mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-01-19 18:24:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

protect http_session_vars from interrupt corruption

Browse Source 
improve save_path check
This commit is contained in:
Stanislav Malyshev 2009-12-04 01:21:32 +00:00
parent 1f8638b1f1
commit 3e6ac4fb6b
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ext/session/session.c
View File

@ -693,11 +693,11 @@ static PHP_INI_MH(OnUpdateSaveDir) /* {{{ */
p = new_value;
}
if (PG(safe_mode) && (!php_checkuid(p, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
if (PG(safe_mode) && *p && (!php_checkuid(p, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
return FAILURE;
}
if (PG(open_basedir) && php_check_open_basedir(p TSRMLS_CC)) {
if (PG(open_basedir) && *p && php_check_open_basedir(p TSRMLS_CC)) {
return FAILURE;
}
}
@ -1882,7 +1882,10 @@ static PHP_FUNCTION(session_unset)
}
IF_SESSION_VARS() {
HashTable *ht = Z_ARRVAL_P(PS(http_session_vars));
HashTable *ht;
SEPARATE_ZVAL_IF_NOT_REF(&PS(http_session_vars));
ht = Z_ARRVAL_P(PS(http_session_vars));
if (PG(register_globals)) {
uint str_len;
@ -1960,7 +1963,10 @@ static PHP_FUNCTION(session_unregister)
return;
}
PS_DEL_VARL(p_name, p_name_len);
IF_SESSION_VARS() {
SEPARATE_ZVAL_IF_NOT_REF(&PS(http_session_vars));
PS_DEL_VARL(Z_STRVAL_PP(p_name), Z_STRLEN_PP(p_name));
}
RETURN_TRUE;
}