[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
scottmacThu Dec 11 01:21:42 2008 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/sessionsession.c Log: MFH Fix bug #35975 - Session cookie expires date format isn't the most compatible. Sync to that of setcookie(). http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.44r2=1.417.2.8.2.45diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.44 php-src/ext/session/session.c:1.417.2.8.2.45 --- php-src/ext/session/session.c:1.417.2.8.2.44Wed Aug 6 21:28:38 2008 +++ php-src/ext/session/session.c Thu Dec 11 01:21:42 2008 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.417.2.8.2.44 2008/08/06 21:28:38 kalle Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.45 2008/12/11 01:21:42 scottmac Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -40,7 +40,7 @@ #include ext/standard/md5.h #include ext/standard/sha1.h #include ext/standard/php_var.h -#include ext/standard/datetime.h +#include ext/date/php_date.h #include ext/standard/php_lcg.h #include ext/standard/url_scanner_ex.h #include ext/standard/php_rand.h /* for RAND_MAX */ @@ -1116,7 +1116,7 @@ t = tv.tv_sec + PS(cookie_lifetime); if (t 0) { - date_fmt = php_std_date(t TSRMLS_CC); + date_fmt = php_format_date(D, d-M-Y H:i:s T, sizeof(D, d-M-Y H:i:s T)-1, t, 0 TSRMLS_CC); smart_str_appends(ncookie, COOKIE_EXPIRES); smart_str_appends(ncookie, date_fmt); efree(date_fmt); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
Uh..this changes the behaviour quite dramatically. See the failing tests now. You'd have to MFH quite a lot more to make it a proper fix, so please, revert. --Jani Kalle Sommer Nielsen kirjoitti: kalle Wed Aug 6 21:28:39 2008 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/session session.c Log: Backport fix for #45406 - Patch by oleg dot grenrus at dynamoid dot com http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.43r2=1.417.2.8.2.44diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.43 php-src/ext/session/session.c:1.417.2.8.2.44 --- php-src/ext/session/session.c:1.417.2.8.2.43Wed Jun 11 07:46:43 2008 +++ php-src/ext/session/session.c Wed Aug 6 21:28:38 2008 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.417.2.8.2.43 2008/06/11 07:46:43 dmitry Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.44 2008/08/06 21:28:38 kalle Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1925,6 +1925,21 @@ } } + if (PS(serializer) == NULL) { + char *value; + + value = zend_ini_string(session.serialize_handler, sizeof(session.serialize_handler), 0); + if (value) { + PS(serializer) = _php_find_ps_serializer(value TSRMLS_CC); + } + } + + if (PS(mod) == NULL || PS(serializer) == NULL) { + /* current status is unusable */ + PS(session_status) = php_session_disabled; + return SUCCESS; + } + if (PS(auto_start)) { php_session_start(TSRMLS_C); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
kalle Wed Aug 6 21:28:39 2008 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/sessionsession.c Log: Backport fix for #45406 - Patch by oleg dot grenrus at dynamoid dot com http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.43r2=1.417.2.8.2.44diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.43 php-src/ext/session/session.c:1.417.2.8.2.44 --- php-src/ext/session/session.c:1.417.2.8.2.43Wed Jun 11 07:46:43 2008 +++ php-src/ext/session/session.c Wed Aug 6 21:28:38 2008 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.417.2.8.2.43 2008/06/11 07:46:43 dmitry Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.44 2008/08/06 21:28:38 kalle Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1925,6 +1925,21 @@ } } + if (PS(serializer) == NULL) { + char *value; + + value = zend_ini_string(session.serialize_handler, sizeof(session.serialize_handler), 0); + if (value) { + PS(serializer) = _php_find_ps_serializer(value TSRMLS_CC); + } + } + + if (PS(mod) == NULL || PS(serializer) == NULL) { + /* current status is unusable */ + PS(session_status) = php_session_disabled; + return SUCCESS; + } + if (PS(auto_start)) { php_session_start(TSRMLS_C); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
iliaa Sun Jun 17 14:25:46 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/sessionsession.c Log: Fixed compiler warning http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.37r2=1.417.2.8.2.38diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.37 php-src/ext/session/session.c:1.417.2.8.2.38 --- php-src/ext/session/session.c:1.417.2.8.2.37Sat Jun 16 07:48:07 2007 +++ php-src/ext/session/session.c Sun Jun 17 14:25:46 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.417.2.8.2.37 2007/06/16 07:48:07 sesser Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.38 2007/06/17 14:25:46 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -46,6 +46,7 @@ #include ext/standard/php_rand.h /* for RAND_MAX */ #include ext/standard/info.h #include ext/standard/php_smart_str.h +#include ext/standard/url.h #include mod_files.h #include mod_user.h -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
sesser Sat Jun 16 07:48:07 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/sessionsession.c Log: MFH http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.36r2=1.417.2.8.2.37diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.36 php-src/ext/session/session.c:1.417.2.8.2.37 --- php-src/ext/session/session.c:1.417.2.8.2.36Fri Jun 15 22:40:00 2007 +++ php-src/ext/session/session.c Sat Jun 16 07:48:07 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.417.2.8.2.36 2007/06/15 22:40:00 stas Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.37 2007/06/16 07:48:07 sesser Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -807,7 +807,7 @@ int vallen; /* check session name for invalid characters */ - if (PS(id) strpbrk(PS(id), \r\n\t '\\\()@,;:[]?={}%)) { + if (PS(id) strpbrk(PS(id), \r\n\t '\\\)) { efree(PS(id)); PS(id) = NULL; } @@ -1080,6 +1080,7 @@ { smart_str ncookie = {0}; char *date_fmt = NULL; + char *e_session_name, *e_id; if (SG(headers_sent)) { char *output_start_filename = php_get_output_start_filename(TSRMLS_C); @@ -1093,11 +1094,18 @@ } return; } + + /* URL encode session_name and id because they might be user supplied */ + e_session_name = php_url_encode(PS(session_name), strlen(PS(session_name)), NULL); + e_id = php_url_encode(PS(id), strlen(PS(id)), NULL); smart_str_appends(ncookie, COOKIE_SET_COOKIE); - smart_str_appends(ncookie, PS(session_name)); + smart_str_appends(ncookie, e_session_name); smart_str_appendc(ncookie, '='); - smart_str_appends(ncookie, PS(id)); + smart_str_appends(ncookie, e_id); + + efree(e_session_name); + efree(e_id); if (PS(cookie_lifetime) 0) { struct timeval tv; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
stasFri Jun 15 22:40:00 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/sessionsession.c Log: Disallow characters that Cookie RFC does not allow in unquoted cookies http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.35r2=1.417.2.8.2.36diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.35 php-src/ext/session/session.c:1.417.2.8.2.36 --- php-src/ext/session/session.c:1.417.2.8.2.35Thu Jun 7 08:59:00 2007 +++ php-src/ext/session/session.c Fri Jun 15 22:40:00 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.417.2.8.2.35 2007/06/07 08:59:00 tony2001 Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.36 2007/06/15 22:40:00 stas Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -807,7 +807,7 @@ int vallen; /* check session name for invalid characters */ - if (PS(id) strpbrk(PS(id), \r\n\t '\\\)) { + if (PS(id) strpbrk(PS(id), \r\n\t '\\\()@,;:[]?={}%)) { efree(PS(id)); PS(id) = NULL; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
iliaa Wed Mar 14 19:37:07 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/sessionsession.c Log: Fixed MOPB-22-2007:PHP session_regenerate_id() Double Free Vulnerability # Discovered by Stefan Esser http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.31r2=1.417.2.8.2.32diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.31 php-src/ext/session/session.c:1.417.2.8.2.32 --- php-src/ext/session/session.c:1.417.2.8.2.31Sat Mar 3 15:07:31 2007 +++ php-src/ext/session/session.c Wed Mar 14 19:37:07 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.417.2.8.2.31 2007/03/03 15:07:31 iliaa Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.32 2007/03/14 19:37:07 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -846,6 +846,7 @@ } else if (PS(invalid_session_id)) { /* address instances where the session read fails due to an invalid id */ PS(invalid_session_id) = 0; efree(PS(id)); + PS(id) = NULL; goto new_session; } } @@ -1575,6 +1576,7 @@ RETURN_FALSE; } efree(PS(id)); + PS(id) = NULL; } PS(id) = PS(mod)-s_create_sid(PS(mod_data), NULL TSRMLS_CC); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
iliaa Fri Mar 2 00:49:47 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/sessionsession.c Log: Improve safe_mode check http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.29r2=1.417.2.8.2.30diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.29 php-src/ext/session/session.c:1.417.2.8.2.30 --- php-src/ext/session/session.c:1.417.2.8.2.29Tue Feb 27 03:28:16 2007 +++ php-src/ext/session/session.c Fri Mar 2 00:49:47 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.417.2.8.2.29 2007/02/27 03:28:16 iliaa Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.30 2007/03/02 00:49:47 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -163,7 +163,7 @@ p = new_value; } - if (PG(safe_mode) (!php_checkuid(p, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + if (PG(safe_mode) (!php_checkuid(p, NULL, CHECKUID_ALLOW_ONLY_DIR))) { return FAILURE; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
iliaa Tue Jan 9 15:31:12 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/sessionsession.c Log: Prevent SESSION/GLOBALS overload via session decoding http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.24r2=1.417.2.8.2.25diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.24 php-src/ext/session/session.c:1.417.2.8.2.25 --- php-src/ext/session/session.c:1.417.2.8.2.24Mon Jan 1 09:36:06 2007 +++ php-src/ext/session/session.c Tue Jan 9 15:31:12 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.417.2.8.2.24 2007/01/01 09:36:06 sebastian Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.25 2007/01/09 15:31:12 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -331,6 +331,10 @@ zend_hash_find(EG(symbol_table), name, namelen + 1, (void *) sym_global); + if ((Z_TYPE_PP(sym_global) == IS_ARRAY Z_ARRVAL_PP(sym_global) == EG(symbol_table)) || *sym_global == PS(http_session_vars)) { + return; + } + if (sym_global == NULL sym_track == NULL) { zval *empty_var; @@ -360,7 +364,10 @@ if (PG(register_globals)) { zval **old_symbol; if (zend_hash_find(EG(symbol_table),name,namelen+1,(void *)old_symbol) == SUCCESS) { - + if ((Z_TYPE_PP(old_symbol) == IS_ARRAY Z_ARRVAL_PP(old_symbol) == EG(symbol_table)) || *old_symbol == PS(http_session_vars)) { + return; + } + /* * A global symbol with the same name exists already. That * symbol might have been created by other means (e.g. $_GET). -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
I think this one needs a test.. - Original Message - From: Ilia Alshanetsky [EMAIL PROTECTED] To: php-cvs@lists.php.net Sent: Tuesday, January 09, 2007 3:31 PM Subject: [PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c iliaa Tue Jan 9 15:31:12 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/session session.c Log: Prevent SESSION/GLOBALS overload via session decoding http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.24r2=1.417.2.8.2.25diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.24 php-src/ext/session/session.c:1.417.2.8.2.25 --- php-src/ext/session/session.c:1.417.2.8.2.24 Mon Jan 1 09:36:06 2007 +++ php-src/ext/session/session.c Tue Jan 9 15:31:12 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.417.2.8.2.24 2007/01/01 09:36:06 sebastian Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.25 2007/01/09 15:31:12 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -331,6 +331,10 @@ zend_hash_find(EG(symbol_table), name, namelen + 1, (void *) sym_global); + if ((Z_TYPE_PP(sym_global) == IS_ARRAY Z_ARRVAL_PP(sym_global) == EG(symbol_table)) || *sym_global == PS(http_session_vars)) { + return; + } + if (sym_global == NULL sym_track == NULL) { zval *empty_var; @@ -360,7 +364,10 @@ if (PG(register_globals)) { zval **old_symbol; if (zend_hash_find(EG(symbol_table),name,namelen+1,(void *)old_symbol) == SUCCESS) { - + if ((Z_TYPE_PP(old_symbol) == IS_ARRAY Z_ARRVAL_PP(old_symbol) == EG(symbol_table)) || *old_symbol == PS(http_session_vars)) { + return; + } + /* * A global symbol with the same name exists already. That * symbol might have been created by other means (e.g. $_GET). -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
Feel free to add one ;-) On 9-Jan-07, at 1:13 PM, Nuno Lopes wrote: I think this one needs a test.. - Original Message - From: Ilia Alshanetsky [EMAIL PROTECTED] To: php-cvs@lists.php.net Sent: Tuesday, January 09, 2007 3:31 PM Subject: [PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c iliaa Tue Jan 9 15:31:12 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/session session.c Log: Prevent SESSION/GLOBALS overload via session decoding http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c? r1=1.417.2.8.2.24r2=1.417.2.8.2.25diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.24 php-src/ext/ session/session.c:1.417.2.8.2.25 --- php-src/ext/session/session.c:1.417.2.8.2.24 Mon Jan 1 09:36:06 2007 +++ php-src/ext/session/session.c Tue Jan 9 15:31:12 2007 @@ -17,7 +17,7 @@ + --+ */ -/* $Id: session.c,v 1.417.2.8.2.24 2007/01/01 09:36:06 sebastian Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.25 2007/01/09 15:31:12 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -331,6 +331,10 @@ zend_hash_find(EG(symbol_table), name, namelen + 1, (void *) sym_global); + if ((Z_TYPE_PP(sym_global) == IS_ARRAY Z_ARRVAL_PP (sym_global) == EG(symbol_table)) || *sym_global == PS (http_session_vars)) { + return; + } + if (sym_global == NULL sym_track == NULL) { zval *empty_var; @@ -360,7 +364,10 @@ if (PG(register_globals)) { zval **old_symbol; if (zend_hash_find(EG(symbol_table),name,namelen+1,(void *) old_symbol) == SUCCESS) { - + if ((Z_TYPE_PP(old_symbol) == IS_ARRAY Z_ARRVAL_PP (old_symbol) == EG(symbol_table)) || *old_symbol == PS (http_session_vars)) { + return; + } + /* * A global symbol with the same name exists already. That * symbol might have been created by other means (e.g. $_GET). -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Ilia Alshanetsky -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
dmitry Wed Jan 10 07:04:49 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/sessionsession.c Log: Fixed SIGSEGV http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.25r2=1.417.2.8.2.26diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.25 php-src/ext/session/session.c:1.417.2.8.2.26 --- php-src/ext/session/session.c:1.417.2.8.2.25Tue Jan 9 15:31:12 2007 +++ php-src/ext/session/session.c Wed Jan 10 07:04:49 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.417.2.8.2.25 2007/01/09 15:31:12 iliaa Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.26 2007/01/10 07:04:49 dmitry Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -328,11 +328,10 @@ if (PG(register_globals)) { zval **sym_global = NULL; - zend_hash_find(EG(symbol_table), name, namelen + 1, - (void *) sym_global); - - if ((Z_TYPE_PP(sym_global) == IS_ARRAY Z_ARRVAL_PP(sym_global) == EG(symbol_table)) || *sym_global == PS(http_session_vars)) { - return; + if (zend_hash_find(EG(symbol_table), name, namelen + 1, (void *) sym_global) == SUCCESS) { + if ((Z_TYPE_PP(sym_global) == IS_ARRAY Z_ARRVAL_PP(sym_global) == EG(symbol_table)) || *sym_global == PS(http_session_vars)) { + return; + } } if (sym_global == NULL sym_track == NULL) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
iliaa Sun Dec 31 22:25:55 2006 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/sessionsession.c Log: Added boundary checks to php_binary deserializer http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.22r2=1.417.2.8.2.23diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.22 php-src/ext/session/session.c:1.417.2.8.2.23 --- php-src/ext/session/session.c:1.417.2.8.2.22Tue Dec 26 16:53:47 2006 +++ php-src/ext/session/session.c Sun Dec 31 22:25:55 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.417.2.8.2.22 2006/12/26 16:53:47 iliaa Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.23 2006/12/31 22:25:55 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -471,6 +471,11 @@ for (p = val; p endptr; ) { zval **tmp; namelen = *p (~PS_BIN_UNDEF); + + if (namelen PS_BIN_MAX || (p + namelen) = endptr) { + return FAILURE; + } + has_value = *p PS_BIN_UNDEF ? 0 : 1; name = estrndup(p + 1, namelen); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
iliaa Tue Dec 26 16:53:47 2006 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/sessionsession.c Log: Session deserializer protection. http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.21r2=1.417.2.8.2.22diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.21 php-src/ext/session/session.c:1.417.2.8.2.22 --- php-src/ext/session/session.c:1.417.2.8.2.21Wed Dec 20 19:31:28 2006 +++ php-src/ext/session/session.c Tue Dec 26 16:53:47 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.417.2.8.2.21 2006/12/20 19:31:28 tony2001 Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.22 2006/12/26 16:53:47 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -465,34 +465,33 @@ int namelen; int has_value; php_unserialize_data_t var_hash; - int globals_on = PG(register_globals); - int longarrays_on = PG(register_long_arrays); PHP_VAR_UNSERIALIZE_INIT(var_hash); for (p = val; p endptr; ) { + zval **tmp; namelen = *p (~PS_BIN_UNDEF); has_value = *p PS_BIN_UNDEF ? 0 : 1; name = estrndup(p + 1, namelen); - + p += namelen + 1; - if (globals_on namelen == sizeof(_SESSION)-1 !memcmp(name, _SESSION, sizeof(_SESSION) - 1)) { - /* _SESSION hijack attempt */ - } else if (globals_on namelen == sizeof(GLOBALS)-1 !memcmp(name, GLOBALS, sizeof(GLOBALS) - 1)) { - /* _GLOBALS hijack attempt */ - } else if (globals_on longarrays_on namelen == sizeof(HTTP_SESSION_VARS)-1 !memcmp(name, HTTP_SESSION_VARS, sizeof(HTTP_SESSION_VARS)-1)) { - /* HTTP_SESSION_VARS hijack attempt */ - } else { - if (has_value) { - ALLOC_INIT_ZVAL(current); - if (php_var_unserialize(current, (const unsigned char **) p, (const unsigned char *) endptr, var_hash TSRMLS_CC)) { - php_set_session_var(name, namelen, current, var_hash TSRMLS_CC); - } - zval_ptr_dtor(current); + + if (zend_hash_find(EG(symbol_table), name, namelen + 1, (void **) tmp) == SUCCESS) { + if ((Z_TYPE_PP(tmp) == IS_ARRAY Z_ARRVAL_PP(tmp) == EG(symbol_table)) || *tmp == PS(http_session_vars)) { + efree(name); + continue; } - PS_ADD_VARL(name, namelen); } + + if (has_value) { + ALLOC_INIT_ZVAL(current); + if (php_var_unserialize(current, (const unsigned char **) p, (const unsigned char *) endptr, var_hash TSRMLS_CC)) { + php_set_session_var(name, namelen, current, var_hash TSRMLS_CC); + } + zval_ptr_dtor(current); + } + PS_ADD_VARL(name, namelen); efree(name); } @@ -544,14 +543,13 @@ int namelen; int has_value; php_unserialize_data_t var_hash; - int globals_on = PG(register_globals); - int longarrays_on = PG(register_long_arrays); PHP_VAR_UNSERIALIZE_INIT(var_hash); p = val; while (p endptr) { + zval **tmp; q = p; while (*q != PS_DELIMITER) if (++q = endptr) goto break_outer_loop; @@ -566,25 +564,23 @@ namelen = q - p; name = estrndup(p, namelen); q++; - - if (globals_on namelen == sizeof(_SESSION)-1 !memcmp(name, _SESSION, sizeof(_SESSION) - 1)) { - /* _SESSION hijack attempt */ - } else if (globals_on namelen == sizeof(GLOBALS)-1 !memcmp(name, GLOBALS, sizeof(GLOBALS) - 1)) { - /* GLOBALS hijack attempt */ - } else if (globals_on longarrays_on namelen == sizeof(HTTP_SESSION_VARS)-1 !memcmp(name, HTTP_SESSION_VARS, sizeof(HTTP_SESSION_VARS)-1)) { - /* HTTP_SESSION_VARS hijack attempt */ - } else { - if (has_value) { - ALLOC_INIT_ZVAL(current); - if (php_var_unserialize(current, (const unsigned char **) q, (const unsigned char *) endptr, var_hash TSRMLS_CC)) { - php_set_session_var(name, namelen, current, var_hash TSRMLS_CC); - } - zval_ptr_dtor(current); + +
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
tony2001Wed Dec 20 19:31:28 2006 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/sessionsession.c Log: protect _SESSION, HTTP_SESSION_VARS and GLOBALS maintain an internal reference of _SESSION, so that it won't be possible to destroy it from userspace http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.20r2=1.417.2.8.2.21diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.20 php-src/ext/session/session.c:1.417.2.8.2.21 --- php-src/ext/session/session.c:1.417.2.8.2.20Mon Dec 4 15:58:48 2006 +++ php-src/ext/session/session.c Wed Dec 20 19:31:28 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.417.2.8.2.20 2006/12/04 15:58:48 tony2001 Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.21 2006/12/20 19:31:28 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -465,6 +465,8 @@ int namelen; int has_value; php_unserialize_data_t var_hash; + int globals_on = PG(register_globals); + int longarrays_on = PG(register_long_arrays); PHP_VAR_UNSERIALIZE_INIT(var_hash); @@ -475,15 +477,22 @@ name = estrndup(p + 1, namelen); p += namelen + 1; - - if (has_value) { - ALLOC_INIT_ZVAL(current); - if (php_var_unserialize(current, (const unsigned char **) p, (const unsigned char *) endptr, var_hash TSRMLS_CC)) { - php_set_session_var(name, namelen, current, var_hash TSRMLS_CC); + if (globals_on namelen == sizeof(_SESSION)-1 !memcmp(name, _SESSION, sizeof(_SESSION) - 1)) { + /* _SESSION hijack attempt */ + } else if (globals_on namelen == sizeof(GLOBALS)-1 !memcmp(name, GLOBALS, sizeof(GLOBALS) - 1)) { + /* _GLOBALS hijack attempt */ + } else if (globals_on longarrays_on namelen == sizeof(HTTP_SESSION_VARS)-1 !memcmp(name, HTTP_SESSION_VARS, sizeof(HTTP_SESSION_VARS)-1)) { + /* HTTP_SESSION_VARS hijack attempt */ + } else { + if (has_value) { + ALLOC_INIT_ZVAL(current); + if (php_var_unserialize(current, (const unsigned char **) p, (const unsigned char *) endptr, var_hash TSRMLS_CC)) { + php_set_session_var(name, namelen, current, var_hash TSRMLS_CC); + } + zval_ptr_dtor(current); } - zval_ptr_dtor(current); + PS_ADD_VARL(name, namelen); } - PS_ADD_VARL(name, namelen); efree(name); } @@ -535,6 +544,8 @@ int namelen; int has_value; php_unserialize_data_t var_hash; + int globals_on = PG(register_globals); + int longarrays_on = PG(register_long_arrays); PHP_VAR_UNSERIALIZE_INIT(var_hash); @@ -556,14 +567,22 @@ name = estrndup(p, namelen); q++; - if (has_value) { - ALLOC_INIT_ZVAL(current); - if (php_var_unserialize(current, (const unsigned char **) q, (const unsigned char *) endptr, var_hash TSRMLS_CC)) { - php_set_session_var(name, namelen, current, var_hash TSRMLS_CC); + if (globals_on namelen == sizeof(_SESSION)-1 !memcmp(name, _SESSION, sizeof(_SESSION) - 1)) { + /* _SESSION hijack attempt */ + } else if (globals_on namelen == sizeof(GLOBALS)-1 !memcmp(name, GLOBALS, sizeof(GLOBALS) - 1)) { + /* GLOBALS hijack attempt */ + } else if (globals_on longarrays_on namelen == sizeof(HTTP_SESSION_VARS)-1 !memcmp(name, HTTP_SESSION_VARS, sizeof(HTTP_SESSION_VARS)-1)) { + /* HTTP_SESSION_VARS hijack attempt */ + } else { + if (has_value) { + ALLOC_INIT_ZVAL(current); + if (php_var_unserialize(current, (const unsigned char **) q, (const unsigned char *) endptr, var_hash TSRMLS_CC)) { + php_set_session_var(name, namelen, current, var_hash TSRMLS_CC); + } + zval_ptr_dtor(current); } - zval_ptr_dtor(current); + PS_ADD_VARL(name, namelen); } - PS_ADD_VARL(name, namelen); efree(name); p = q; @@ -583,16 +602,20 @@
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c /main main.c
tony2001Mon Dec 4 15:58:48 2006 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/sessionsession.c /php-src/main main.c Log: MFH: fix retval type http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.19r2=1.417.2.8.2.20diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.19 php-src/ext/session/session.c:1.417.2.8.2.20 --- php-src/ext/session/session.c:1.417.2.8.2.19Mon Dec 4 15:19:26 2006 +++ php-src/ext/session/session.c Mon Dec 4 15:58:48 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.417.2.8.2.19 2006/12/04 15:19:26 iliaa Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.20 2006/12/04 15:58:48 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -276,7 +276,7 @@ static void php_rinit_session_globals(TSRMLS_D); static void php_rshutdown_session_globals(TSRMLS_D); -static zend_bool php_session_destroy(TSRMLS_D); +static int php_session_destroy(TSRMLS_D); zend_module_entry session_module_entry = { STANDARD_MODULE_HEADER, @@ -1304,9 +1304,9 @@ } } -static zend_bool php_session_destroy(TSRMLS_D) +static int php_session_destroy(TSRMLS_D) { - zend_bool retval = SUCCESS; + int retval = SUCCESS; if (PS(session_status) != php_session_active) { php_error_docref(NULL TSRMLS_CC, E_WARNING, Trying to destroy uninitialized session); http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.640.2.23.2.19r2=1.640.2.23.2.20diff_format=u Index: php-src/main/main.c diff -u php-src/main/main.c:1.640.2.23.2.19 php-src/main/main.c:1.640.2.23.2.20 --- php-src/main/main.c:1.640.2.23.2.19 Thu Nov 23 08:37:21 2006 +++ php-src/main/main.c Mon Dec 4 15:58:48 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: main.c,v 1.640.2.23.2.19 2006/11/23 08:37:21 dmitry Exp $ */ +/* $Id: main.c,v 1.640.2.23.2.20 2006/12/04 15:58:48 tony2001 Exp $ */ /* {{{ includes */ @@ -1893,7 +1893,7 @@ PHPAPI int php_lint_script(zend_file_handle *file TSRMLS_DC) { zend_op_array *op_array; - zend_bool retval = FAILURE; + int retval = FAILURE; zend_try { op_array = zend_compile_file(file, ZEND_INCLUDE TSRMLS_CC); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
iliaa Fri Dec 1 00:27:20 2006 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/sessionsession.c Log: Disallow \0 chars inside session.save_path http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.17r2=1.417.2.8.2.18diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.17 php-src/ext/session/session.c:1.417.2.8.2.18 --- php-src/ext/session/session.c:1.417.2.8.2.17Fri Nov 3 14:46:48 2006 +++ php-src/ext/session/session.c Fri Dec 1 00:27:20 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.417.2.8.2.17 2006/11/03 14:46:48 bjori Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.18 2006/12/01 00:27:20 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -153,6 +153,10 @@ if (stage == PHP_INI_STAGE_RUNTIME) { char *p; + if (memchr(new_value, '\0', new_value_length) != NULL) { + return FAILURE; + } + if ((p = zend_memrchr(new_value, ';', new_value_length))) { p++; } else { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
tony2001Wed Aug 30 15:43:10 2006 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/sessionsession.c Log: MFH: change E_ERROR to E_WARNING when invalid argument has been passed make sure ini_set() doesn't reset PS(mod) and PS(serializer) to invalid values http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.12r2=1.417.2.8.2.13diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.12 php-src/ext/session/session.c:1.417.2.8.2.13 --- php-src/ext/session/session.c:1.417.2.8.2.12Thu Aug 10 21:10:03 2006 +++ php-src/ext/session/session.c Wed Aug 30 15:43:10 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.417.2.8.2.12 2006/08/10 21:10:03 iliaa Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.13 2006/08/30 15:43:10 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -95,13 +95,16 @@ static PHP_INI_MH(OnUpdateSaveHandler) { + ps_module *tmp; SESSION_CHECK_ACTIVE_STATE; - PS(mod) = _php_find_ps_module(new_value TSRMLS_CC); + tmp = _php_find_ps_module(new_value TSRMLS_CC); - if (PG(modules_activated) !PS(mod)) { - php_error_docref(NULL TSRMLS_CC, E_ERROR, Cannot find save handler %s, new_value); + if (PG(modules_activated) !tmp) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Cannot find save handler %s, new_value); + return FAILURE; } + PS(mod) = tmp; return SUCCESS; } @@ -121,13 +124,16 @@ static PHP_INI_MH(OnUpdateSerializer) { + const ps_serializer *tmp; SESSION_CHECK_ACTIVE_STATE; - PS(serializer) = _php_find_ps_serializer(new_value TSRMLS_CC); + tmp = _php_find_ps_serializer(new_value TSRMLS_CC); - if (PG(modules_activated) !PS(serializer)) { + if (PG(modules_activated) !tmp) { php_error_docref(NULL TSRMLS_CC, E_ERROR, Cannot find serialization handler %s, new_value); + return FAILURE; } + PS(serializer) = tmp; return SUCCESS; } @@ -1395,8 +1401,9 @@ if (ac == 1) { convert_to_string_ex(p_name); if (!_php_find_ps_module(Z_STRVAL_PP(p_name) TSRMLS_CC)) { - php_error_docref(NULL TSRMLS_CC, E_ERROR, Cannot find named PHP session module (%s), + php_error_docref(NULL TSRMLS_CC, E_WARNING, Cannot find named PHP session module (%s), Z_STRVAL_PP(p_name)); + zval_dtor(return_value); RETURN_FALSE; } if (PS(mod_data)) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
tony2001Wed Aug 30 16:24:40 2006 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/sessionsession.c Log: change ini handlers to produce E_ERROR if they are called during startup http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.13r2=1.417.2.8.2.14diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.13 php-src/ext/session/session.c:1.417.2.8.2.14 --- php-src/ext/session/session.c:1.417.2.8.2.13Wed Aug 30 15:43:10 2006 +++ php-src/ext/session/session.c Wed Aug 30 16:24:40 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.417.2.8.2.13 2006/08/30 15:43:10 tony2001 Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.14 2006/08/30 16:24:40 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -101,7 +101,13 @@ tmp = _php_find_ps_module(new_value TSRMLS_CC); if (PG(modules_activated) !tmp) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, Cannot find save handler %s, new_value); + int err_type; + if (stage == ZEND_INI_STAGE_RUNTIME) { + err_type = E_WARNING; + } else { + err_type = E_ERROR; + } + php_error_docref(NULL TSRMLS_CC, err_type, Cannot find save handler %s, new_value); return FAILURE; } PS(mod) = tmp; @@ -130,7 +136,13 @@ tmp = _php_find_ps_serializer(new_value TSRMLS_CC); if (PG(modules_activated) !tmp) { - php_error_docref(NULL TSRMLS_CC, E_ERROR, Cannot find serialization handler %s, new_value); + int err_type; + if (stage == ZEND_INI_STAGE_RUNTIME) { + err_type = E_WARNING; + } else { + err_type = E_ERROR; + } + php_error_docref(NULL TSRMLS_CC, err_type, Cannot find serialization handler %s, new_value); return FAILURE; } PS(serializer) = tmp; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
iliaa Thu Aug 10 21:10:03 2006 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/sessionsession.c Log: Fixed proto http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.11r2=1.417.2.8.2.12diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.11 php-src/ext/session/session.c:1.417.2.8.2.12 --- php-src/ext/session/session.c:1.417.2.8.2.11Thu Aug 10 13:50:56 2006 +++ php-src/ext/session/session.c Thu Aug 10 21:10:03 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.417.2.8.2.11 2006/08/10 13:50:56 iliaa Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.12 2006/08/10 21:10:03 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1298,7 +1298,7 @@ } -/* {{{ proto void session_set_cookie_params(int lifetime [, string path [, string domain [, bool secure]]]) +/* {{{ proto void session_set_cookie_params(int lifetime [, string path [, string domain [, bool secure[, bool httponly) Set session cookie parameters */ PHP_FUNCTION(session_set_cookie_params) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
tony2001Tue Aug 1 08:32:08 2006 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/sessionsession.c Log: MFH: fix #38278 (session_cache_expire()'s value does not match phpinfo's session.cache_expire) http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.8r2=1.417.2.8.2.9diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.8 php-src/ext/session/session.c:1.417.2.8.2.9 --- php-src/ext/session/session.c:1.417.2.8.2.8 Thu Jul 27 15:33:16 2006 +++ php-src/ext/session/session.c Tue Aug 1 08:32:07 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.417.2.8.2.8 2006/07/27 15:33:16 iliaa Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.9 2006/08/01 08:32:07 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1553,8 +1553,8 @@ WRONG_PARAM_COUNT; if (ac == 1) { - convert_to_long_ex(p_cache_expire); - PS(cache_expire) = Z_LVAL_PP(p_cache_expire); + convert_to_string_ex(p_cache_expire); + zend_alter_ini_entry(session.cache_expire, sizeof(session.cache_expire), Z_STRVAL_PP(p_cache_expire), Z_STRLEN_PP(p_cache_expire), ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME); } RETVAL_LONG(old); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
iliaa Thu Jul 27 14:05:03 2006 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/sessionsession.c Log: removed debug code http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.5r2=1.417.2.8.2.6diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.5 php-src/ext/session/session.c:1.417.2.8.2.6 --- php-src/ext/session/session.c:1.417.2.8.2.5 Thu Jul 27 14:00:13 2006 +++ php-src/ext/session/session.c Thu Jul 27 14:05:03 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.417.2.8.2.5 2006/07/27 14:00:13 iliaa Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.6 2006/07/27 14:05:03 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -768,7 +768,6 @@ if (!PS(id)) { new_session: PS(id) = PS(mod)-s_create_sid(PS(mod_data), NULL TSRMLS_CC); -php_error_docref(NULL TSRMLS_CC, E_WARNING, Making a new session %s., PS(id)); if (PS(use_cookies)) { PS(send_cookie) = 1; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
iliaa Thu Jul 27 14:13:30 2006 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/sessionsession.c Log: make C++ compilers happy http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.6r2=1.417.2.8.2.7diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.6 php-src/ext/session/session.c:1.417.2.8.2.7 --- php-src/ext/session/session.c:1.417.2.8.2.6 Thu Jul 27 14:05:03 2006 +++ php-src/ext/session/session.c Thu Jul 27 14:13:30 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.417.2.8.2.6 2006/07/27 14:05:03 iliaa Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.7 2006/07/27 14:13:30 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -745,7 +745,7 @@ { char *val; int vallen; - zend_bool new = 0; + zend_bool make_new = 0; /* check session name for invalid characters */ if (PS(id) strpbrk(PS(id), \r\n\t '\\\)) { @@ -771,7 +771,7 @@ if (PS(use_cookies)) { PS(send_cookie) = 1; } - new = 1; + make_new = 1; } /* Read data */ @@ -784,7 +784,7 @@ if (PS(mod)-s_read(PS(mod_data), PS(id), val, vallen TSRMLS_CC) == SUCCESS) { php_session_decode(val, vallen TSRMLS_CC); efree(val); - } else if (!new) { + } else if (!make_new) { goto new_session; } } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
mikeWed Jul 12 15:28:44 2006 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/sessionsession.c Log: MFH: add note why replace is 0, so that I don't wonder again in 2 months why session_regenerate_id() sends the session cookie twice http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.2r2=1.417.2.8.2.3diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.2 php-src/ext/session/session.c:1.417.2.8.2.3 --- php-src/ext/session/session.c:1.417.2.8.2.2 Thu Jun 15 18:33:08 2006 +++ php-src/ext/session/session.c Wed Jul 12 15:28:44 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.417.2.8.2.2 2006/06/15 18:33:08 dmitry Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.3 2006/07/12 15:28:44 mike Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1053,6 +1053,8 @@ smart_str_0(ncookie); + /* 'replace' must be 0 here, else a previous Set-Cookie + header, probably sent with setcookie() will be replaced! */ sapi_add_header_ex(ncookie.c, ncookie.len, 0, 0 TSRMLS_CC); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
iliaa Thu Jul 13 00:13:19 2006 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/sessionsession.c Log: Fixed compiler warnings. http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.3r2=1.417.2.8.2.4diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.3 php-src/ext/session/session.c:1.417.2.8.2.4 --- php-src/ext/session/session.c:1.417.2.8.2.3 Wed Jul 12 15:28:44 2006 +++ php-src/ext/session/session.c Thu Jul 13 00:13:19 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.417.2.8.2.3 2006/07/12 15:28:44 mike Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.4 2006/07/13 00:13:19 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -446,7 +446,7 @@ if (has_value) { ALLOC_INIT_ZVAL(current); - if (php_var_unserialize(current, (const unsigned char **) p, endptr, var_hash TSRMLS_CC)) { + if (php_var_unserialize(current, (const unsigned char **) p, (const unsigned char *) endptr, var_hash TSRMLS_CC)) { php_set_session_var(name, namelen, current, var_hash TSRMLS_CC); } zval_ptr_dtor(current); @@ -526,7 +526,7 @@ if (has_value) { ALLOC_INIT_ZVAL(current); - if (php_var_unserialize(current, (const unsigned char **) q, endptr, var_hash TSRMLS_CC)) { + if (php_var_unserialize(current, (const unsigned char **) q, (const unsigned char *) endptr, var_hash TSRMLS_CC)) { php_set_session_var(name, namelen, current, var_hash TSRMLS_CC); } zval_ptr_dtor(current); @@ -616,8 +616,8 @@ int mask; int have; - p = in; - q = in + inlen; + p = (unsigned char *) in; + q = (unsigned char *)in + inlen; w = 0; have = 0; @@ -673,17 +673,17 @@ /* maximum 15+19+19+10 bytes */ sprintf(buf, %.15s%ld%ld%0.8f, remote_addr ? remote_addr : , - tv.tv_sec, tv.tv_usec, php_combined_lcg(TSRMLS_C) * 10); + tv.tv_sec, (long int)tv.tv_usec, php_combined_lcg(TSRMLS_C) * 10); switch (PS(hash_func)) { case PS_HASH_FUNC_MD5: PHP_MD5Init(md5_context); - PHP_MD5Update(md5_context, buf, strlen(buf)); + PHP_MD5Update(md5_context, (unsigned char *) buf, strlen(buf)); digest_len = 16; break; case PS_HASH_FUNC_SHA1: PHP_SHA1Init(sha1_context); - PHP_SHA1Update(sha1_context, buf, strlen(buf)); + PHP_SHA1Update(sha1_context, (unsigned char *) buf, strlen(buf)); digest_len = 20; break; default: @@ -734,7 +734,7 @@ php_error_docref(NULL TSRMLS_CC, E_WARNING, The ini setting hash_bits_per_character is out of range (should be 4, 5, or 6) - using 4 for now); } - j = (int) (bin_to_readable(digest, digest_len, buf, PS(hash_bits_per_character)) - buf); + j = (int) (bin_to_readable((char *)digest, digest_len, buf, PS(hash_bits_per_character)) - buf); if (newlen) *newlen = j; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php