Re: [PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
Uh..this changes the behaviour quite dramatically.
See the failing tests now. You'd have to MFH quite a lot more to make it a
proper fix, so please, revert.
--Jani
Kalle Sommer Nielsen kirjoitti:
kalle Wed Aug 6 21:28:39 2008 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/session session.c
Log:
Backport fix for #45406 - Patch by oleg dot grenrus at dynamoid dot com
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.43&r2=1.417.2.8.2.44&diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.43
php-src/ext/session/session.c:1.417.2.8.2.44
--- php-src/ext/session/session.c:1.417.2.8.2.43Wed Jun 11 07:46:43 2008
+++ php-src/ext/session/session.c Wed Aug 6 21:28:38 2008
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: session.c,v 1.417.2.8.2.43 2008/06/11 07:46:43 dmitry Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.44 2008/08/06 21:28:38 kalle Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -1925,6 +1925,21 @@
}
}
+ if (PS(serializer) == NULL) {
+ char *value;
+
+ value = zend_ini_string("session.serialize_handler",
sizeof("session.serialize_handler"), 0);
+ if (value) {
+ PS(serializer) = _php_find_ps_serializer(value
TSRMLS_CC);
+ }
+ }
+
+ if (PS(mod) == NULL || PS(serializer) == NULL) {
+ /* current status is unusable */
+ PS(session_status) = php_session_disabled;
+ return SUCCESS;
+ }
+
if (PS(auto_start)) {
php_session_start(TSRMLS_C);
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
Feel free to add one ;-)
On 9-Jan-07, at 1:13 PM, Nuno Lopes wrote:
I think this one needs a test..
- Original Message - From: "Ilia Alshanetsky" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, January 09, 2007 3:31 PM
Subject: [PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
iliaa Tue Jan 9 15:31:12 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/session session.c
Log:
Prevent SESSION/GLOBALS overload via session decoding
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?
r1=1.417.2.8.2.24&r2=1.417.2.8.2.25&diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.24 php-src/ext/
session/session.c:1.417.2.8.2.25
--- php-src/ext/session/session.c:1.417.2.8.2.24 Mon Jan 1
09:36:06 2007
+++ php-src/ext/session/session.c Tue Jan 9 15:31:12 2007
@@ -17,7 +17,7 @@
+
--+
*/
-/* $Id: session.c,v 1.417.2.8.2.24 2007/01/01 09:36:06 sebastian
Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.25 2007/01/09 15:31:12 iliaa Exp
$ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -331,6 +331,10 @@
zend_hash_find(&EG(symbol_table), name, namelen + 1,
(void *) &sym_global);
+ if ((Z_TYPE_PP(sym_global) == IS_ARRAY && Z_ARRVAL_PP
(sym_global) == &EG(symbol_table)) || *sym_global == PS
(http_session_vars)) {
+ return;
+ }
+
if (sym_global == NULL && sym_track == NULL) {
zval *empty_var;
@@ -360,7 +364,10 @@
if (PG(register_globals)) {
zval **old_symbol;
if (zend_hash_find(&EG(symbol_table),name,namelen+1,(void *)
&old_symbol) == SUCCESS) {
-
+ if ((Z_TYPE_PP(old_symbol) == IS_ARRAY && Z_ARRVAL_PP
(old_symbol) == &EG(symbol_table)) || *old_symbol == PS
(http_session_vars)) {
+ return;
+ }
+
/*
* A global symbol with the same name exists already. That
* symbol might have been created by other means (e.g. $_GET).
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Ilia Alshanetsky
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
I think this one needs a test..
- Original Message -
From: "Ilia Alshanetsky" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, January 09, 2007 3:31 PM
Subject: [PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
iliaa Tue Jan 9 15:31:12 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/session session.c
Log:
Prevent SESSION/GLOBALS overload via session decoding
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.24&r2=1.417.2.8.2.25&diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.24
php-src/ext/session/session.c:1.417.2.8.2.25
--- php-src/ext/session/session.c:1.417.2.8.2.24 Mon Jan 1 09:36:06 2007
+++ php-src/ext/session/session.c Tue Jan 9 15:31:12 2007
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: session.c,v 1.417.2.8.2.24 2007/01/01 09:36:06 sebastian Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.25 2007/01/09 15:31:12 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -331,6 +331,10 @@
zend_hash_find(&EG(symbol_table), name, namelen + 1,
(void *) &sym_global);
+ if ((Z_TYPE_PP(sym_global) == IS_ARRAY && Z_ARRVAL_PP(sym_global) ==
&EG(symbol_table)) || *sym_global == PS(http_session_vars)) {
+ return;
+ }
+
if (sym_global == NULL && sym_track == NULL) {
zval *empty_var;
@@ -360,7 +364,10 @@
if (PG(register_globals)) {
zval **old_symbol;
if (zend_hash_find(&EG(symbol_table),name,namelen+1,(void *)&old_symbol)
== SUCCESS) {
-
+ if ((Z_TYPE_PP(old_symbol) == IS_ARRAY && Z_ARRVAL_PP(old_symbol) ==
&EG(symbol_table)) || *old_symbol == PS(http_session_vars)) {
+ return;
+ }
+
/*
* A global symbol with the same name exists already. That
* symbol might have been created by other means (e.g. $_GET).
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
