[PHP-CVS] cvs: php-src(PHP_4_4) /ext/session session.c
iliaa Sun Jun 17 14:26:32 2007 UTC Modified files: (Branch: PHP_4_4) /php-src/ext/sessionsession.c Log: : Fixed compiler warning http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.336.2.53.2.20r2=1.336.2.53.2.21diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.53.2.20 php-src/ext/session/session.c:1.336.2.53.2.21 --- php-src/ext/session/session.c:1.336.2.53.2.20 Sat Jun 16 07:48:23 2007 +++ php-src/ext/session/session.c Sun Jun 17 14:26:32 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.53.2.20 2007/06/16 07:48:23 sesser Exp $ */ +/* $Id: session.c,v 1.336.2.53.2.21 2007/06/17 14:26:32 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -45,6 +45,7 @@ #include ext/standard/php_rand.h /* for RAND_MAX */ #include ext/standard/info.h #include ext/standard/php_smart_str.h +#include ext/standard/url.h #include mod_files.h #include mod_user.h -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) /ext/session session.c
sesser Sat Jun 16 07:48:23 2007 UTC Modified files: (Branch: PHP_4_4) /php-src/ext/sessionsession.c Log: MFH http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.336.2.53.2.19r2=1.336.2.53.2.20diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.53.2.19 php-src/ext/session/session.c:1.336.2.53.2.20 --- php-src/ext/session/session.c:1.336.2.53.2.19 Fri Jun 15 22:45:25 2007 +++ php-src/ext/session/session.c Sat Jun 16 07:48:23 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.53.2.19 2007/06/15 22:45:25 stas Exp $ */ +/* $Id: session.c,v 1.336.2.53.2.20 2007/06/16 07:48:23 sesser Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -666,7 +666,7 @@ int vallen; /* check session name for invalid characters */ - if (PS(id) strpbrk(PS(id), \r\n\t '\\\()@,;:[]?={}%)) { + if (PS(id) strpbrk(PS(id), \r\n\t '\\\)) { efree(PS(id)); PS(id) = NULL; } @@ -918,6 +918,7 @@ { smart_str ncookie = {0}; char *date_fmt = NULL; + char *e_session_name, *e_id; if (SG(headers_sent)) { char *output_start_filename = php_get_output_start_filename(TSRMLS_C); @@ -931,11 +932,18 @@ } return; } + + /* URL encode session_name and id because they might be user supplied */ + e_session_name = php_url_encode(PS(session_name), strlen(PS(session_name)), NULL); + e_id = php_url_encode(PS(id), strlen(PS(id)), NULL); smart_str_appends(ncookie, COOKIE_SET_COOKIE); - smart_str_appends(ncookie, PS(session_name)); + smart_str_appends(ncookie, e_session_name); smart_str_appendc(ncookie, '='); - smart_str_appends(ncookie, PS(id)); + smart_str_appends(ncookie, e_id); + + efree(e_session_name); + efree(e_id); if (PS(cookie_lifetime) 0) { struct timeval tv; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) /ext/session session.c
stasFri Jun 15 22:45:25 2007 UTC Modified files: (Branch: PHP_4_4) /php-src/ext/sessionsession.c Log: MF5: Disallow characters that Cookie RFC does not allow in unquoted cookies http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.336.2.53.2.18r2=1.336.2.53.2.19diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.53.2.18 php-src/ext/session/session.c:1.336.2.53.2.19 --- php-src/ext/session/session.c:1.336.2.53.2.18 Wed May 16 01:34:14 2007 +++ php-src/ext/session/session.c Fri Jun 15 22:45:25 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.53.2.18 2007/05/16 01:34:14 stas Exp $ */ +/* $Id: session.c,v 1.336.2.53.2.19 2007/06/15 22:45:25 stas Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -666,7 +666,7 @@ int vallen; /* check session name for invalid characters */ - if (PS(id) strpbrk(PS(id), \r\n\t '\\\)) { + if (PS(id) strpbrk(PS(id), \r\n\t '\\\()@,;:[]?={}%)) { efree(PS(id)); PS(id) = NULL; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) /ext/session session.c
stasWed May 16 01:34:14 2007 UTC Modified files: (Branch: PHP_4_4) /php-src/ext/sessionsession.c Log: do not send cookie when session is passed in URL, same as it happens with GET/POST http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.336.2.53.2.17r2=1.336.2.53.2.18diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.53.2.17 php-src/ext/session/session.c:1.336.2.53.2.18 --- php-src/ext/session/session.c:1.336.2.53.2.17 Wed Apr 4 19:52:26 2007 +++ php-src/ext/session/session.c Wed May 16 01:34:14 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.53.2.17 2007/04/04 19:52:26 tony2001 Exp $ */ +/* $Id: session.c,v 1.336.2.53.2.18 2007/05/16 01:34:14 stas Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1120,8 +1120,10 @@ char *q; p += lensess + 1; - if ((q = strpbrk(p, /?\\))) + if ((q = strpbrk(p, /?\\))) { PS(id) = estrndup(p, q - p); + PS(send_cookie) = 0; + } } /* check whether the current request was referred to by -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) /ext/session session.c
iliaa Sun Mar 25 14:33:53 2007 UTC Modified files: (Branch: PHP_4_4) /php-src/ext/sessionsession.c Log: Fixed MOPB-32-2007 (Double free inside session_decode()) http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.336.2.53.2.15r2=1.336.2.53.2.16diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.53.2.15 php-src/ext/session/session.c:1.336.2.53.2.16 --- php-src/ext/session/session.c:1.336.2.53.2.15 Wed Mar 14 19:42:59 2007 +++ php-src/ext/session/session.c Sun Mar 25 14:33:53 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.53.2.15 2007/03/14 19:42:59 iliaa Exp $ */ +/* $Id: session.c,v 1.336.2.53.2.16 2007/03/25 14:33:53 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -535,7 +535,6 @@ if (zend_hash_find(EG(symbol_table), name, namelen + 1, (void **) tmp) == SUCCESS) { if ((Z_TYPE_PP(tmp) == IS_ARRAY Z_ARRVAL_PP(tmp) == EG(symbol_table)) || *tmp == PS(http_session_vars)) { - efree(name); goto skip; } } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) /ext/session session.c /ext/session/tests 002.phpt
tony2001Thu Feb 15 09:41:31 2007 UTC Modified files: (Branch: PHP_4_4) /php-src/ext/sessionsession.c /php-src/ext/session/tests 002.phpt Log: fix segfault in php_add_session_var() http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.336.2.53.2.13r2=1.336.2.53.2.14diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.53.2.13 php-src/ext/session/session.c:1.336.2.53.2.14 --- php-src/ext/session/session.c:1.336.2.53.2.13 Tue Jan 9 15:31:36 2007 +++ php-src/ext/session/session.c Thu Feb 15 09:41:30 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.53.2.13 2007/01/09 15:31:36 iliaa Exp $ */ +/* $Id: session.c,v 1.336.2.53.2.14 2007/02/15 09:41:30 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -271,8 +271,12 @@ { zval **sym_track = NULL; - zend_hash_find(Z_ARRVAL_P(PS(http_session_vars)), name, namelen + 1, - (void *) sym_track); + IF_SESSION_VARS() { + zend_hash_find(Z_ARRVAL_P(PS(http_session_vars)), name, namelen + 1, + (void *) sym_track); + } else { + return; + } /* * Set up a proper reference between $_SESSION[x] and $x. @@ -281,11 +285,10 @@ if (PG(register_globals)) { zval **sym_global = NULL; - zend_hash_find(EG(symbol_table), name, namelen + 1, - (void *) sym_global); - - if ((Z_TYPE_PP(sym_global) == IS_ARRAY Z_ARRVAL_PP(sym_global) == EG(symbol_table)) || *sym_global == PS(http_session_vars)) { - return; + if (zend_hash_find(EG(symbol_table), name, namelen + 1, (void *) sym_global) == SUCCESS) { + if ((Z_TYPE_PP(sym_global) == IS_ARRAY Z_ARRVAL_PP(sym_global) == EG(symbol_table)) || *sym_global == PS(http_session_vars)) { + return; + } } if (sym_global == NULL sym_track == NULL) { http://cvs.php.net/viewvc.cgi/php-src/ext/session/tests/002.phpt?r1=1.5r2=1.5.12.1diff_format=u Index: php-src/ext/session/tests/002.phpt diff -u php-src/ext/session/tests/002.phpt:1.5 php-src/ext/session/tests/002.phpt:1.5.12.1 --- php-src/ext/session/tests/002.phpt:1.5 Thu Oct 3 16:14:54 2002 +++ php-src/ext/session/tests/002.phpt Thu Feb 15 09:41:31 2007 @@ -7,6 +7,7 @@ error_reporting(E_ALL); session_unset(); print ok\n; +? --GET-- --POST-- --EXPECT-- -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) /ext/session session.c
iliaa Tue Jan 9 15:31:36 2007 UTC Modified files: (Branch: PHP_4_4) /php-src/ext/sessionsession.c Log: MFH: Prevent SESSION/GLOBALS overload via session decoding http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.336.2.53.2.12r2=1.336.2.53.2.13diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.53.2.12 php-src/ext/session/session.c:1.336.2.53.2.13 --- php-src/ext/session/session.c:1.336.2.53.2.12 Mon Jan 1 09:46:47 2007 +++ php-src/ext/session/session.c Tue Jan 9 15:31:36 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.53.2.12 2007/01/01 09:46:47 sebastian Exp $ */ +/* $Id: session.c,v 1.336.2.53.2.13 2007/01/09 15:31:36 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -284,6 +284,10 @@ zend_hash_find(EG(symbol_table), name, namelen + 1, (void *) sym_global); + if ((Z_TYPE_PP(sym_global) == IS_ARRAY Z_ARRVAL_PP(sym_global) == EG(symbol_table)) || *sym_global == PS(http_session_vars)) { + return; + } + if (sym_global == NULL sym_track == NULL) { zval *empty_var; @@ -313,7 +317,10 @@ if (PG(register_globals)) { zval **old_symbol; if (zend_hash_find(EG(symbol_table),name,namelen+1,(void *)old_symbol) == SUCCESS) { - + if ((Z_TYPE_PP(old_symbol) == IS_ARRAY Z_ARRVAL_PP(old_symbol) == EG(symbol_table)) || *old_symbol == PS(http_session_vars)) { + return; + } + /* * A global symbol with the same name exists already. That * symbol might have been created by other means (e.g. $_GET). -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) /ext/session session.c
iliaa Sun Dec 31 22:26:25 2006 UTC Modified files: (Branch: PHP_4_4) /php-src/ext/sessionsession.c Log: MFH: Added boundary checks to php_binary deserializer http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.336.2.53.2.10r2=1.336.2.53.2.11diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.53.2.10 php-src/ext/session/session.c:1.336.2.53.2.11 --- php-src/ext/session/session.c:1.336.2.53.2.10 Tue Dec 26 17:23:33 2006 +++ php-src/ext/session/session.c Sun Dec 31 22:26:25 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.53.2.10 2006/12/26 17:23:33 iliaa Exp $ */ +/* $Id: session.c,v 1.336.2.53.2.11 2006/12/31 22:26:25 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -424,6 +424,11 @@ for (p = val; p endptr; ) { zval **tmp; namelen = *p (~PS_BIN_UNDEF); + + if (namelen PS_BIN_MAX || (p + namelen) = endptr) { + return FAILURE; + } + has_value = *p PS_BIN_UNDEF ? 0 : 1; name = estrndup(p + 1, namelen); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) /ext/session session.c
iliaa Tue Dec 26 17:23:33 2006 UTC Modified files: (Branch: PHP_4_4) /php-src/ext/sessionsession.c Log: MFH: Session deserializer protection. http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.336.2.53.2.9r2=1.336.2.53.2.10diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.53.2.9 php-src/ext/session/session.c:1.336.2.53.2.10 --- php-src/ext/session/session.c:1.336.2.53.2.9Wed Dec 20 19:31:40 2006 +++ php-src/ext/session/session.c Tue Dec 26 17:23:33 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.53.2.9 2006/12/20 19:31:40 tony2001 Exp $ */ +/* $Id: session.c,v 1.336.2.53.2.10 2006/12/26 17:23:33 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -418,33 +418,33 @@ int namelen; int has_value; php_unserialize_data_t var_hash; - int globals_on = PG(register_globals); PHP_VAR_UNSERIALIZE_INIT(var_hash); for (p = val; p endptr; ) { + zval **tmp; namelen = *p (~PS_BIN_UNDEF); has_value = *p PS_BIN_UNDEF ? 0 : 1; name = estrndup(p + 1, namelen); p += namelen + 1; - if (globals_on namelen == sizeof(_SESSION)-1 !memcmp(name, _SESSION, sizeof(_SESSION) - 1)) { - /* _SESSION hijack attempt */ - } else if (globals_on namelen == sizeof(GLOBALS)-1 !memcmp(name, GLOBALS, sizeof(GLOBALS) - 1)) { - /* _GLOBALS hijack attempt */ - } else if (globals_on namelen == sizeof(HTTP_SESSION_VARS)-1 !memcmp(name, HTTP_SESSION_VARS, sizeof(HTTP_SESSION_VARS)-1)) { - /* HTTP_SESSION_VARS hijack attempt */ - } else { - if (has_value) { - ALLOC_INIT_ZVAL(current); - if (php_var_unserialize(current, (const unsigned char **)p, endptr, var_hash TSRMLS_CC)) { - php_set_session_var(name, namelen, current, var_hash TSRMLS_CC); - } - zval_ptr_dtor(current); + + if (zend_hash_find(EG(symbol_table), name, namelen + 1, (void **) tmp) == SUCCESS) { + if ((Z_TYPE_PP(tmp) == IS_ARRAY Z_ARRVAL_PP(tmp) == EG(symbol_table)) || *tmp == PS(http_session_vars)) { + efree(name); + continue; + } + } + + if (has_value) { + ALLOC_INIT_ZVAL(current); + if (php_var_unserialize(current, (const unsigned char **)p, endptr, var_hash TSRMLS_CC)) { + php_set_session_var(name, namelen, current, var_hash TSRMLS_CC); } - PS_ADD_VARL(name, namelen); + zval_ptr_dtor(current); } + PS_ADD_VARL(name, namelen); efree(name); } @@ -496,13 +496,13 @@ int namelen; int has_value; php_unserialize_data_t var_hash; - int globals_on = PG(register_globals); PHP_VAR_UNSERIALIZE_INIT(var_hash); p = val; while (p endptr) { + zval **tmp; q = p; while (*q != PS_DELIMITER) if (++q = endptr) goto break_outer_loop; @@ -517,23 +517,23 @@ namelen = q - p; name = estrndup(p, namelen); q++; - - if (globals_on namelen == sizeof(_SESSION)-1 !memcmp(name, _SESSION, sizeof(_SESSION) - 1)) { - /* _SESSION hijack attempt */ - } else if (globals_on namelen == sizeof(GLOBALS)-1 !memcmp(name, GLOBALS, sizeof(GLOBALS) - 1)) { - /* _GLOBALS hijack attempt */ - } else if (globals_on namelen == sizeof(HTTP_SESSION_VARS)-1 !memcmp(name, HTTP_SESSION_VARS, sizeof(HTTP_SESSION_VARS)-1)) { - /* HTTP_SESSION_VARS hijack attempt */ - } else { - if (has_value) { - ALLOC_INIT_ZVAL(current); - if (php_var_unserialize(current, (const unsigned char **)q, endptr, var_hash TSRMLS_CC)) { - php_set_session_var(name, namelen, current, var_hash TSRMLS_CC); - } - zval_ptr_dtor(current); + + if (zend_hash_find(EG(symbol_table), name, namelen + 1, (void **) tmp) == SUCCESS) { + if ((Z_TYPE_PP(tmp) == IS_ARRAY Z_ARRVAL_PP(tmp) == EG(symbol_table)) || *tmp ==
[PHP-CVS] cvs: php-src(PHP_4_4) /ext/session session.c
tony2001Wed Dec 20 19:31:40 2006 UTC Modified files: (Branch: PHP_4_4) /php-src/ext/sessionsession.c Log: protect _SESSION, HTTP_SESSION_VARS and GLOBALS maintain an internal reference of _SESSION, so that it won't be possible to destroy it from userspace http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.336.2.53.2.8r2=1.336.2.53.2.9diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.53.2.8 php-src/ext/session/session.c:1.336.2.53.2.9 --- php-src/ext/session/session.c:1.336.2.53.2.8Fri Dec 1 00:28:43 2006 +++ php-src/ext/session/session.c Wed Dec 20 19:31:40 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.53.2.8 2006/12/01 00:28:43 iliaa Exp $ */ +/* $Id: session.c,v 1.336.2.53.2.9 2006/12/20 19:31:40 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -418,6 +418,7 @@ int namelen; int has_value; php_unserialize_data_t var_hash; + int globals_on = PG(register_globals); PHP_VAR_UNSERIALIZE_INIT(var_hash); @@ -428,15 +429,22 @@ name = estrndup(p + 1, namelen); p += namelen + 1; - - if (has_value) { - ALLOC_INIT_ZVAL(current); - if (php_var_unserialize(current, (const unsigned char **)p, endptr, var_hash TSRMLS_CC)) { - php_set_session_var(name, namelen, current, var_hash TSRMLS_CC); + if (globals_on namelen == sizeof(_SESSION)-1 !memcmp(name, _SESSION, sizeof(_SESSION) - 1)) { + /* _SESSION hijack attempt */ + } else if (globals_on namelen == sizeof(GLOBALS)-1 !memcmp(name, GLOBALS, sizeof(GLOBALS) - 1)) { + /* _GLOBALS hijack attempt */ + } else if (globals_on namelen == sizeof(HTTP_SESSION_VARS)-1 !memcmp(name, HTTP_SESSION_VARS, sizeof(HTTP_SESSION_VARS)-1)) { + /* HTTP_SESSION_VARS hijack attempt */ + } else { + if (has_value) { + ALLOC_INIT_ZVAL(current); + if (php_var_unserialize(current, (const unsigned char **)p, endptr, var_hash TSRMLS_CC)) { + php_set_session_var(name, namelen, current, var_hash TSRMLS_CC); + } + zval_ptr_dtor(current); } - zval_ptr_dtor(current); + PS_ADD_VARL(name, namelen); } - PS_ADD_VARL(name, namelen); efree(name); } @@ -488,6 +496,7 @@ int namelen; int has_value; php_unserialize_data_t var_hash; + int globals_on = PG(register_globals); PHP_VAR_UNSERIALIZE_INIT(var_hash); @@ -509,14 +518,22 @@ name = estrndup(p, namelen); q++; - if (has_value) { - ALLOC_INIT_ZVAL(current); - if (php_var_unserialize(current, (const unsigned char **)q, endptr, var_hash TSRMLS_CC)) { - php_set_session_var(name, namelen, current, var_hash TSRMLS_CC); + if (globals_on namelen == sizeof(_SESSION)-1 !memcmp(name, _SESSION, sizeof(_SESSION) - 1)) { + /* _SESSION hijack attempt */ + } else if (globals_on namelen == sizeof(GLOBALS)-1 !memcmp(name, GLOBALS, sizeof(GLOBALS) - 1)) { + /* _GLOBALS hijack attempt */ + } else if (globals_on namelen == sizeof(HTTP_SESSION_VARS)-1 !memcmp(name, HTTP_SESSION_VARS, sizeof(HTTP_SESSION_VARS)-1)) { + /* HTTP_SESSION_VARS hijack attempt */ + } else { + if (has_value) { + ALLOC_INIT_ZVAL(current); + if (php_var_unserialize(current, (const unsigned char **)q, endptr, var_hash TSRMLS_CC)) { + php_set_session_var(name, namelen, current, var_hash TSRMLS_CC); + } + zval_ptr_dtor(current); } - zval_ptr_dtor(current); + PS_ADD_VARL(name, namelen); } - PS_ADD_VARL(name, namelen); efree(name); p = q; @@ -536,12 +553,16 @@ zend_hash_del(EG(symbol_table), HTTP_SESSION_VARS, sizeof(HTTP_SESSION_VARS)); zend_hash_del(EG(symbol_table), _SESSION, sizeof(_SESSION)); + if (PS(http_session_vars)) { + zval_ptr_dtor(PS(http_session_vars)); + } +
[PHP-CVS] cvs: php-src(PHP_4_4) /ext/session session.c
iliaa Fri Dec 1 00:28:43 2006 UTC Modified files: (Branch: PHP_4_4) /php-src/ext/sessionsession.c Log: MFH: Disallow \0 chars inside session.save_path http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.336.2.53.2.7r2=1.336.2.53.2.8diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.53.2.7 php-src/ext/session/session.c:1.336.2.53.2.8 --- php-src/ext/session/session.c:1.336.2.53.2.7Tue Aug 1 08:33:13 2006 +++ php-src/ext/session/session.c Fri Dec 1 00:28:43 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.53.2.7 2006/08/01 08:33:13 tony2001 Exp $ */ +/* $Id: session.c,v 1.336.2.53.2.8 2006/12/01 00:28:43 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -120,6 +120,10 @@ static PHP_INI_MH(OnUpdateSaveDir) { /* Only do the safemode/open_basedir check at runtime */ if(stage == PHP_INI_STAGE_RUNTIME) { + if (memchr(new_value, '\0', new_value_length) != NULL) { + return FAILURE; + } + if (PG(safe_mode) (!php_checkuid(new_value, NULL, CHECKUID_ALLOW_ONLY_DIR))) { return FAILURE; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) /ext/session session.c
tony2001Tue Aug 1 08:33:14 2006 UTC Modified files: (Branch: PHP_4_4) /php-src/ext/sessionsession.c Log: MFH: fix #38278 (session_cache_expire()'s value does not match phpinfo's session.cache_expire) http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.336.2.53.2.6r2=1.336.2.53.2.7diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.53.2.6 php-src/ext/session/session.c:1.336.2.53.2.7 --- php-src/ext/session/session.c:1.336.2.53.2.6Thu May 18 22:16:27 2006 +++ php-src/ext/session/session.c Tue Aug 1 08:33:13 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.53.2.6 2006/05/18 22:16:27 helly Exp $ */ +/* $Id: session.c,v 1.336.2.53.2.7 2006/08/01 08:33:13 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1405,8 +1405,8 @@ WRONG_PARAM_COUNT; if (ac == 1) { - convert_to_long_ex(p_cache_expire); - PS(cache_expire) = Z_LVAL_PP(p_cache_expire); + convert_to_string_ex(p_cache_expire); + zend_alter_ini_entry(session.cache_expire, sizeof(session.cache_expire), Z_STRVAL_PP(p_cache_expire), Z_STRLEN_PP(p_cache_expire), ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME); } RETVAL_LONG(old); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) /ext/session session.c
sniper Fri Sep 23 04:16:02 2005 EDT Modified files: (Branch: PHP_4_4) /php-src/ext/sessionsession.c Log: MFH: Improved the fix for #21306 a bit http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.336.2.53.2.2r2=1.336.2.53.2.3ty=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.53.2.2 php-src/ext/session/session.c:1.336.2.53.2.3 --- php-src/ext/session/session.c:1.336.2.53.2.2Tue Sep 20 16:59:25 2005 +++ php-src/ext/session/session.c Fri Sep 23 04:16:01 2005 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.53.2.2 2005/09/20 20:59:25 sniper Exp $ */ +/* $Id: session.c,v 1.336.2.53.2.3 2005/09/23 08:16:01 sniper Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1628,7 +1628,9 @@ static void php_rshutdown_session_globals(TSRMLS_D) { if (PS(mod_data)) { - PS(mod)-s_close(PS(mod_data) TSRMLS_CC); + zend_try { + PS(mod)-s_close(PS(mod_data) TSRMLS_CC); + } zend_end_try(); } if (PS(id)) { efree(PS(id)); @@ -1665,10 +1667,12 @@ static void php_session_flush(TSRMLS_D) { - if(PS(session_status)==php_session_active) { - php_session_save_current_state(TSRMLS_C); + if (PS(session_status) == php_session_active) { + PS(session_status) = php_session_none; + zend_try { + php_session_save_current_state(TSRMLS_C); + } zend_end_try(); } - PS(session_status)=php_session_none; } /* {{{ proto void session_write_close(void) @@ -1680,10 +1684,8 @@ PHP_RSHUTDOWN_FUNCTION(session) { - zend_try { - php_session_flush(TSRMLS_C); - php_rshutdown_session_globals(TSRMLS_C); - } zend_end_try(); + php_session_flush(TSRMLS_C); + php_rshutdown_session_globals(TSRMLS_C); return SUCCESS; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) /ext/session session.c
stasTue Sep 20 10:01:42 2005 EDT Modified files: (Branch: PHP_4_4) /php-src/ext/sessionsession.c Log: fix crash on restarting static PHP having session modules loaded http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.336.2.53r2=1.336.2.53.2.1ty=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.53 php-src/ext/session/session.c:1.336.2.53.2.1 --- php-src/ext/session/session.c:1.336.2.53Sun May 22 08:59:29 2005 +++ php-src/ext/session/session.c Tue Sep 20 10:01:40 2005 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.53 2005/05/22 12:59:29 tony2001 Exp $ */ +/* $Id: session.c,v 1.336.2.53.2.1 2005/09/20 14:01:40 stas Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -178,6 +178,7 @@ }; #define MAX_MODULES 10 +#define PREDEFINED_MODULES 2 static ps_module *ps_modules[MAX_MODULES + 1] = { ps_files_ptr, @@ -1727,6 +1728,7 @@ #ifdef HAVE_LIBMM PHP_MSHUTDOWN(ps_mm) (SHUTDOWN_FUNC_ARGS_PASSTHRU); #endif + memset(ps_modules[PREDEFINED_MODULES], 0, (MAX_MODULES-PREDEFINED_MODULES)*sizeof(ps_module *)); return SUCCESS; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) /ext/session session.c
sniper Tue Sep 20 16:59:26 2005 EDT Modified files: (Branch: PHP_4_4) /php-src/ext/sessionsession.c Log: MFH: - Fixed bug #21306 (catch bailouts of write handler during RSHUTDOWN) http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.336.2.53.2.1r2=1.336.2.53.2.2ty=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.336.2.53.2.1 php-src/ext/session/session.c:1.336.2.53.2.2 --- php-src/ext/session/session.c:1.336.2.53.2.1Tue Sep 20 10:01:40 2005 +++ php-src/ext/session/session.c Tue Sep 20 16:59:25 2005 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.336.2.53.2.1 2005/09/20 14:01:40 stas Exp $ */ +/* $Id: session.c,v 1.336.2.53.2.2 2005/09/20 20:59:25 sniper Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1680,8 +1680,11 @@ PHP_RSHUTDOWN_FUNCTION(session) { - php_session_flush(TSRMLS_C); - php_rshutdown_session_globals(TSRMLS_C); + zend_try { + php_session_flush(TSRMLS_C); + php_rshutdown_session_globals(TSRMLS_C); + } zend_end_try(); + return SUCCESS; } /* }}} */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php