[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
scottmacThu Dec 11 01:21:42 2008 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/sessionsession.c
Log:
MFH Fix bug #35975 - Session cookie expires date format isn't the most
compatible. Sync to that of setcookie().
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.44r2=1.417.2.8.2.45diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.44
php-src/ext/session/session.c:1.417.2.8.2.45
--- php-src/ext/session/session.c:1.417.2.8.2.44Wed Aug 6 21:28:38 2008
+++ php-src/ext/session/session.c Thu Dec 11 01:21:42 2008
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: session.c,v 1.417.2.8.2.44 2008/08/06 21:28:38 kalle Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.45 2008/12/11 01:21:42 scottmac Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -40,7 +40,7 @@
#include ext/standard/md5.h
#include ext/standard/sha1.h
#include ext/standard/php_var.h
-#include ext/standard/datetime.h
+#include ext/date/php_date.h
#include ext/standard/php_lcg.h
#include ext/standard/url_scanner_ex.h
#include ext/standard/php_rand.h /* for RAND_MAX */
@@ -1116,7 +1116,7 @@
t = tv.tv_sec + PS(cookie_lifetime);
if (t 0) {
- date_fmt = php_std_date(t TSRMLS_CC);
+ date_fmt = php_format_date(D, d-M-Y H:i:s T,
sizeof(D, d-M-Y H:i:s T)-1, t, 0 TSRMLS_CC);
smart_str_appends(ncookie, COOKIE_EXPIRES);
smart_str_appends(ncookie, date_fmt);
efree(date_fmt);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
Uh..this changes the behaviour quite dramatically.
See the failing tests now. You'd have to MFH quite a lot more to make it a
proper fix, so please, revert.
--Jani
Kalle Sommer Nielsen kirjoitti:
kalle Wed Aug 6 21:28:39 2008 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/session session.c
Log:
Backport fix for #45406 - Patch by oleg dot grenrus at dynamoid dot com
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.43r2=1.417.2.8.2.44diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.43
php-src/ext/session/session.c:1.417.2.8.2.44
--- php-src/ext/session/session.c:1.417.2.8.2.43Wed Jun 11 07:46:43 2008
+++ php-src/ext/session/session.c Wed Aug 6 21:28:38 2008
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: session.c,v 1.417.2.8.2.43 2008/06/11 07:46:43 dmitry Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.44 2008/08/06 21:28:38 kalle Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1925,6 +1925,21 @@
}
}
+ if (PS(serializer) == NULL) {
+ char *value;
+
+ value = zend_ini_string(session.serialize_handler,
sizeof(session.serialize_handler), 0);
+ if (value) {
+ PS(serializer) = _php_find_ps_serializer(value
TSRMLS_CC);
+ }
+ }
+
+ if (PS(mod) == NULL || PS(serializer) == NULL) {
+ /* current status is unusable */
+ PS(session_status) = php_session_disabled;
+ return SUCCESS;
+ }
+
if (PS(auto_start)) {
php_session_start(TSRMLS_C);
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
kalle Wed Aug 6 21:28:39 2008 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/sessionsession.c
Log:
Backport fix for #45406 - Patch by oleg dot grenrus at dynamoid dot com
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.43r2=1.417.2.8.2.44diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.43
php-src/ext/session/session.c:1.417.2.8.2.44
--- php-src/ext/session/session.c:1.417.2.8.2.43Wed Jun 11 07:46:43 2008
+++ php-src/ext/session/session.c Wed Aug 6 21:28:38 2008
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: session.c,v 1.417.2.8.2.43 2008/06/11 07:46:43 dmitry Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.44 2008/08/06 21:28:38 kalle Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1925,6 +1925,21 @@
}
}
+ if (PS(serializer) == NULL) {
+ char *value;
+
+ value = zend_ini_string(session.serialize_handler,
sizeof(session.serialize_handler), 0);
+ if (value) {
+ PS(serializer) = _php_find_ps_serializer(value
TSRMLS_CC);
+ }
+ }
+
+ if (PS(mod) == NULL || PS(serializer) == NULL) {
+ /* current status is unusable */
+ PS(session_status) = php_session_disabled;
+ return SUCCESS;
+ }
+
if (PS(auto_start)) {
php_session_start(TSRMLS_C);
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
iliaa Sun Jun 17 14:25:46 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/sessionsession.c Log: Fixed compiler warning http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.37r2=1.417.2.8.2.38diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.37 php-src/ext/session/session.c:1.417.2.8.2.38 --- php-src/ext/session/session.c:1.417.2.8.2.37Sat Jun 16 07:48:07 2007 +++ php-src/ext/session/session.c Sun Jun 17 14:25:46 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.417.2.8.2.37 2007/06/16 07:48:07 sesser Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.38 2007/06/17 14:25:46 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -46,6 +46,7 @@ #include ext/standard/php_rand.h /* for RAND_MAX */ #include ext/standard/info.h #include ext/standard/php_smart_str.h +#include ext/standard/url.h #include mod_files.h #include mod_user.h -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
sesser Sat Jun 16 07:48:07 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/sessionsession.c
Log:
MFH
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.36r2=1.417.2.8.2.37diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.36
php-src/ext/session/session.c:1.417.2.8.2.37
--- php-src/ext/session/session.c:1.417.2.8.2.36Fri Jun 15 22:40:00 2007
+++ php-src/ext/session/session.c Sat Jun 16 07:48:07 2007
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: session.c,v 1.417.2.8.2.36 2007/06/15 22:40:00 stas Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.37 2007/06/16 07:48:07 sesser Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -807,7 +807,7 @@
int vallen;
/* check session name for invalid characters */
- if (PS(id) strpbrk(PS(id), \r\n\t '\\\()@,;:[]?={}%)) {
+ if (PS(id) strpbrk(PS(id), \r\n\t '\\\)) {
efree(PS(id));
PS(id) = NULL;
}
@@ -1080,6 +1080,7 @@
{
smart_str ncookie = {0};
char *date_fmt = NULL;
+ char *e_session_name, *e_id;
if (SG(headers_sent)) {
char *output_start_filename =
php_get_output_start_filename(TSRMLS_C);
@@ -1093,11 +1094,18 @@
}
return;
}
+
+ /* URL encode session_name and id because they might be user supplied */
+ e_session_name = php_url_encode(PS(session_name),
strlen(PS(session_name)), NULL);
+ e_id = php_url_encode(PS(id), strlen(PS(id)), NULL);
smart_str_appends(ncookie, COOKIE_SET_COOKIE);
- smart_str_appends(ncookie, PS(session_name));
+ smart_str_appends(ncookie, e_session_name);
smart_str_appendc(ncookie, '=');
- smart_str_appends(ncookie, PS(id));
+ smart_str_appends(ncookie, e_id);
+
+ efree(e_session_name);
+ efree(e_id);
if (PS(cookie_lifetime) 0) {
struct timeval tv;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
stasFri Jun 15 22:40:00 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/sessionsession.c
Log:
Disallow characters that Cookie RFC does not allow in unquoted cookies
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.35r2=1.417.2.8.2.36diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.35
php-src/ext/session/session.c:1.417.2.8.2.36
--- php-src/ext/session/session.c:1.417.2.8.2.35Thu Jun 7 08:59:00 2007
+++ php-src/ext/session/session.c Fri Jun 15 22:40:00 2007
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: session.c,v 1.417.2.8.2.35 2007/06/07 08:59:00 tony2001 Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.36 2007/06/15 22:40:00 stas Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -807,7 +807,7 @@
int vallen;
/* check session name for invalid characters */
- if (PS(id) strpbrk(PS(id), \r\n\t '\\\)) {
+ if (PS(id) strpbrk(PS(id), \r\n\t '\\\()@,;:[]?={}%)) {
efree(PS(id));
PS(id) = NULL;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
iliaa Wed Mar 14 19:37:07 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/sessionsession.c
Log:
Fixed MOPB-22-2007:PHP session_regenerate_id() Double Free Vulnerability
# Discovered by Stefan Esser
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.31r2=1.417.2.8.2.32diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.31
php-src/ext/session/session.c:1.417.2.8.2.32
--- php-src/ext/session/session.c:1.417.2.8.2.31Sat Mar 3 15:07:31 2007
+++ php-src/ext/session/session.c Wed Mar 14 19:37:07 2007
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: session.c,v 1.417.2.8.2.31 2007/03/03 15:07:31 iliaa Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.32 2007/03/14 19:37:07 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -846,6 +846,7 @@
} else if (PS(invalid_session_id)) { /* address instances where the
session read fails due to an invalid id */
PS(invalid_session_id) = 0;
efree(PS(id));
+ PS(id) = NULL;
goto new_session;
}
}
@@ -1575,6 +1576,7 @@
RETURN_FALSE;
}
efree(PS(id));
+ PS(id) = NULL;
}
PS(id) = PS(mod)-s_create_sid(PS(mod_data), NULL TSRMLS_CC);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
iliaa Fri Mar 2 00:49:47 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/sessionsession.c
Log:
Improve safe_mode check
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.29r2=1.417.2.8.2.30diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.29
php-src/ext/session/session.c:1.417.2.8.2.30
--- php-src/ext/session/session.c:1.417.2.8.2.29Tue Feb 27 03:28:16 2007
+++ php-src/ext/session/session.c Fri Mar 2 00:49:47 2007
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: session.c,v 1.417.2.8.2.29 2007/02/27 03:28:16 iliaa Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.30 2007/03/02 00:49:47 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -163,7 +163,7 @@
p = new_value;
}
- if (PG(safe_mode) (!php_checkuid(p, NULL,
CHECKUID_CHECK_FILE_AND_DIR))) {
+ if (PG(safe_mode) (!php_checkuid(p, NULL,
CHECKUID_ALLOW_ONLY_DIR))) {
return FAILURE;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
iliaa Tue Jan 9 15:31:12 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/sessionsession.c
Log:
Prevent SESSION/GLOBALS overload via session decoding
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.24r2=1.417.2.8.2.25diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.24
php-src/ext/session/session.c:1.417.2.8.2.25
--- php-src/ext/session/session.c:1.417.2.8.2.24Mon Jan 1 09:36:06 2007
+++ php-src/ext/session/session.c Tue Jan 9 15:31:12 2007
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: session.c,v 1.417.2.8.2.24 2007/01/01 09:36:06 sebastian Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.25 2007/01/09 15:31:12 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -331,6 +331,10 @@
zend_hash_find(EG(symbol_table), name, namelen + 1,
(void *) sym_global);
+ if ((Z_TYPE_PP(sym_global) == IS_ARRAY
Z_ARRVAL_PP(sym_global) == EG(symbol_table)) || *sym_global ==
PS(http_session_vars)) {
+ return;
+ }
+
if (sym_global == NULL sym_track == NULL) {
zval *empty_var;
@@ -360,7 +364,10 @@
if (PG(register_globals)) {
zval **old_symbol;
if (zend_hash_find(EG(symbol_table),name,namelen+1,(void
*)old_symbol) == SUCCESS) {
-
+ if ((Z_TYPE_PP(old_symbol) == IS_ARRAY
Z_ARRVAL_PP(old_symbol) == EG(symbol_table)) || *old_symbol ==
PS(http_session_vars)) {
+ return;
+ }
+
/*
* A global symbol with the same name exists already.
That
* symbol might have been created by other means (e.g.
$_GET).
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
I think this one needs a test..
- Original Message -
From: Ilia Alshanetsky [EMAIL PROTECTED]
To: php-cvs@lists.php.net
Sent: Tuesday, January 09, 2007 3:31 PM
Subject: [PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
iliaa Tue Jan 9 15:31:12 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/session session.c
Log:
Prevent SESSION/GLOBALS overload via session decoding
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.24r2=1.417.2.8.2.25diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.24
php-src/ext/session/session.c:1.417.2.8.2.25
--- php-src/ext/session/session.c:1.417.2.8.2.24 Mon Jan 1 09:36:06 2007
+++ php-src/ext/session/session.c Tue Jan 9 15:31:12 2007
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: session.c,v 1.417.2.8.2.24 2007/01/01 09:36:06 sebastian Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.25 2007/01/09 15:31:12 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -331,6 +331,10 @@
zend_hash_find(EG(symbol_table), name, namelen + 1,
(void *) sym_global);
+ if ((Z_TYPE_PP(sym_global) == IS_ARRAY Z_ARRVAL_PP(sym_global) ==
EG(symbol_table)) || *sym_global == PS(http_session_vars)) {
+ return;
+ }
+
if (sym_global == NULL sym_track == NULL) {
zval *empty_var;
@@ -360,7 +364,10 @@
if (PG(register_globals)) {
zval **old_symbol;
if (zend_hash_find(EG(symbol_table),name,namelen+1,(void *)old_symbol)
== SUCCESS) {
-
+ if ((Z_TYPE_PP(old_symbol) == IS_ARRAY Z_ARRVAL_PP(old_symbol) ==
EG(symbol_table)) || *old_symbol == PS(http_session_vars)) {
+ return;
+ }
+
/*
* A global symbol with the same name exists already. That
* symbol might have been created by other means (e.g. $_GET).
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
Feel free to add one ;-)
On 9-Jan-07, at 1:13 PM, Nuno Lopes wrote:
I think this one needs a test..
- Original Message - From: Ilia Alshanetsky [EMAIL PROTECTED]
To: php-cvs@lists.php.net
Sent: Tuesday, January 09, 2007 3:31 PM
Subject: [PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
iliaa Tue Jan 9 15:31:12 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/session session.c
Log:
Prevent SESSION/GLOBALS overload via session decoding
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?
r1=1.417.2.8.2.24r2=1.417.2.8.2.25diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.24 php-src/ext/
session/session.c:1.417.2.8.2.25
--- php-src/ext/session/session.c:1.417.2.8.2.24 Mon Jan 1
09:36:06 2007
+++ php-src/ext/session/session.c Tue Jan 9 15:31:12 2007
@@ -17,7 +17,7 @@
+
--+
*/
-/* $Id: session.c,v 1.417.2.8.2.24 2007/01/01 09:36:06 sebastian
Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.25 2007/01/09 15:31:12 iliaa Exp
$ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -331,6 +331,10 @@
zend_hash_find(EG(symbol_table), name, namelen + 1,
(void *) sym_global);
+ if ((Z_TYPE_PP(sym_global) == IS_ARRAY Z_ARRVAL_PP
(sym_global) == EG(symbol_table)) || *sym_global == PS
(http_session_vars)) {
+ return;
+ }
+
if (sym_global == NULL sym_track == NULL) {
zval *empty_var;
@@ -360,7 +364,10 @@
if (PG(register_globals)) {
zval **old_symbol;
if (zend_hash_find(EG(symbol_table),name,namelen+1,(void *)
old_symbol) == SUCCESS) {
-
+ if ((Z_TYPE_PP(old_symbol) == IS_ARRAY Z_ARRVAL_PP
(old_symbol) == EG(symbol_table)) || *old_symbol == PS
(http_session_vars)) {
+ return;
+ }
+
/*
* A global symbol with the same name exists already. That
* symbol might have been created by other means (e.g. $_GET).
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Ilia Alshanetsky
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
dmitry Wed Jan 10 07:04:49 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/sessionsession.c
Log:
Fixed SIGSEGV
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.25r2=1.417.2.8.2.26diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.25
php-src/ext/session/session.c:1.417.2.8.2.26
--- php-src/ext/session/session.c:1.417.2.8.2.25Tue Jan 9 15:31:12 2007
+++ php-src/ext/session/session.c Wed Jan 10 07:04:49 2007
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: session.c,v 1.417.2.8.2.25 2007/01/09 15:31:12 iliaa Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.26 2007/01/10 07:04:49 dmitry Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -328,11 +328,10 @@
if (PG(register_globals)) {
zval **sym_global = NULL;
- zend_hash_find(EG(symbol_table), name, namelen + 1,
- (void *) sym_global);
-
- if ((Z_TYPE_PP(sym_global) == IS_ARRAY
Z_ARRVAL_PP(sym_global) == EG(symbol_table)) || *sym_global ==
PS(http_session_vars)) {
- return;
+ if (zend_hash_find(EG(symbol_table), name, namelen + 1, (void
*) sym_global) == SUCCESS) {
+ if ((Z_TYPE_PP(sym_global) == IS_ARRAY
Z_ARRVAL_PP(sym_global) == EG(symbol_table)) || *sym_global ==
PS(http_session_vars)) {
+ return;
+ }
}
if (sym_global == NULL sym_track == NULL) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
iliaa Sun Dec 31 22:25:55 2006 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/sessionsession.c
Log:
Added boundary checks to php_binary deserializer
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.22r2=1.417.2.8.2.23diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.22
php-src/ext/session/session.c:1.417.2.8.2.23
--- php-src/ext/session/session.c:1.417.2.8.2.22Tue Dec 26 16:53:47 2006
+++ php-src/ext/session/session.c Sun Dec 31 22:25:55 2006
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: session.c,v 1.417.2.8.2.22 2006/12/26 16:53:47 iliaa Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.23 2006/12/31 22:25:55 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -471,6 +471,11 @@
for (p = val; p endptr; ) {
zval **tmp;
namelen = *p (~PS_BIN_UNDEF);
+
+ if (namelen PS_BIN_MAX || (p + namelen) = endptr) {
+ return FAILURE;
+ }
+
has_value = *p PS_BIN_UNDEF ? 0 : 1;
name = estrndup(p + 1, namelen);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
iliaa Tue Dec 26 16:53:47 2006 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/sessionsession.c
Log:
Session deserializer protection.
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.21r2=1.417.2.8.2.22diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.21
php-src/ext/session/session.c:1.417.2.8.2.22
--- php-src/ext/session/session.c:1.417.2.8.2.21Wed Dec 20 19:31:28 2006
+++ php-src/ext/session/session.c Tue Dec 26 16:53:47 2006
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: session.c,v 1.417.2.8.2.21 2006/12/20 19:31:28 tony2001 Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.22 2006/12/26 16:53:47 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -465,34 +465,33 @@
int namelen;
int has_value;
php_unserialize_data_t var_hash;
- int globals_on = PG(register_globals);
- int longarrays_on = PG(register_long_arrays);
PHP_VAR_UNSERIALIZE_INIT(var_hash);
for (p = val; p endptr; ) {
+ zval **tmp;
namelen = *p (~PS_BIN_UNDEF);
has_value = *p PS_BIN_UNDEF ? 0 : 1;
name = estrndup(p + 1, namelen);
-
+
p += namelen + 1;
- if (globals_on namelen == sizeof(_SESSION)-1
!memcmp(name, _SESSION, sizeof(_SESSION) - 1)) {
- /* _SESSION hijack attempt */
- } else if (globals_on namelen == sizeof(GLOBALS)-1
!memcmp(name, GLOBALS, sizeof(GLOBALS) - 1)) {
- /* _GLOBALS hijack attempt */
- } else if (globals_on longarrays_on namelen ==
sizeof(HTTP_SESSION_VARS)-1 !memcmp(name, HTTP_SESSION_VARS,
sizeof(HTTP_SESSION_VARS)-1)) {
- /* HTTP_SESSION_VARS hijack attempt */
- } else {
- if (has_value) {
- ALLOC_INIT_ZVAL(current);
- if (php_var_unserialize(current, (const
unsigned char **) p, (const unsigned char *) endptr, var_hash TSRMLS_CC)) {
- php_set_session_var(name, namelen,
current, var_hash TSRMLS_CC);
- }
- zval_ptr_dtor(current);
+
+ if (zend_hash_find(EG(symbol_table), name, namelen + 1, (void
**) tmp) == SUCCESS) {
+ if ((Z_TYPE_PP(tmp) == IS_ARRAY Z_ARRVAL_PP(tmp) ==
EG(symbol_table)) || *tmp == PS(http_session_vars)) {
+ efree(name);
+ continue;
}
- PS_ADD_VARL(name, namelen);
}
+
+ if (has_value) {
+ ALLOC_INIT_ZVAL(current);
+ if (php_var_unserialize(current, (const unsigned char
**) p, (const unsigned char *) endptr, var_hash TSRMLS_CC)) {
+ php_set_session_var(name, namelen, current,
var_hash TSRMLS_CC);
+ }
+ zval_ptr_dtor(current);
+ }
+ PS_ADD_VARL(name, namelen);
efree(name);
}
@@ -544,14 +543,13 @@
int namelen;
int has_value;
php_unserialize_data_t var_hash;
- int globals_on = PG(register_globals);
- int longarrays_on = PG(register_long_arrays);
PHP_VAR_UNSERIALIZE_INIT(var_hash);
p = val;
while (p endptr) {
+ zval **tmp;
q = p;
while (*q != PS_DELIMITER)
if (++q = endptr) goto break_outer_loop;
@@ -566,25 +564,23 @@
namelen = q - p;
name = estrndup(p, namelen);
q++;
-
- if (globals_on namelen == sizeof(_SESSION)-1
!memcmp(name, _SESSION, sizeof(_SESSION) - 1)) {
- /* _SESSION hijack attempt */
- } else if (globals_on namelen == sizeof(GLOBALS)-1
!memcmp(name, GLOBALS, sizeof(GLOBALS) - 1)) {
- /* GLOBALS hijack attempt */
- } else if (globals_on longarrays_on namelen ==
sizeof(HTTP_SESSION_VARS)-1 !memcmp(name, HTTP_SESSION_VARS,
sizeof(HTTP_SESSION_VARS)-1)) {
- /* HTTP_SESSION_VARS hijack attempt */
- } else {
- if (has_value) {
- ALLOC_INIT_ZVAL(current);
- if (php_var_unserialize(current, (const
unsigned char **) q, (const unsigned char *) endptr, var_hash TSRMLS_CC)) {
- php_set_session_var(name, namelen,
current, var_hash TSRMLS_CC);
- }
- zval_ptr_dtor(current);
+
+
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
tony2001Wed Dec 20 19:31:28 2006 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/sessionsession.c
Log:
protect _SESSION, HTTP_SESSION_VARS and GLOBALS
maintain an internal reference of _SESSION, so that it won't be possible to
destroy it from userspace
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.20r2=1.417.2.8.2.21diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.20
php-src/ext/session/session.c:1.417.2.8.2.21
--- php-src/ext/session/session.c:1.417.2.8.2.20Mon Dec 4 15:58:48 2006
+++ php-src/ext/session/session.c Wed Dec 20 19:31:28 2006
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: session.c,v 1.417.2.8.2.20 2006/12/04 15:58:48 tony2001 Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.21 2006/12/20 19:31:28 tony2001 Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -465,6 +465,8 @@
int namelen;
int has_value;
php_unserialize_data_t var_hash;
+ int globals_on = PG(register_globals);
+ int longarrays_on = PG(register_long_arrays);
PHP_VAR_UNSERIALIZE_INIT(var_hash);
@@ -475,15 +477,22 @@
name = estrndup(p + 1, namelen);
p += namelen + 1;
-
- if (has_value) {
- ALLOC_INIT_ZVAL(current);
- if (php_var_unserialize(current, (const unsigned char
**) p, (const unsigned char *) endptr, var_hash TSRMLS_CC)) {
- php_set_session_var(name, namelen, current,
var_hash TSRMLS_CC);
+ if (globals_on namelen == sizeof(_SESSION)-1
!memcmp(name, _SESSION, sizeof(_SESSION) - 1)) {
+ /* _SESSION hijack attempt */
+ } else if (globals_on namelen == sizeof(GLOBALS)-1
!memcmp(name, GLOBALS, sizeof(GLOBALS) - 1)) {
+ /* _GLOBALS hijack attempt */
+ } else if (globals_on longarrays_on namelen ==
sizeof(HTTP_SESSION_VARS)-1 !memcmp(name, HTTP_SESSION_VARS,
sizeof(HTTP_SESSION_VARS)-1)) {
+ /* HTTP_SESSION_VARS hijack attempt */
+ } else {
+ if (has_value) {
+ ALLOC_INIT_ZVAL(current);
+ if (php_var_unserialize(current, (const
unsigned char **) p, (const unsigned char *) endptr, var_hash TSRMLS_CC)) {
+ php_set_session_var(name, namelen,
current, var_hash TSRMLS_CC);
+ }
+ zval_ptr_dtor(current);
}
- zval_ptr_dtor(current);
+ PS_ADD_VARL(name, namelen);
}
- PS_ADD_VARL(name, namelen);
efree(name);
}
@@ -535,6 +544,8 @@
int namelen;
int has_value;
php_unserialize_data_t var_hash;
+ int globals_on = PG(register_globals);
+ int longarrays_on = PG(register_long_arrays);
PHP_VAR_UNSERIALIZE_INIT(var_hash);
@@ -556,14 +567,22 @@
name = estrndup(p, namelen);
q++;
- if (has_value) {
- ALLOC_INIT_ZVAL(current);
- if (php_var_unserialize(current, (const unsigned char
**) q, (const unsigned char *) endptr, var_hash TSRMLS_CC)) {
- php_set_session_var(name, namelen, current,
var_hash TSRMLS_CC);
+ if (globals_on namelen == sizeof(_SESSION)-1
!memcmp(name, _SESSION, sizeof(_SESSION) - 1)) {
+ /* _SESSION hijack attempt */
+ } else if (globals_on namelen == sizeof(GLOBALS)-1
!memcmp(name, GLOBALS, sizeof(GLOBALS) - 1)) {
+ /* GLOBALS hijack attempt */
+ } else if (globals_on longarrays_on namelen ==
sizeof(HTTP_SESSION_VARS)-1 !memcmp(name, HTTP_SESSION_VARS,
sizeof(HTTP_SESSION_VARS)-1)) {
+ /* HTTP_SESSION_VARS hijack attempt */
+ } else {
+ if (has_value) {
+ ALLOC_INIT_ZVAL(current);
+ if (php_var_unserialize(current, (const
unsigned char **) q, (const unsigned char *) endptr, var_hash TSRMLS_CC)) {
+ php_set_session_var(name, namelen,
current, var_hash TSRMLS_CC);
+ }
+ zval_ptr_dtor(current);
}
- zval_ptr_dtor(current);
+ PS_ADD_VARL(name, namelen);
}
- PS_ADD_VARL(name, namelen);
efree(name);
p = q;
@@ -583,16 +602,20 @@
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c /main main.c
tony2001Mon Dec 4 15:58:48 2006 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/sessionsession.c
/php-src/main main.c
Log:
MFH: fix retval type
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.19r2=1.417.2.8.2.20diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.19
php-src/ext/session/session.c:1.417.2.8.2.20
--- php-src/ext/session/session.c:1.417.2.8.2.19Mon Dec 4 15:19:26 2006
+++ php-src/ext/session/session.c Mon Dec 4 15:58:48 2006
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: session.c,v 1.417.2.8.2.19 2006/12/04 15:19:26 iliaa Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.20 2006/12/04 15:58:48 tony2001 Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -276,7 +276,7 @@
static void php_rinit_session_globals(TSRMLS_D);
static void php_rshutdown_session_globals(TSRMLS_D);
-static zend_bool php_session_destroy(TSRMLS_D);
+static int php_session_destroy(TSRMLS_D);
zend_module_entry session_module_entry = {
STANDARD_MODULE_HEADER,
@@ -1304,9 +1304,9 @@
}
}
-static zend_bool php_session_destroy(TSRMLS_D)
+static int php_session_destroy(TSRMLS_D)
{
- zend_bool retval = SUCCESS;
+ int retval = SUCCESS;
if (PS(session_status) != php_session_active) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, Trying to destroy
uninitialized session);
http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.640.2.23.2.19r2=1.640.2.23.2.20diff_format=u
Index: php-src/main/main.c
diff -u php-src/main/main.c:1.640.2.23.2.19 php-src/main/main.c:1.640.2.23.2.20
--- php-src/main/main.c:1.640.2.23.2.19 Thu Nov 23 08:37:21 2006
+++ php-src/main/main.c Mon Dec 4 15:58:48 2006
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: main.c,v 1.640.2.23.2.19 2006/11/23 08:37:21 dmitry Exp $ */
+/* $Id: main.c,v 1.640.2.23.2.20 2006/12/04 15:58:48 tony2001 Exp $ */
/* {{{ includes
*/
@@ -1893,7 +1893,7 @@
PHPAPI int php_lint_script(zend_file_handle *file TSRMLS_DC)
{
zend_op_array *op_array;
- zend_bool retval = FAILURE;
+ int retval = FAILURE;
zend_try {
op_array = zend_compile_file(file, ZEND_INCLUDE TSRMLS_CC);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
iliaa Fri Dec 1 00:27:20 2006 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/sessionsession.c
Log:
Disallow \0 chars inside session.save_path
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.17r2=1.417.2.8.2.18diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.17
php-src/ext/session/session.c:1.417.2.8.2.18
--- php-src/ext/session/session.c:1.417.2.8.2.17Fri Nov 3 14:46:48 2006
+++ php-src/ext/session/session.c Fri Dec 1 00:27:20 2006
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: session.c,v 1.417.2.8.2.17 2006/11/03 14:46:48 bjori Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.18 2006/12/01 00:27:20 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -153,6 +153,10 @@
if (stage == PHP_INI_STAGE_RUNTIME) {
char *p;
+ if (memchr(new_value, '\0', new_value_length) != NULL) {
+ return FAILURE;
+ }
+
if ((p = zend_memrchr(new_value, ';', new_value_length))) {
p++;
} else {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
tony2001Wed Aug 30 15:43:10 2006 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/sessionsession.c
Log:
MFH: change E_ERROR to E_WARNING when invalid argument has been passed
make sure ini_set() doesn't reset PS(mod) and PS(serializer) to invalid values
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.12r2=1.417.2.8.2.13diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.12
php-src/ext/session/session.c:1.417.2.8.2.13
--- php-src/ext/session/session.c:1.417.2.8.2.12Thu Aug 10 21:10:03 2006
+++ php-src/ext/session/session.c Wed Aug 30 15:43:10 2006
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: session.c,v 1.417.2.8.2.12 2006/08/10 21:10:03 iliaa Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.13 2006/08/30 15:43:10 tony2001 Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -95,13 +95,16 @@
static PHP_INI_MH(OnUpdateSaveHandler)
{
+ ps_module *tmp;
SESSION_CHECK_ACTIVE_STATE;
- PS(mod) = _php_find_ps_module(new_value TSRMLS_CC);
+ tmp = _php_find_ps_module(new_value TSRMLS_CC);
- if (PG(modules_activated) !PS(mod)) {
- php_error_docref(NULL TSRMLS_CC, E_ERROR, Cannot find save
handler %s, new_value);
+ if (PG(modules_activated) !tmp) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, Cannot find save
handler %s, new_value);
+ return FAILURE;
}
+ PS(mod) = tmp;
return SUCCESS;
}
@@ -121,13 +124,16 @@
static PHP_INI_MH(OnUpdateSerializer)
{
+ const ps_serializer *tmp;
SESSION_CHECK_ACTIVE_STATE;
- PS(serializer) = _php_find_ps_serializer(new_value TSRMLS_CC);
+ tmp = _php_find_ps_serializer(new_value TSRMLS_CC);
- if (PG(modules_activated) !PS(serializer)) {
+ if (PG(modules_activated) !tmp) {
php_error_docref(NULL TSRMLS_CC, E_ERROR, Cannot find
serialization handler %s, new_value);
+ return FAILURE;
}
+ PS(serializer) = tmp;
return SUCCESS;
}
@@ -1395,8 +1401,9 @@
if (ac == 1) {
convert_to_string_ex(p_name);
if (!_php_find_ps_module(Z_STRVAL_PP(p_name) TSRMLS_CC)) {
- php_error_docref(NULL TSRMLS_CC, E_ERROR, Cannot find
named PHP session module (%s),
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, Cannot
find named PHP session module (%s),
Z_STRVAL_PP(p_name));
+ zval_dtor(return_value);
RETURN_FALSE;
}
if (PS(mod_data)) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
tony2001Wed Aug 30 16:24:40 2006 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/sessionsession.c
Log:
change ini handlers to produce E_ERROR if they are called during startup
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.13r2=1.417.2.8.2.14diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.13
php-src/ext/session/session.c:1.417.2.8.2.14
--- php-src/ext/session/session.c:1.417.2.8.2.13Wed Aug 30 15:43:10 2006
+++ php-src/ext/session/session.c Wed Aug 30 16:24:40 2006
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: session.c,v 1.417.2.8.2.13 2006/08/30 15:43:10 tony2001 Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.14 2006/08/30 16:24:40 tony2001 Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -101,7 +101,13 @@
tmp = _php_find_ps_module(new_value TSRMLS_CC);
if (PG(modules_activated) !tmp) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, Cannot find save
handler %s, new_value);
+ int err_type;
+ if (stage == ZEND_INI_STAGE_RUNTIME) {
+ err_type = E_WARNING;
+ } else {
+ err_type = E_ERROR;
+ }
+ php_error_docref(NULL TSRMLS_CC, err_type, Cannot find save
handler %s, new_value);
return FAILURE;
}
PS(mod) = tmp;
@@ -130,7 +136,13 @@
tmp = _php_find_ps_serializer(new_value TSRMLS_CC);
if (PG(modules_activated) !tmp) {
- php_error_docref(NULL TSRMLS_CC, E_ERROR, Cannot find
serialization handler %s, new_value);
+ int err_type;
+ if (stage == ZEND_INI_STAGE_RUNTIME) {
+ err_type = E_WARNING;
+ } else {
+ err_type = E_ERROR;
+ }
+ php_error_docref(NULL TSRMLS_CC, err_type, Cannot find
serialization handler %s, new_value);
return FAILURE;
}
PS(serializer) = tmp;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
iliaa Thu Aug 10 21:10:03 2006 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/sessionsession.c
Log:
Fixed proto
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.11r2=1.417.2.8.2.12diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.11
php-src/ext/session/session.c:1.417.2.8.2.12
--- php-src/ext/session/session.c:1.417.2.8.2.11Thu Aug 10 13:50:56 2006
+++ php-src/ext/session/session.c Thu Aug 10 21:10:03 2006
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: session.c,v 1.417.2.8.2.11 2006/08/10 13:50:56 iliaa Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.12 2006/08/10 21:10:03 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1298,7 +1298,7 @@
}
-/* {{{ proto void session_set_cookie_params(int lifetime [, string path [,
string domain [, bool secure]]])
+/* {{{ proto void session_set_cookie_params(int lifetime [, string path [,
string domain [, bool secure[, bool httponly)
Set session cookie parameters */
PHP_FUNCTION(session_set_cookie_params)
{
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
tony2001Tue Aug 1 08:32:08 2006 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/sessionsession.c
Log:
MFH: fix #38278 (session_cache_expire()'s value does not match phpinfo's
session.cache_expire)
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.8r2=1.417.2.8.2.9diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.8
php-src/ext/session/session.c:1.417.2.8.2.9
--- php-src/ext/session/session.c:1.417.2.8.2.8 Thu Jul 27 15:33:16 2006
+++ php-src/ext/session/session.c Tue Aug 1 08:32:07 2006
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: session.c,v 1.417.2.8.2.8 2006/07/27 15:33:16 iliaa Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.9 2006/08/01 08:32:07 tony2001 Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1553,8 +1553,8 @@
WRONG_PARAM_COUNT;
if (ac == 1) {
- convert_to_long_ex(p_cache_expire);
- PS(cache_expire) = Z_LVAL_PP(p_cache_expire);
+ convert_to_string_ex(p_cache_expire);
+ zend_alter_ini_entry(session.cache_expire,
sizeof(session.cache_expire), Z_STRVAL_PP(p_cache_expire),
Z_STRLEN_PP(p_cache_expire), ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME);
}
RETVAL_LONG(old);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
iliaa Thu Jul 27 14:05:03 2006 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/sessionsession.c
Log:
removed debug code
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.5r2=1.417.2.8.2.6diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.5
php-src/ext/session/session.c:1.417.2.8.2.6
--- php-src/ext/session/session.c:1.417.2.8.2.5 Thu Jul 27 14:00:13 2006
+++ php-src/ext/session/session.c Thu Jul 27 14:05:03 2006
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: session.c,v 1.417.2.8.2.5 2006/07/27 14:00:13 iliaa Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.6 2006/07/27 14:05:03 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -768,7 +768,6 @@
if (!PS(id)) {
new_session:
PS(id) = PS(mod)-s_create_sid(PS(mod_data), NULL TSRMLS_CC);
-php_error_docref(NULL TSRMLS_CC, E_WARNING, Making a new session %s.,
PS(id));
if (PS(use_cookies)) {
PS(send_cookie) = 1;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
iliaa Thu Jul 27 14:13:30 2006 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/sessionsession.c
Log:
make C++ compilers happy
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.6r2=1.417.2.8.2.7diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.6
php-src/ext/session/session.c:1.417.2.8.2.7
--- php-src/ext/session/session.c:1.417.2.8.2.6 Thu Jul 27 14:05:03 2006
+++ php-src/ext/session/session.c Thu Jul 27 14:13:30 2006
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: session.c,v 1.417.2.8.2.6 2006/07/27 14:05:03 iliaa Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.7 2006/07/27 14:13:30 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -745,7 +745,7 @@
{
char *val;
int vallen;
- zend_bool new = 0;
+ zend_bool make_new = 0;
/* check session name for invalid characters */
if (PS(id) strpbrk(PS(id), \r\n\t '\\\)) {
@@ -771,7 +771,7 @@
if (PS(use_cookies)) {
PS(send_cookie) = 1;
}
- new = 1;
+ make_new = 1;
}
/* Read data */
@@ -784,7 +784,7 @@
if (PS(mod)-s_read(PS(mod_data), PS(id), val, vallen TSRMLS_CC) ==
SUCCESS) {
php_session_decode(val, vallen TSRMLS_CC);
efree(val);
- } else if (!new) {
+ } else if (!make_new) {
goto new_session;
}
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
mikeWed Jul 12 15:28:44 2006 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/sessionsession.c Log: MFH: add note why replace is 0, so that I don't wonder again in 2 months why session_regenerate_id() sends the session cookie twice http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.2r2=1.417.2.8.2.3diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.2 php-src/ext/session/session.c:1.417.2.8.2.3 --- php-src/ext/session/session.c:1.417.2.8.2.2 Thu Jun 15 18:33:08 2006 +++ php-src/ext/session/session.c Wed Jul 12 15:28:44 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.417.2.8.2.2 2006/06/15 18:33:08 dmitry Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.3 2006/07/12 15:28:44 mike Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1053,6 +1053,8 @@ smart_str_0(ncookie); + /* 'replace' must be 0 here, else a previous Set-Cookie + header, probably sent with setcookie() will be replaced! */ sapi_add_header_ex(ncookie.c, ncookie.len, 0, 0 TSRMLS_CC); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
iliaa Thu Jul 13 00:13:19 2006 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/sessionsession.c
Log:
Fixed compiler warnings.
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.3r2=1.417.2.8.2.4diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.3
php-src/ext/session/session.c:1.417.2.8.2.4
--- php-src/ext/session/session.c:1.417.2.8.2.3 Wed Jul 12 15:28:44 2006
+++ php-src/ext/session/session.c Thu Jul 13 00:13:19 2006
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: session.c,v 1.417.2.8.2.3 2006/07/12 15:28:44 mike Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.4 2006/07/13 00:13:19 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -446,7 +446,7 @@
if (has_value) {
ALLOC_INIT_ZVAL(current);
- if (php_var_unserialize(current, (const unsigned char
**) p, endptr, var_hash TSRMLS_CC)) {
+ if (php_var_unserialize(current, (const unsigned char
**) p, (const unsigned char *) endptr, var_hash TSRMLS_CC)) {
php_set_session_var(name, namelen, current,
var_hash TSRMLS_CC);
}
zval_ptr_dtor(current);
@@ -526,7 +526,7 @@
if (has_value) {
ALLOC_INIT_ZVAL(current);
- if (php_var_unserialize(current, (const unsigned char
**) q, endptr, var_hash TSRMLS_CC)) {
+ if (php_var_unserialize(current, (const unsigned char
**) q, (const unsigned char *) endptr, var_hash TSRMLS_CC)) {
php_set_session_var(name, namelen, current,
var_hash TSRMLS_CC);
}
zval_ptr_dtor(current);
@@ -616,8 +616,8 @@
int mask;
int have;
- p = in;
- q = in + inlen;
+ p = (unsigned char *) in;
+ q = (unsigned char *)in + inlen;
w = 0;
have = 0;
@@ -673,17 +673,17 @@
/* maximum 15+19+19+10 bytes */
sprintf(buf, %.15s%ld%ld%0.8f, remote_addr ? remote_addr : ,
- tv.tv_sec, tv.tv_usec, php_combined_lcg(TSRMLS_C) * 10);
+ tv.tv_sec, (long int)tv.tv_usec,
php_combined_lcg(TSRMLS_C) * 10);
switch (PS(hash_func)) {
case PS_HASH_FUNC_MD5:
PHP_MD5Init(md5_context);
- PHP_MD5Update(md5_context, buf, strlen(buf));
+ PHP_MD5Update(md5_context, (unsigned char *) buf, strlen(buf));
digest_len = 16;
break;
case PS_HASH_FUNC_SHA1:
PHP_SHA1Init(sha1_context);
- PHP_SHA1Update(sha1_context, buf, strlen(buf));
+ PHP_SHA1Update(sha1_context, (unsigned char *) buf,
strlen(buf));
digest_len = 20;
break;
default:
@@ -734,7 +734,7 @@
php_error_docref(NULL TSRMLS_CC, E_WARNING, The ini setting
hash_bits_per_character is out of range (should be 4, 5, or 6) - using 4 for
now);
}
- j = (int) (bin_to_readable(digest, digest_len, buf,
PS(hash_bits_per_character)) - buf);
+ j = (int) (bin_to_readable((char *)digest, digest_len, buf,
PS(hash_bits_per_character)) - buf);
if (newlen)
*newlen = j;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
