Fix handling of session user module custom handlers.

According to the documentation, returning TRUE from
user based session handlers should indicate success,
while returning FALSE should indicate failure.

The existing logic relied on casting the return value
to an integer and returning that from the function.
However, the internal handlers use SUCCESS/FAILURE
where SUCCESS == 0, and FAILURE == -1, so the following
behavior map occurs:

  return false; => return 0; => return SUCCESS
  return true; => return 1; => return <undefined>

Since the session API checks against FAILURE,
both boolean responses wind up appearing like "not FAILURE".

This diff reasserts boolean responses to behave as
documented and introduces some special handling
for integer responses of 0 and -1 so that code can be
written for older and newer versions of PHP.
This commit is contained in:
Sara Golemon 2014-05-15 14:00:15 -07:00
parent 5b925824ed
commit 2d9885c8cb
2 changed files with 17 additions and 6 deletions

1
NEWS
View File

@ -12,6 +12,7 @@ PHP NEWS
- Standard:
. Removed call_user_method() and call_user_method_array() functions. (Kalle)
. Fix user session handlers (See rfc:session.user.return-value). (Sara)
- XSL:
. Fixed bug #64776 (The XSLT extension is not thread safe). (Mike)

View File

@ -70,8 +70,18 @@ static zval *ps_call_handler(zval *func, int argc, zval **argv TSRMLS_DC)
#define FINISH \
if (retval) { \
convert_to_long(retval); \
ret = Z_LVAL_P(retval); \
if (Z_TYPE_P(retval) == IS_BOOL) { \
ret = Z_BVAL_P(retval) ? SUCCESS : FAILURE; \
} else if ((Z_TYPE_P(retval) == IS_LONG) && (Z_LVAL_P(retval) == -1)) { \
/* BC for clever users - Deprecate me */ \
ret = FAILURE; \
} else if ((Z_TYPE_P(retval) == IS_LONG) && (Z_LVAL_P(retval) == 0)) { \
/* BC for clever users - Deprecate me */ \
ret = SUCCESS; \
} else { \
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Session callback expects true/false return value"); \
ret = FAILURE; \
} \
zval_ptr_dtor(&retval); \
} \
return ret