mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-12-15 04:45:03 +08:00
Code Issues Packages Projects Releases Wiki Activity
41,025 Commits 503 Branches 1,384 Tags 818 MiB
1b05ce68d7
Commit Graph

702 Commits

Author SHA1 Message Date
Dmitry Stogov
b2638b8297 Fixed memory corruption because of double free() 2008-03-11 09:36:51 +00:00
Felipe Pena
7235c8e5bb Fix test 2008-03-08 23:32:22 +00:00
Gwynne Raskind
3ccb44a951 Fix bug #32330 (session_destroy, "Failed to initialize storage module", custom session handler) 2008-03-07 23:20:15 +00:00
Felipe Pena
a1e8d340c3 New macro for check void parameters 2008-02-28 14:16:25 +00:00
Sebastian Bergmann
9b620d50b4 Bump copyright year, 2 of 2. 2007-12-31 07:12:20 +00:00
Yiduo (David) Wang
95da0dc570 Added macros for managing zval refcounts and is_ref statuses 2007-10-07 05:15:07 +00:00
Dmitry Stogov
8146078f7b Improved memory usage by movig constants to read only memory. (Dmitry, Pierre) 2007-09-27 18:28:44 +00:00
Ilia Alshanetsky
3a802820e8 MFB: Fixed Bug #42596 (session.save_path MODE option does not work). 2007-09-10 23:43:08 +00:00
Jani Taskinen
24c98f8aa3 MFB: Fixed bug #37273 (Symlinks and mod_files session handler allow open_basedir bypass) 2007-08-23 13:38:49 +00:00
Jani Taskinen
197b51e796 MFB: -r1.100.2.3.2.5 2007-08-23 13:09:27 +00:00
Jani Taskinen
af83e1cad2 missing ) 2007-08-23 11:38:56 +00:00
Jani Taskinen
5735862a92 MFB (since Ilia is too lazy..): Fix bug #42135 2007-08-05 13:10:32 +00:00
Stanislav Malyshev
d4cc7daba2 MF5: fix for access control with .htaccess 2007-08-03 01:40:05 +00:00
Stanislav Malyshev
5d0a261394 always check save_path (issue reported by Maksymilian Arciemowicz) 2007-07-10 17:52:32 +00:00
Ilia Alshanetsky
eb72fc8968 MFB: Fixed compiler warning 2007-06-17 14:26:16 +00:00
Stefan Esser
fde56bd858 Fix attribute injection security bug correctly by URL encoding session 
name and session value. (in future maybe encode path/domain, too)

Remove backward compatibility breaking blacklist of characters.
 2007-06-16 07:47:46 +00:00
Stanislav Malyshev
e4e1f60125 MF5: Disallow characters that Cookie RFC does not allow in unquoted cookies 2007-06-15 22:42:43 +00:00
Antony Dovgal
976a22df16 php_gmtime_r() fixes 2007-06-07 08:58:38 +00:00
Ilia Alshanetsky
886cb0c783 MFB: Fixed bug #41600 (url rewriter tags doesn't work with namespaced tags). 2007-06-06 00:01:13 +00:00
Stanislav Malyshev
a66fbe2d5e do not send cookie when session is passed in URL, same as it happens with GET/POST 2007-05-16 01:32:28 +00:00
Antony Dovgal
8d9be0338b fix test names 2007-05-07 16:50:40 +00:00
Antony Dovgal
a8fe87efd3 fix build when ext/hash is compiled as shared module 2007-05-02 10:30:24 +00:00
Antony Dovgal
2c72351711 fix #40998 (long session array keys are truncated) 2007-04-04 19:46:42 +00:00
Antony Dovgal
03a3291262 MFB 2007-03-19 08:24:17 +00:00
Martin Kraemer
e46b1b3747 Typo 2007-03-14 09:49:58 +00:00
Marcus Boerger
20a40063c5 - avoid sprintf 2007-02-24 16:25:58 +00:00
Hannes Magnusson
71a68db63e MFB: fix skipif 2007-01-06 16:57:42 +00:00
Sara Golemon
851a151712 Don't bother with conversion when the converter is already UTF8 2007-01-05 17:29:30 +00:00
Sebastian Bergmann
4e8661438d Fix ZTS issues. 2007-01-05 14:53:30 +00:00
Sara Golemon
5d988bb1aa Allow ext/session to use ext/hash's algorithms for generating IDs 2007-01-05 03:57:57 +00:00
Sara Golemon
344cda1666 Unicode Updates 2007-01-05 02:07:59 +00:00
Ilia Alshanetsky
b21b4c01c3 MFB: Added missing open_basedir checks 2007-01-04 23:50:19 +00:00
Sara Golemon
21bac192e9 Cleanup ext/session so that I can do a unicode update without going insane. 2007-01-04 22:04:38 +00:00
Sebastian Bergmann
3717df72ae Bump year. 2007-01-01 09:29:37 +00:00
Ilia Alshanetsky
15f1692572 MFB: Added boundary checks to php_binary deserializer 2006-12-31 22:26:06 +00:00
Antony Dovgal
9e41e0fda3 fix tests 2006-12-27 19:22:29 +00:00
Ilia Alshanetsky
4386719b07 MFB: Session deserializer protection. 2006-12-26 17:18:28 +00:00
Antony Dovgal
abac61eec7 remove register_globals remains 
maintain an internal reference of _SESSION, so that it won't be possible to destroy it from userspace
 2006-12-20 19:20:59 +00:00
Antony Dovgal
576797c7c1 fix retval type 
it should be int, not zend_bool
 2006-12-04 15:58:35 +00:00
Ilia Alshanetsky
fcaf113b33 MFB: Disallow \0 chars inside session.save_path 2006-12-01 00:27:33 +00:00
Ilia Alshanetsky
b0f8e77d17 Fixed bug #39265 (Fixed path handling inside mod_files.sh) 
# Patch by michal dot taborsky at gmail dot com
 2006-11-03 13:18:19 +00:00
Hannes Magnusson
176b72284c Error message clean up 
(patch by Matt W (php_lists -AT- realpain.com))
 2006-10-08 13:34:24 +00:00
Hannes Magnusson
e531458f89 Remove double "wrong param count" warnings 2006-10-07 22:55:18 +00:00
Ilia Alshanetsky
8786640da8 MFB: Expose session storage module locater and serialization function via 
PHPAPI
 2006-10-06 21:11:57 +00:00
Ilia Alshanetsky
30885c8d99 MFB: Fixed bug #38993 (Fixed safe_mode/open_basedir checks for 
session.save_path, allowing them to account for extra parameters).
 2006-10-01 21:00:00 +00:00
Dmitry Stogov
128548a5c0 Disabled autoconversion of hash keys (from string to unicode) for PHP arrays 2006-09-19 10:38:31 +00:00
Antony Dovgal
103d999dd1 fix typo 2006-08-30 17:57:25 +00:00
Antony Dovgal
1fcfbd873d change ini handlers to produce E_ERROR if they are called during startup or per request 2006-08-30 16:24:31 +00:00
Antony Dovgal
5b79892659 change E_ERROR to E_WARNING when invalid argument has been passed 
make sure ini_set() doesn't reset PS(mod) and PS(serializer) to invalid values
 2006-08-30 15:42:40 +00:00
Antony Dovgal
d3bb8d11f9 fix test 2006-08-11 10:36:07 +00:00