 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1015,7 +1015,7 @@ */ if (!PS(id)) { - if (zend_hash_find(EG(symbol_table), _COOKIE, + if (PS(use_cookies) zend_hash_find(EG(symbol_table), _COOKIE, sizeof(_COOKIE), (void **) data) == SUCCESS Z_TYPE_PP(data) == IS_ARRAY zend_hash_find(Z_ARRVAL_PP(data), PS(session_name), -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) / NEWS /ext/session session.c
tony2001Tue Dec 7 03:21:39 2004 EDT Modified files: (Branch: PHP_4_3) /php-srcNEWS /php-src/ext/sessionsession.c Log: fix bug #30232 (session_start() sends Set-Cookie header only if the cookie is not set yet) # looks like somebody fixed it in HEAD and forgot to MFH it.. http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.763r2=1.1247.2.764ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.763 php-src/NEWS:1.1247.2.764 --- php-src/NEWS:1.1247.2.763 Mon Dec 6 19:34:32 2004 +++ php-src/NEWSTue Dec 7 03:21:37 2004 @@ -33,6 +33,8 @@ - Fixed bug #30281 (Prevent non-wbmp images from being detected as such). (Ilia) - Fixed bug #30276 (Possible crash in ctype_digit on large numbers). (Ilia) +- Fixed bug #30232 (session_start() sends Set-Cookie header only if the + cookie isn't set). Tony - Fixed bug #30229 (imagerectangle and imagefilledrectangle do work well with alpha channel, corners are drawn twice) (Pierre) - Fixed bug #30224 (Sybase date strings are sometimes not null terminated). http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.336.2.43r2=1.336.2.44ty=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.43 php-src/ext/session/session.c:1.336.2.44 --- php-src/ext/session/session.c:1.336.2.43Thu Sep 30 10:18:25 2004 +++ php-src/ext/session/session.c Tue Dec 7 03:21:38 2004 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.43 2004/09/30 14:18:25 tony2001 Exp $ */ +/* $Id: session.c,v 1.336.2.44 2004/12/07 08:21:38 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -946,9 +946,8 @@ { int module_number = PS(module_number); - if (PS(use_cookies) PS(send_cookie)) { + if (PS(use_cookies)) { php_session_send_cookie(TSRMLS_C); - PS(send_cookie) = 0; } /* if the SID constant exists, destroy it. */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_4_3) / NEWS /ext/session session.c
Please revert. It is intentional that a cookie is only sent when the client has not yet transferred the same session id to us using a cookie. - Sascha On Tue, 7 Dec 2004, Antony Dovgal wrote: tony2001Tue Dec 7 03:21:39 2004 EDT Modified files: (Branch: PHP_4_3) /php-src NEWS /php-src/ext/session session.c Log: fix bug #30232 (session_start() sends Set-Cookie header only if the cookie is not set yet) # looks like somebody fixed it in HEAD and forgot to MFH it.. http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.763r2=1.1247.2.764ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.763 php-src/NEWS:1.1247.2.764 --- php-src/NEWS:1.1247.2.763 Mon Dec 6 19:34:32 2004 +++ php-src/NEWSTue Dec 7 03:21:37 2004 @@ -33,6 +33,8 @@ - Fixed bug #30281 (Prevent non-wbmp images from being detected as such). (Ilia) - Fixed bug #30276 (Possible crash in ctype_digit on large numbers). (Ilia) +- Fixed bug #30232 (session_start() sends Set-Cookie header only if the + cookie isn't set). Tony - Fixed bug #30229 (imagerectangle and imagefilledrectangle do work well with alpha channel, corners are drawn twice) (Pierre) - Fixed bug #30224 (Sybase date strings are sometimes not null terminated). http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.336.2.43r2=1.336.2.44ty=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.43 php-src/ext/session/session.c:1.336.2.44 --- php-src/ext/session/session.c:1.336.2.43Thu Sep 30 10:18:25 2004 +++ php-src/ext/session/session.c Tue Dec 7 03:21:38 2004 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.43 2004/09/30 14:18:25 tony2001 Exp $ */ +/* $Id: session.c,v 1.336.2.44 2004/12/07 08:21:38 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -946,9 +946,8 @@ { int module_number = PS(module_number); - if (PS(use_cookies) PS(send_cookie)) { + if (PS(use_cookies)) { php_session_send_cookie(TSRMLS_C); - PS(send_cookie) = 0; } /* if the SID constant exists, destroy it. */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_4_3) / NEWS /ext/session session.c
On Tue, 7 Dec 2004 13:22:15 +0100 (CET) Sascha Schumann [EMAIL PROTECTED] wrote: Please revert. It is intentional that a cookie is only sent when the client has not yet transferred the same session id to us using a cookie. 5.0 5.1 behave wrong then, as they send cookie on every request and 4.3 sends it only when there was no cookie in browser's request. Probably, 5.0 5.1 branches should be fixed then or .. ? -- Wbr, Antony Dovgal aka tony2001 [EMAIL PROTECTED] || [EMAIL PROTECTED] -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_4_3) / NEWS /ext/session session.c
On Tue, 7 Dec 2004, Antony Dovgal wrote: On Tue, 7 Dec 2004 13:22:15 +0100 (CET) Sascha Schumann [EMAIL PROTECTED] wrote: Please revert. It is intentional that a cookie is only sent when the client has not yet transferred the same session id to us using a cookie. 5.0 5.1 behave wrong then, as they send cookie on every request [..] Yes, that is not the intended behaviour. Probably, 5.0 5.1 branches should be fixed then or .. ? Indeed. I don't have time to watch every commit to the code, so this probably just slipped through. I'd appreciate it, if you could take care of 5.0 and 5.1 as well. - Sascha -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_4_3) / NEWS /ext/session session.c
On Tue, 7 Dec 2004 13:56:36 +0100 (CET) Sascha Schumann [EMAIL PROTECTED] wrote: On Tue, 7 Dec 2004, Antony Dovgal wrote: On Tue, 7 Dec 2004 13:22:15 +0100 (CET) Sascha Schumann [EMAIL PROTECTED] wrote: Please revert. It is intentional that a cookie is only sent when the client has not yet transferred the same session id to us using a cookie. 5.0 5.1 behave wrong then, as they send cookie on every request [..] Yes, that is not the intended behaviour. Probably, 5.0 5.1 branches should be fixed then or .. ? Indeed. I don't have time to watch every commit to the code, so this probably just slipped through. I'd appreciate it, if you could take care of 5.0 and 5.1 as well. No problem, I'll do it. I just wanted to know why the intended behaviour looks so strange: setting session.cookie_lifetime to non-zero value leads to session invalidation in that time, even if the session is active and the user is still working with it. Do we *really* want it? And why? -- Wbr, Antony Dovgal aka tony2001 [EMAIL PROTECTED] || [EMAIL PROTECTED] -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_4_3) / NEWS /ext/session session.c
setting session.cookie_lifetime to non-zero value leads to session invalidation in that time, even if the session is active and the user is still working with it. Your change affected the code path of standard session cookies which don't have an explicit expiry date. There is no point in sending session cookies (=expiring when browser is closed) on every request. The proper way to handle explicit session expiry dates is the following: Encode the timestamp of the expiry date as part of the cookie. Check for a certain criteria upon each request. If that criteria is met, update the cookie on the client side. Common criterias: - one hour/day/week to expiration - half the lifetime of the cookie has passed Using no criteria at all is not a suitable way to deal with users from my POV. - Sascha -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_4_3) / NEWS /ext/session session.c
On Tue, 7 Dec 2004 14:20:58 +0100 (CET) Sascha Schumann [EMAIL PROTECTED] wrote: setting session.cookie_lifetime to non-zero value leads to session invalidation in that time, even if the session is active and the user is still working with it. Your change affected the code path of standard session cookies which don't have an explicit expiry date. There is no point in sending session cookies (=expiring when browser is closed) on every request. The proper way to handle explicit session expiry dates is the following: Encode the timestamp of the expiry date as part of the cookie. Check for a certain criteria upon each request. If that criteria is met, update the cookie on the client side. Common criterias: - one hour/day/week to expiration - half the lifetime of the cookie has passed Using no criteria at all is not a suitable way to deal with users from my POV. ok then. I'll revert it now and will send you more suitable patch in the evening. -- Wbr, Antony Dovgal aka tony2001 [EMAIL PROTECTED] || [EMAIL PROTECTED] -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) / NEWS /ext/session session.c
tony2001Tue Dec 7 09:01:57 2004 EDT Modified files: (Branch: PHP_4_3) /php-srcNEWS /php-src/ext/sessionsession.c Log: revert it http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.765r2=1.1247.2.766ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.765 php-src/NEWS:1.1247.2.766 --- php-src/NEWS:1.1247.2.765 Tue Dec 7 03:42:50 2004 +++ php-src/NEWSTue Dec 7 09:01:55 2004 @@ -33,8 +33,6 @@ - Fixed bug #30281 (Prevent non-wbmp images from being detected as such). (Ilia) - Fixed bug #30276 (Possible crash in ctype_digit on large numbers). (Ilia) -- Fixed bug #30232 (session_start() sends Set-Cookie header only if the - cookie isn't set). (Tony) - Fixed bug #30229 (imagerectangle and imagefilledrectangle do work well with alpha channel, corners are drawn twice). (Pierre) - Fixed bug #30224 (Sybase date strings are sometimes not null terminated). http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.336.2.44r2=1.336.2.45ty=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.44 php-src/ext/session/session.c:1.336.2.45 --- php-src/ext/session/session.c:1.336.2.44Tue Dec 7 03:21:38 2004 +++ php-src/ext/session/session.c Tue Dec 7 09:01:56 2004 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.44 2004/12/07 08:21:38 tony2001 Exp $ */ +/* $Id: session.c,v 1.336.2.45 2004/12/07 14:01:56 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -946,8 +946,9 @@ { int module_number = PS(module_number); - if (PS(use_cookies)) { + if (PS(use_cookies) PS(send_cookie)) { php_session_send_cookie(TSRMLS_C); + PS(send_cookie) = 0; } /* if the SID constant exists, destroy it. */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) / NEWS /ext/session session.c
pollita Sat May 8 02:01:12 2004 EDT Modified files: (Branch: PHP_4_3) /php-src/ext/sessionsession.c /php-srcNEWS Log: MFH: if statement logic would never eval to false. http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.336.2.38r2=1.336.2.39ty=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.38 php-src/ext/session/session.c:1.336.2.39 --- php-src/ext/session/session.c:1.336.2.38Tue Apr 13 14:23:10 2004 +++ php-src/ext/session/session.c Sat May 8 02:01:11 2004 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.38 2004/04/13 18:23:10 iliaa Exp $ */ +/* $Id: session.c,v 1.336.2.39 2004/05/08 06:01:11 pollita Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1350,7 +1350,7 @@ } else { convert_to_string_ex(entry); - if ((strcmp(Z_STRVAL_PP(entry), HTTP_SESSION_VARS) != 0) || + if ((strcmp(Z_STRVAL_PP(entry), HTTP_SESSION_VARS) != 0) (strcmp(Z_STRVAL_PP(entry), _SESSION) != 0)) { PS_ADD_VARL(Z_STRVAL_PP(entry), Z_STRLEN_PP(entry)); } http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.653r2=1.1247.2.654ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.653 php-src/NEWS:1.1247.2.654 --- php-src/NEWS:1.1247.2.653 Fri Apr 30 13:54:45 2004 +++ php-src/NEWSSat May 8 02:01:11 2004 @@ -5,6 +5,8 @@ then 1 character long. (Ilia) - Fixed handling of return values from storred procedures in mssql_execute() with multiple result sets returned. (Frank) +- Fixed logic bug in session_register() which allowed registering _SESSION + and/or HTTP_SESSION_VARS. (Sara) - Fixed bug #28229 (run-tests tripped up by spaces in names). (Marcus) - Fixed bug #28228 (number_format() does not allow empty decimal separator). (Ilia) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) / NEWS /ext/session session.c
iliaa Tue Apr 13 14:23:10 2004 EDT Modified files: (Branch: PHP_4_3) /php-src/ext/sessionsession.c /php-srcNEWS Log: MFH: Fixed bug #27963 (Session lifetime setting may leak between requests). http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.336.2.37r2=1.336.2.38ty=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.37 php-src/ext/session/session.c:1.336.2.38 --- php-src/ext/session/session.c:1.336.2.37Mon Mar 29 16:28:47 2004 +++ php-src/ext/session/session.c Tue Apr 13 14:23:10 2004 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.37 2004/03/29 21:28:47 wez Exp $ */ +/* $Id: session.c,v 1.336.2.38 2004/04/13 18:23:10 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1110,8 +1110,8 @@ zend_get_parameters_ex(ZEND_NUM_ARGS(), lifetime, path, domain, secure) == FAILURE) WRONG_PARAM_COUNT; - convert_to_long_ex(lifetime); - PS(cookie_lifetime) = Z_LVAL_PP(lifetime); + convert_to_string_ex(lifetime); + zend_alter_ini_entry(session.cookie_lifetime, sizeof(session.cookie_lifetime), Z_STRVAL_PP(lifetime), Z_STRLEN_PP(lifetime), PHP_INI_USER, PHP_INI_STAGE_RUNTIME); if (ZEND_NUM_ARGS() 1) { convert_to_string_ex(path); @@ -1174,32 +1174,28 @@ { zval **p_name; int ac = ZEND_NUM_ARGS(); - char *old; if (ac 0 || ac 1 || zend_get_parameters_ex(ac, p_name) == FAILURE) WRONG_PARAM_COUNT; - - old = safe_estrdup(PS(mod)-s_name); if (ac == 1) { - ps_module *tempmod; - convert_to_string_ex(p_name); - tempmod = _php_find_ps_module(Z_STRVAL_PP(p_name) TSRMLS_CC); - if (tempmod) { - if (PS(mod_data)) - PS(mod)-s_close(PS(mod_data) TSRMLS_CC); - PS(mod) = tempmod; - PS(mod_data) = NULL; - } else { - efree(old); + if (!_php_find_ps_module(Z_STRVAL_PP(p_name) TSRMLS_CC)) { php_error_docref(NULL TSRMLS_CC, E_ERROR, Cannot find named PHP session module (%s), Z_STRVAL_PP(p_name)); RETURN_FALSE; } - } + if (PS(mod_data)) { + PS(mod)-s_close(PS(mod_data) TSRMLS_CC); + } + PS(mod_data) = NULL; - RETVAL_STRING(old, 0); + RETVAL_STRING(safe_estrdup(PS(mod)-s_name), 0); + + zend_alter_ini_entry(session.save_handler, sizeof(session.save_handler), Z_STRVAL_PP(p_name), Z_STRLEN_PP(p_name), PHP_INI_USER, PHP_INI_STAGE_RUNTIME); + } else { + RETURN_STRING(safe_estrdup(PS(mod)-s_name), 0); + } } /* }}} */ http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.636r2=1.1247.2.637ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.636 php-src/NEWS:1.1247.2.637 --- php-src/NEWS:1.1247.2.636 Thu Apr 8 17:23:31 2004 +++ php-src/NEWSTue Apr 13 14:23:10 2004 @@ -6,6 +6,7 @@ - Fixed a bug that prevented building of the GD extension against external GD lib 1.X. (Ilia, Edin, Nick Talbott). - Synchronized bundled GD library with GD 2.0.22. (Ilia) +- Fixed bug #27963 (Session lifetime setting may leak between requests). (Ilia) - Fixed bug #27849 (configure craps out on trivial syntax error). (Derick) - Fixed bug #27822 (is_resource() returns TRUE for closed resources). (Derick) - Fixed bug #27819 (problems returning reference to a reference parameter). -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) / NEWS /ext/session session.c /ext/standard datetime.c head.c /ext/standard/tests/time bug27719.phpt
rasmus Sun Mar 28 09:57:32 2004 EDT Modified files: (Branch: PHP_4_3) /php-srcNEWS /php-src/ext/sessionsession.c /php-src/ext/standard datetime.c head.c /php-src/ext/standard/tests/timebug27719.phpt Log: - Merge whitespace and trivial changes from HEAD back to the branch so the diff between HEAD and PHP_4_3 only shows feature changes - Fix test case for bug #27719 (TZ=EST means no DST so the test was wrong) http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.611r2=1.1247.2.612ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.611 php-src/NEWS:1.1247.2.612 --- php-src/NEWS:1.1247.2.611 Fri Mar 26 20:48:04 2004 +++ php-src/NEWSSun Mar 28 09:57:31 2004 @@ -1,6 +1,7 @@ PHP 4 NEWS ||| ?? ??? 2004, Version 4.3.6 +- Fixed bug #27719 (mktime issues on and around DST changeover). (Rasmus) - Fixed bug #27717 (Test Failures when compiled on 64-bit mode). (Ard, Derick) - Fixed bug #27687 (Bug Adding Default Charset to 'text/*' Content-Type Header). (Marcus) http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.336.2.35r2=1.336.2.36ty=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.35 php-src/ext/session/session.c:1.336.2.36 --- php-src/ext/session/session.c:1.336.2.35Tue Mar 16 13:21:02 2004 +++ php-src/ext/session/session.c Sun Mar 28 09:57:31 2004 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.35 2004/03/16 18:21:02 stas Exp $ */ +/* $Id: session.c,v 1.336.2.36 2004/03/28 14:57:31 rasmus Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -863,7 +863,7 @@ t = tv.tv_sec + PS(cookie_lifetime); if (t 0) { - date_fmt = php_std_date(t); + date_fmt = php_std_date(t TSRMLS_CC); smart_str_appends(ncookie, COOKIE_EXPIRES); smart_str_appends(ncookie, date_fmt); efree(date_fmt); http://cvs.php.net/diff.php/php-src/ext/standard/datetime.c?r1=1.96.2.13r2=1.96.2.14ty=u Index: php-src/ext/standard/datetime.c diff -u php-src/ext/standard/datetime.c:1.96.2.13 php-src/ext/standard/datetime.c:1.96.2.14 --- php-src/ext/standard/datetime.c:1.96.2.13 Fri Mar 26 14:29:31 2004 +++ php-src/ext/standard/datetime.c Sun Mar 28 09:57:32 2004 @@ -2,7 +2,7 @@ +--+ | PHP Version 4| +--+ - | Copyright (c) 1997-2003 The PHP Group| + | Copyright (c) 1997-2004 The PHP Group| +--+ | This source file is subject to version 2.02 of the PHP license, | | that is bundled with this package in the file LICENSE, and is| @@ -18,9 +18,7 @@ +--+ */ - -/* $Id: datetime.c,v 1.96.2.13 2004/03/26 19:29:31 rasmus Exp $ */ - +/* $Id: datetime.c,v 1.96.2.14 2004/03/28 14:57:32 rasmus Exp $ */ #include php.h #include zend_operators.h @@ -35,22 +33,21 @@ #include php_parsedate.h -char *mon_full_names[] = -{ +char *mon_full_names[] = { January, February, March, April, May, June, July, August, September, October, November, December }; -char *mon_short_names[] = -{ + +char *mon_short_names[] = { Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec }; -char *day_full_names[] = -{ + +char *day_full_names[] = { Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturday }; -char *day_short_names[] = -{ + +char *day_short_names[] = { Sun, Mon, Tue, Wed, Thu, Fri, Sat }; @@ -62,13 +59,12 @@ extern int daylight; #endif -static int phpday_tab[2][12] = -{ +static int phpday_tab[2][12] = { {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}, {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31} }; -#define isleap(year) (((year%4) == 0 (year%100)!=0) || (year%400)==0) +#define isleap(year) (((year % 4) == 0 (year % 100) != 0) || (year % 400)==0) #define YEAR_BASE 1900 /* {{{ proto int time(void) @@ -87,7 +83,8 @@ struct tm *ta, tmbuf; time_t t, seconds; int i, gmadjust, arg_count = ZEND_NUM_ARGS(); - int is_dst = -1, val, chgsecs = 0; + int is_dst = -1, chgsecs = 0; + long val; if (arg_count 7 || zend_get_parameters_array_ex(arg_count, arguments) == FAILURE) { WRONG_PARAM_COUNT; @@ -192,11 +189,11 @@ /* fall-through
[PHP-CVS] cvs: php-src(PHP_4_3) / NEWS /ext/session session.c
sniper Tue Feb 24 03:49:42 2004 EDT Modified files: (Branch: PHP_4_3) /php-srcNEWS /php-src/ext/sessionsession.c Log: MFH: - Fixed bug #26005 (Random cannot change the session ini settings errors). http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.575r2=1.1247.2.576ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.575 php-src/NEWS:1.1247.2.576 --- php-src/NEWS:1.1247.2.575 Mon Feb 23 14:50:46 2004 +++ php-src/NEWSTue Feb 24 03:49:38 2004 @@ -11,6 +11,8 @@ reference). (Ilia) - Fixed bug #26753 (zend_fetch_list_dtor_id() doesn't check NULL strings). (Jani, Markus dot Lidel at shadowconnect dot com) +- Fixed bug #26005 (Random cannot change the session ini settings errors). + (Jani, jsnajdr at kerio dot com) 16 Feb 2004, Version 4.3.5RC3 - Fixed zero bytes memory allocation when no extra ini files are found in the http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.336.2.33r2=1.336.2.34ty=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.33 php-src/ext/session/session.c:1.336.2.34 --- php-src/ext/session/session.c:1.336.2.33Wed Feb 18 21:13:39 2004 +++ php-src/ext/session/session.c Tue Feb 24 03:49:41 2004 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.33 2004/02/19 02:13:39 sniper Exp $ */ +/* $Id: session.c,v 1.336.2.34 2004/02/24 08:49:41 sniper Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1612,14 +1612,26 @@ } /* }}} */ +static void php_minit_session_globals(php_ps_globals *ps_globals) +{ + ps_globals-save_path = NULL; + ps_globals-session_name = NULL; + ps_globals-id = NULL; + ps_globals-mod = NULL; + ps_globals-mod_data = NULL; + ps_globals-session_status = php_session_none; + ps_globals-http_session_vars = NULL; +} PHP_MINIT_FUNCTION(session) { #ifdef ZTS php_ps_globals *ps_globals; - ts_allocate_id(ps_globals_id, sizeof(php_ps_globals), NULL, NULL); + ts_allocate_id(ps_globals_id, sizeof(php_ps_globals), (ts_allocate_ctor) php_minit_session_globals, NULL); ps_globals = ts_resource(ps_globals_id); +#else + php_minit_session_globals(ps_globals); #endif zend_register_auto_global(_SESSION, sizeof(_SESSION)-1 TSRMLS_CC); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) / NEWS /ext/session session.c
sniper Sun Dec 7 11:53:31 2003 EDT Modified files: (Branch: PHP_4_3) /php-srcNEWS /php-src/ext/sessionsession.c Log: MFH: Fix for bug #26548: Malformed HTTP dates in headers Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.492 php-src/NEWS:1.1247.2.493 --- php-src/NEWS:1.1247.2.492 Thu Dec 4 03:56:06 2003 +++ php-src/NEWSSun Dec 7 11:53:29 2003 @@ -5,8 +5,7 @@ (Jani) - Fixed header handler in NSAPI SAPI module (header-replace was ignored, send_default_content_type now sends value from php.ini). (Uwe Schindler) -- Fixed bug #25916 (get_browser() - PHP Fatal error: Nesting level - too deep - recursive dependency?). (Uwe Schindler) +- Fixed bug #26548 (ext/session: Malformed HTTP dates headers). (Derick) - Fixed bug #26488 (Missing declaration of CRTSCTS in ext/dio/dio.c). (Jani) - Fixed bug #26467 (flock() does not force the wouldblock parameter to be passed by reference). (Wez) @@ -56,6 +55,8 @@ under *BSD platforms). (Moriyoshi) - Fixed bug #26003 (Make fgetcsv() binary safe). (Ilia, Moriyoshi) - Fixed bug #25939 (feof() not working correctly for sockets). (Wez) +- Fixed bug #25916 (get_browser() - PHP Fatal error: Nesting level + too deep - recursive dependency?). (Uwe Schindler) - Fixed bug #25794 (Cannot open existing hash db3 file with write ext/dba). (Marcus) - Fixed Bug #25694 (round() and number_format() give inconsistent results). Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.29 php-src/ext/session/session.c:1.336.2.30 --- php-src/ext/session/session.c:1.336.2.29Wed Oct 8 06:25:39 2003 +++ php-src/ext/session/session.c Sun Dec 7 11:53:30 2003 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.29 2003/10/08 10:25:39 sniper Exp $ */ +/* $Id: session.c,v 1.336.2.30 2003/12/07 16:53:30 sniper Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -718,6 +718,7 @@ php_gmtime_r(when, tm); n = sprintf(buf, %s, %d %s %d %02d:%02d:%02d GMT, /* SAFE */ + n = sprintf(buf, %s, %02d %s %d %02d:%02d:%02d GMT, /* SAFE */ week_days[tm.tm_wday], tm.tm_mday, month_names[tm.tm_mon], tm.tm_year + 1900, tm.tm_hour, tm.tm_min, -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) / NEWS /ext/session session.c
sniper Wed Oct 8 06:25:40 2003 EDT Modified files: (Branch: PHP_4_3) /php-srcNEWS /php-src/ext/sessionsession.c Log: - Fixed bug #25780 (MFH: ext/session: invalid session.cookie_lifetime causes crash in win32). Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.429 php-src/NEWS:1.1247.2.430 --- php-src/NEWS:1.1247.2.429 Tue Oct 7 21:17:11 2003 +++ php-src/NEWSWed Oct 8 06:25:38 2003 @@ -3,6 +3,8 @@ ?? Oct 2003, Version 4.3.4RC2 - Fixed multibyte regex engine to properly handle .* pattern under POSIX compatible mode. (K.Kosako kosako at sofnec.co.jp, Moriyoshi) +- Fixed bug #25780 (ext/session: invalid session.cookie_lifetime makes + session_start() to crash in win32). (Jani) - Fixed bug #25770 (Segfault with PHP and bison 1.875). ([EMAIL PROTECTED], Marcus) - Fixed bug #25764 (ldap_get_option() crashes with unbound ldap link). (Jani) - Fixed bug #25758 (var_export does not escape ' \ inside array keys). (Ilia) Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.28 php-src/ext/session/session.c:1.336.2.29 --- php-src/ext/session/session.c:1.336.2.28Fri Aug 29 08:35:15 2003 +++ php-src/ext/session/session.c Wed Oct 8 06:25:39 2003 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.28 2003/08/29 12:35:15 sas Exp $ */ +/* $Id: session.c,v 1.336.2.29 2003/10/08 10:25:39 sniper Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -857,13 +857,17 @@ if (PS(cookie_lifetime) 0) { struct timeval tv; - + time_t t; + gettimeofday(tv, NULL); - date_fmt = php_std_date(tv.tv_sec + PS(cookie_lifetime)); + t = tv.tv_sec + PS(cookie_lifetime); - smart_str_appends(ncookie, COOKIE_EXPIRES); - smart_str_appends(ncookie, date_fmt); - efree(date_fmt); + if (t 0) { + date_fmt = php_std_date(t); + smart_str_appends(ncookie, COOKIE_EXPIRES); + smart_str_appends(ncookie, date_fmt); + efree(date_fmt); + } } if (PS(cookie_path)[0]) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) / NEWS /ext/session session.c
iliaa Wed Aug 13 21:32:02 2003 EDT Modified files: (Branch: PHP_4_3) /php-src/ext/sessionsession.c /php-srcNEWS Log: MFH: Fixed bug #25084 (Make refer check not dependant on register_globals) Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.21 php-src/ext/session/session.c:1.336.2.22 --- php-src/ext/session/session.c:1.336.2.21Mon Aug 11 15:21:22 2003 +++ php-src/ext/session/session.c Wed Aug 13 21:32:01 2003 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.21 2003/08/11 19:21:22 iliaa Exp $ */ +/* $Id: session.c,v 1.336.2.22 2003/08/14 01:32:01 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1014,8 +1014,8 @@ 'session-name=session-id' to allow URLs of the form http://yoursite/session-name=session-id/script.php */ - if (!PS(use_only_cookies) !PS(id) - zend_hash_find(EG(symbol_table), REQUEST_URI, + if (!PS(use_only_cookies) !PS(id) PG(http_globals)[TRACK_VARS_SERVER] + zend_hash_find(Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER]), REQUEST_URI, sizeof(REQUEST_URI), (void **) data) == SUCCESS Z_TYPE_PP(data) == IS_STRING (p = strstr(Z_STRVAL_PP(data), PS(session_name))) @@ -1032,7 +1032,8 @@ if (PS(id) PS(extern_referer_chk)[0] != '\0' - zend_hash_find(EG(symbol_table), HTTP_REFERER, + PG(http_globals)[TRACK_VARS_SERVER] + zend_hash_find(Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER]), HTTP_REFERER, sizeof(HTTP_REFERER), (void **) data) == SUCCESS Z_TYPE_PP(data) == IS_STRING Z_STRLEN_PP(data) != 0 Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.346 php-src/NEWS:1.1247.2.347 --- php-src/NEWS:1.1247.2.346 Wed Aug 13 14:16:00 2003 +++ php-src/NEWSWed Aug 13 21:32:02 2003 @@ -1,6 +1,7 @@ PHP 4 NEWS ||| ?? Aug 2003, Version 4.3.3RC4 +- Fixed bug #25084 (Make refer check not dependant on register_globals). (Ilia) - Fixed bug #25044 (header(Location:) changing HTTP status). (Marcus) - Fixed bug #25037 (Possible infinite loop inside SendText()). (Ilia) - Fixed bug #25007 (rand() mt_rand() seed RNG every call). (Jani) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) / NEWS /ext/session session.c
iliaa Mon Aug 11 15:21:22 2003 EDT Modified files: (Branch: PHP_4_3) /php-src/ext/sessionsession.c /php-srcNEWS Log: MFH: Fixed bug #22245 (References inside $_SESSION not being handled). Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.20 php-src/ext/session/session.c:1.336.2.21 --- php-src/ext/session/session.c:1.336.2.20Mon Jul 21 21:10:30 2003 +++ php-src/ext/session/session.c Mon Aug 11 15:21:22 2003 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.20 2003/07/22 01:10:30 sas Exp $ */ +/* $Id: session.c,v 1.336.2.21 2003/08/11 19:21:22 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -323,7 +323,7 @@ zend_set_hash_symbol(state_val, name, namelen, 1, 2, Z_ARRVAL_P(PS(http_session_vars)), EG(symbol_table)); } } else IF_SESSION_VARS() { - zend_set_hash_symbol(state_val, name, namelen, 0, 1, Z_ARRVAL_P(PS(http_session_vars))); + zend_set_hash_symbol(state_val, name, namelen, PZVAL_IS_REF(state_val), 1, Z_ARRVAL_P(PS(http_session_vars))); } } Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.340 php-src/NEWS:1.1247.2.341 --- php-src/NEWS:1.1247.2.340 Mon Aug 11 14:08:34 2003 +++ php-src/NEWSMon Aug 11 15:21:22 2003 @@ -18,6 +18,7 @@ (Marcus, Ilia) - Fixed bug #22947 (Ack() inside win32/sendmail.c may stall in certain situations). (Ilia) +- Fixed bug #22245 (References inside $_SESSION not being handled). (Ilia) - Fixed bug #21957 (serialize() mangles objects with __sleep). (Ilia) 07 Aug 2003, Version 4.3.3RC3 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) / NEWS /ext/session session.c /ext/session/tests bug24592.phpt
iliaa Mon Jul 21 17:49:52 2003 EDT Added files: (Branch: PHP_4_3) /php-src/ext/session/tests bug24592.phpt Modified files: /php-src/ext/sessionsession.c /php-srcNEWS Log: MFH: Fixed bug #24592 (Possible crash in session extnsion, with NULL values). Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.18 php-src/ext/session/session.c:1.336.2.19 --- php-src/ext/session/session.c:1.336.2.18Mon Jun 9 23:57:16 2003 +++ php-src/ext/session/session.c Mon Jul 21 17:49:52 2003 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.18 2003/06/10 03:57:16 sas Exp $ */ +/* $Id: session.c,v 1.336.2.19 2003/07/21 21:49:52 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -635,9 +635,12 @@ switch (n) { case HASH_KEY_IS_STRING: - zend_hash_find(EG(symbol_table), str, str_len, (void **) val); - if (val) { - ZEND_SET_SYMBOL_WITH_LENGTH(ht, str, str_len, *val, (*val)-refcount + 1 , 1); + if (zend_hash_find(EG(symbol_table), str, str_len, (void **) val) == SUCCESS val) { + if (!PZVAL_IS_REF(*val)) { + (*val)-is_ref = 1; + (*val)-refcount += 1; + zend_hash_update(ht, str, str_len, val, sizeof(zval *), NULL); + } ret = 1; } break; Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.291 php-src/NEWS:1.1247.2.292 --- php-src/NEWS:1.1247.2.291 Mon Jul 21 10:03:42 2003 +++ php-src/NEWSMon Jul 21 17:49:52 2003 @@ -11,6 +11,8 @@ - Fixed possible crash in imagerotate() when an invalid color index is used for background color. (Pierre-Alain Joye) - Fixed bug #24640 (var_export and var_dump can't output large float). (Marcus) +- Fixed bug #24592 (Possible crash in session extnsion, with NULL values). + (Ilia) - Fixed bug #24573 (debug_backtrace() crashes if $this set to null). (Jani) - Fixed bug #24560 (parse_url() incorrectly handling certain file:// based schemas). (Ilia) Index: php-src/ext/session/tests/bug24592.phpt +++ php-src/ext/session/tests/bug24592.phpt --TEST-- Bug #24592 (crash when multiple NULL values are being stored) --INI-- register_globals=0 html_errors=0 --FILE-- ?php @session_start(); $foo = $_SESSION['foo']; $bar = $_SESSION['bar']; var_dump($foo, $bar, $_SESSION); $_SESSION['foo'] = $foo; $_SESSION['bar'] = $bar; var_dump($_SESSION); ? --EXPECTF-- Notice: Undefined index: foo in %s on line %d Notice: Undefined index: bar in %s on line %d NULL NULL array(0) { } array(2) { [foo]= NULL [bar]= NULL } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php