mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-12-12 11:23:53 +08:00
Code Issues Packages Projects Releases Wiki Activity
25,100 Commits 503 Branches 1,384 Tags 800 MiB
913f5ce8ec
Commit Graph

556 Commits

Author SHA1 Message Date
Ilia Alshanetsky
242a9a47c7 Fix compiler warning. 2003-01-30 22:37:50 +00:00
Sascha Schumann
330740f7cd Remove ugly netware hacks from the code 2003-01-24 23:57:32 +00:00
Ilia Alshanetsky
3d8e54f3a2 Changed php_error to php_error_docref. 2003-01-19 00:45:53 +00:00
Ilia Alshanetsky
72b356c1bc Removed pointless memory allocation checks. 2003-01-18 19:28:10 +00:00
Sascha Schumann
db8b4c6762 Add INI setting session.hash_bits_per_character which enables developers 
to choose how session ids are represented, regardless of the hash algorithm.
 2003-01-16 07:21:49 +00:00
Sascha Schumann
f2f1f94e36 add INI setting session.hash_function 
add support for creating session ids using SHA-1
source more entropy for session ids
 2003-01-12 13:07:14 +00:00
Sascha Schumann
0b8401bf27 handle ERANGE from strtol properly 2003-01-12 13:05:32 +00:00
Zeev Suraski
ada5c4009e Fix UMR 2003-01-08 13:28:16 +00:00
Anantha Kesari H Y
90ba724072 Modified for NetWare. 2003-01-03 14:24:07 +00:00
Sebastian Bergmann
b506f5c8f8 Bump year. 2002-12-31 16:08:15 +00:00
Ilia Alshanetsky
c731daeda7 Fixed bug #21268 (session_decode() returned FALSE on success). 2002-12-29 18:50:55 +00:00
Marcus Boerger
3cf581b1b3 correct code that is guarded by "#if 0" 2002-12-05 20:41:55 +00:00
Marcus Boerger
9a04528061 fix ZTS build 2002-12-05 20:39:43 +00:00
Marcus Boerger
dcfe988820 php_error -> php_error_docref 2002-12-05 20:13:35 +00:00
Ilia Alshanetsky
9497ba9d49 MFH (test failure if session.serialize_handler is not set to php). 2002-11-25 23:20:05 +00:00
Sascha Schumann
a257d758a5 Add an error message to the ini handlers 2002-11-20 17:15:00 +00:00
Sascha Schumann
e9ed065afc add protective checks to ini updates 
Noticed by: Derick Rethans <d.rethans@jdimedia.nl>
PR: #20284
 2002-11-20 16:06:29 +00:00
John Coggeshall
6ac365896c Modified the experimental new test class to make it easier to port to the 
web. Pushed all echo statements through a function that can be
overwritten, changed the way pass/skip/fail is handled (separate function)
that of course can also be overwritten. To begin testing of a web-based
test script also created a webHarness class which will output HTML. To
use, just $a = new webHarness(); instead of $a = new testHarness(); A few
modifications still must be made to remove the CLI reliance completely.

Also modified a test script description.
 2002-11-01 00:22:02 +00:00
Marcus Boerger
62667ee6a6 -Only accept one single message which is expected. 
-Move error related settings to --INI-- section
#Now see we can do it correct
 2002-10-29 14:03:37 +00:00
Marcus Boerger
b9eda54711 This test requires special settings 
#wait/read next commit on run-test.php
 2002-10-27 23:56:08 +00:00
Ilia Alshanetsky
c88e0fd5de Fixed a bug in the test that would cause it to always fail. 2002-10-25 17:52:32 +00:00
Marcus Boerger
86465058a4 one version for php<4.2.3 and one for php>=4.2.3 2002-10-24 18:18:44 +00:00
Sascha Schumann
e60c601bd1 improved warning message 
# this should really link to an external page which explains the issue deeply
 2002-10-24 10:40:48 +00:00
Derick Rethans
bfc3250187 - Hardcode dependent ini setting 2002-10-13 11:14:49 +00:00
Derick Rethans
db89afc45b - Hardcode setting which affects the test 2002-10-12 17:12:43 +00:00
Derick Rethans
4a54968c71 - hardcode default rewriting tags 2002-10-08 18:30:38 +00:00
Sascha Schumann
8ca10fb5e8 Call ob_flush to force the buffer contents to go through the rewriter. 2002-10-07 10:07:27 +00:00
Sascha Schumann
2dde6fb594 Print out warning only, if a variable was actually migrated 2002-10-07 02:37:50 +00:00
Sebastian Bergmann
d7f9e8526f Silence warning. 2002-10-06 21:47:54 +00:00
Ilia Alshanetsky
6b5575a101 Code cleanup. Thanks Andi. 2002-10-06 17:17:38 +00:00
Sascha Schumann
fb84b3e1d0 remove trans_sid=1 2002-10-03 23:13:36 +00:00
Sascha Schumann
5db24fbb7b 20: rewriter uses arg_seperator.output for modifying URLs 
21: rewriter handles <form> and <fieldset> correctly
 2002-10-03 23:12:16 +00:00
Sascha Schumann
47cc29c9d1 19: serializing references test case using globals 
18: rewriter correctly handles attribute names which contain dashes
 2002-10-03 22:54:15 +00:00
Sascha Schumann
eab0f5965f code from ancient bug #5271 
setting $_SESSION before session_start() should not cause segfault
 2002-10-03 16:55:08 +00:00
Sascha Schumann
3998374a0d invalid session.save_path should not cause a segfault 2002-10-03 16:49:52 +00:00
Sascha Schumann
61e47a342e use_trans_sid should not affect SID 2002-10-03 16:43:44 +00:00
Sascha Schumann
8882b28e60 editing 2002-10-03 16:14:55 +00:00
Sascha Schumann
d661fa4b46 A script should not be able to modify session.use_trans_sid 2002-10-03 15:58:10 +00:00
Sascha Schumann
bb4f911035 There should not be any warning with regard to redefining SID 2002-10-03 15:52:36 +00:00
Sascha Schumann
dba3e4c7ad Registering _SESSION should not segfault. 2002-10-03 15:48:18 +00:00
Sascha Schumann
d4e1ac6c26 Mini test cases for fixed segfaults 2002-10-03 15:39:29 +00:00
Sascha Schumann
5fe046c4c3 session_decode should not segfault 2002-10-03 15:33:00 +00:00
Sascha Schumann
e24247e632 Remove ob_start() 2002-10-03 15:19:55 +00:00
Sascha Schumann
16f54aaca8 Add test for unset($_SESSION["x"]); behaviour 2002-10-03 15:19:43 +00:00
Sascha Schumann
c4adf94fbd make tests work with CLI 2002-10-03 15:11:01 +00:00
Sascha Schumann
7e03310a6a Don't emit warning, if there is nothing to send 2002-10-03 15:10:36 +00:00
Sascha Schumann
114c544b9b Purge ini_set calls and replace through INI sections. 2002-10-03 08:07:21 +00:00
Andi Gutmans
b276a96f4b - Fix ZTS build 2002-10-03 07:23:50 +00:00
Sascha Schumann
13f5db1b67 Make the interpretation of gc_probability configurable by adding 
session.gc_dividend. The probability of running gc on each request is then
gc_probability/gc_dividend.
 2002-10-03 06:45:15 +00:00
Sascha Schumann
be319c721a Reenable E_WARNING and test session.bug_compat_warn in addition. 2002-10-03 06:41:25 +00:00
Sascha Schumann
afb1458910 session_destroy resets the sid, so we need to set it again here 2002-10-03 06:33:19 +00:00
Sascha Schumann
356ea7ffbd Verify PHP 4.2 compatibility: global is used albeit register_globals=0 2002-10-03 06:32:45 +00:00
Sascha Schumann
0ed434a13b Use ZEND_SET_SYMBOL_WITH_LENGTH correctly (hopefully) 
It strikes me as awkward that a Zend API user needs to take care of
doing the engine's reference counting.

This fixes a memory overrun in a testcase.  All ZEND_SET_* calls
should be correct now.
 2002-10-03 06:29:58 +00:00
Sascha Schumann
15b23945ad (track_init) Use is_ref/refcount parameters of SET_SYMBOL macros 
(save_current_state) Prevent a possible deadlock which occurs when
the track vars are inaccessible
 2002-10-03 05:53:45 +00:00
Sascha Schumann
d4ef4079de Verify PHP 4.2 compatibility: unset($c) with enabled register_globals 2002-10-03 05:06:01 +00:00
Sascha Schumann
8a586103fc Align behaviour with 4.2 with regard to register_globals=1 
session_register("c");
unset($c);
$c = time();

If a user unsets a global session variable, it is not a reference
to a $_SESSION slot anymore.

During serialization, PHP 4.2 will not find the respective entry in
$_SESSION and fall back to the global sym table.
 2002-10-03 04:53:05 +00:00
Sascha Schumann
b9077e5a9d Nuke PS(vars), we keep the state of registered session variables now 
completely in PS(http_session_vars). This avoids bugs which are caused
by a lack of synchronization between the two hashes. We also don't need
to worry about prioritizing one of them.

Add session.bug_compat_42 and session.bug_compat_warn which are enabled
by default. The logic behind bug_compat_42:

IF bug_compat_42 is on, and
IF register_globals is off, and
IF any value of $_SESSION["key"] is NULL, and
IF there is a global variable $key, then
$_SESSION["key"] is set to $key.

The extension emits this warning once per script, unless told otherwise.

"Your script possibly relies on a session side-effect which existed until
PHP 4.2.3. Please be advised that the session extension does not consider
global variables as a source of data, unless register_globals is enabled.
You can disable this functionality and this warning by setting
session.bug_compat_42 or session.bug_compat_warn.
 2002-10-03 03:23:02 +00:00
Sascha Schumann
4ea4f294b6 Fix harmless memory leaks and simplify track_vars_init. 2002-10-02 21:51:32 +00:00
Sascha Schumann
e1dd35bddb The pread/pwrite macros check for a bug in the Linux glibc now. 
The bug causes the kernel not to return -1/EAGAIN. The new test case
has been borrowed from the Linux Test Project.

This also fixes a bug which apparently caused HAVE_PREAD/WRITE to be
defined even if the more complex checks failed (ac_cv_func_NAME=no
was set albeit with no difference).
 2002-10-02 06:05:16 +00:00
Sascha Schumann
8b78c78973 Disable pread/pwrite for now until we can clarify why it should be 
impossible to write a check for a broken OS feature.
 2002-10-01 19:19:10 +00:00
Sascha Schumann
856cd5e17a The session extension ensures now that get_session_var can rely 
on the state of $_SESSION/$HTTP_SESSION_VARS. It does not look up
symbols in the global symbol table anymore.

This was achieved by actually planting references between every
$_SESSION["x"] and $x, not only when restoring a session, but also
when registering a session variable (in a register_globals=1 context).

Upon registering a new variable, this memory leak continues to show
up, regardless of register_globals.

ext/session/session.c(272) :  Freeing 0x0818F01C (12 bytes), script=test

Obviously, the newly allocated empty zval is not properly freed.  If anyone
has any idea on how to fix that, please step forward.
 2002-10-01 11:59:45 +00:00
Wez Furlong
7bcc97c82e Add header file required for pread/pwrite (on my system at least). 2002-09-30 10:18:57 +00:00
foobar
5346391d16 ws fix 2002-09-29 19:28:12 +00:00
Ilia Alshanetsky
4c4d5a617b Fixed a crash, which would occur when save_handler is invalid. 2002-09-29 18:33:14 +00:00
Ilia Alshanetsky
2af630f87d Fixed bug #17281 2002-09-29 15:55:11 +00:00
Ilia Alshanetsky
1142e16075 Fixed bugs #16995 and #19392 2002-09-29 15:26:50 +00:00
Ilia Alshanetsky
57c91b571e Fixed bug #11643 2002-09-26 18:12:27 +00:00
foobar
6b8480fab6 Fix bug: #14991 (changing session.use_trans_sid does not work in scripts) 2002-09-26 16:46:21 +00:00
Ilia Alshanetsky
7ae2196852 Fixed bugs #18167 & #16859 2002-09-25 13:26:03 +00:00
Sascha Schumann
03c07308d3 Improve error messages 2002-09-25 12:38:45 +00:00
Sascha Schumann
ff12826fc1 (php_get_session_var) Always return FAILURE if no data source was found. 
Noticed by: Sebastian Bergmann
 2002-09-23 14:04:50 +00:00
Sascha Schumann
e20c6c8e9c Because track vars are always initialized, get_session_var failed 
to work in the register_globals=1 case.

It is now possible again to store session variables in global vars.
 2002-09-21 05:46:32 +00:00
Sascha Schumann
702d7afc3c Reenable pwrite/pread support 
The old checks supposed that pread/pwrite worked, if a declaration was
found in <unistd.h>.  We now actually check whether they work successfully
before using them.
 2002-09-06 10:27:26 +00:00
foobar
3bf7519210 @- Added --disable-all configure option. (Jani) 2002-09-04 18:47:28 +00:00
Dan Kalowsky
e5324723d0 sniper claims its safe to take these out as well. 2002-09-04 13:52:41 +00:00
Dan Kalowsky
65df9d5127 taking out the PWRITE calls too 2002-09-04 13:51:08 +00:00
Dan Kalowsky
31fe6a549f This fixes Bug #19022 and #15983 2002-09-04 13:42:59 +00:00
Zeev Suraski
3b646f0e5d Use mtime instead of atime, as we always update the session file anyway. 2002-08-17 20:32:26 +00:00
Zeev Suraski
900651b7ab Make unset($_SESSION['foo']) actually remove the variable from the session, 
if register_globals is off.
 2002-08-15 21:44:44 +00:00
Dan Kalowsky
26986164b4 Correcting some english in the comment... 2002-08-15 19:32:08 +00:00
Yasuo Ohgaki
13a3dd7b77 Forgot to update source default. 2002-08-14 22:31:39 +00:00
foobar
29aae162e0 ws fix 2002-07-03 02:16:46 +00:00
foobar
087f2be56f - Fixed bug: #17977, session build as shared works now with mm handler too. 
- Added listing of save handlers into phpinfo() output
 2002-06-28 02:27:02 +00:00
Sascha Schumann
dcf67c4433 This option enables administrators to make their users invulnerable to 
attacks which involve passing session ids in URLs.
 2002-06-12 08:18:36 +00:00
Markus Fischer
39f16dbc65 - Tell the user why his session doesn't work if he uses custom session_id()s. 2002-05-30 11:41:37 +00:00
Andrei Zmievski
1668570e4d Changing email address. 2002-05-13 17:28:38 +00:00
Sascha Schumann
38ad391894 - Fix the way code was outcommented 
- Remove unused STR_CAT macro
- Remove limits/tests based on unused macro
- Implement cache_limiter(private) using private_no_expire
 2002-05-12 12:51:42 +00:00
Sander Roobol
375d7960a7 Revert Preston's patch 2002-05-09 20:02:47 +00:00
Preston L. Bannister
9fdec2e345 Change default directory for session data from /tmp (non-portable) to none. 
Default directory for session data (if not specified) is same (platform-specific) directory used for temporary files.
This is backwards compatible and removes the need for explicitly specifying the session.save_path on Win32.
 2002-05-09 19:42:00 +00:00
Thies C. Arntzen
23251ebd1a re-add accidentily nuked session_adapt_url() 2002-05-05 16:39:49 +00:00
Sascha Schumann
9743860d35 simplify handling of variables by maintaining two strings which 
are simply appended instead of traversing the hash table on each
URL/form.

also fix an unconditional segfault in rshutdown due to efree'ing
a static char *.

remove remove_var, add reset_vars.  move the function declarations
into the right header file.
 2002-05-04 18:33:13 +00:00
Sascha Schumann
9517ff0689 Fix --enable-session=shared 2002-05-04 16:48:48 +00:00
Sebastian Bergmann
8193ca7891 Fix ZTS build. 2002-05-03 08:10:43 +00:00
Thies C. Arntzen
9712a4b3c8 @ - Added output_add_rewrite_var() and output_remove_rewrite_var() to inject 
@   and remove variables from the URL-Rewriter. (thies)
i have also modified the session module to use this - so it doesn't
need to fiddle with the output-system any more
 2002-05-03 08:00:41 +00:00
Thies C. Arntzen
42158ef7c8 revert session_set_userdata - diffent patch will come shortly 2002-04-28 11:45:45 +00:00
Thies C. Arntzen
eb105693b8 @ - added session_set_userdata() which enables you to specify one variable 
@   that will be kept in the browser in addition to the session-id. This
@   only works when using trans-sid sessions (no cookie). (thies)
 2002-04-27 14:07:52 +00:00
Sascha Schumann
2b07dd4fe3 three less strlen invocations 2002-04-26 21:27:38 +00:00
Sascha Schumann
1d22766fb1 Add #ifdef.. around F_SETFD. 2002-04-23 19:58:31 +00:00
Sascha Schumann
5a83ad6dc1 Set the close-on-exec flag for fds. Child processes should not inherit 
the fd.

Also rip out the broken O_EXCL use.  Our file names are not unique and
this left a small window open where creating a session file would fail
(a, b notice that the file does not exist; a creates the file successfully;
 b tries to create, but fails due to O_EXCL).
 2002-04-22 20:39:24 +00:00
Yasuo Ohgaki
c1ae59c588 Fixed file include error 2002-04-19 07:55:24 +00:00