diff options
Diffstat (limited to 'ext/session/session.c')
| -rw-r--r-- | ext/session/session.c | 43 |
1 files changed, 37 insertions, 6 deletions
diff --git a/ext/session/session.c b/ext/session/session.c index a3be9a78c..e699cb9b5 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -281,7 +281,7 @@ PHPAPI char *php_session_create_id(PS_CREATE_SID_ARGS) /* {{{ */ PHP_MD5_CTX md5_context; PHP_SHA1_CTX sha1_context; #if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH) - void *hash_context; + void *hash_context = NULL; #endif unsigned char *digest; int digest_len; @@ -341,7 +341,7 @@ PHPAPI char *php_session_create_id(PS_CREATE_SID_ARGS) /* {{{ */ unsigned char rbuf[2048]; size_t toread = PS(entropy_length); - if (php_win32_get_random_bytes(rbuf, (size_t) toread) == SUCCESS){ + if (php_win32_get_random_bytes(rbuf, MIN(toread, sizeof(rbuf))) == SUCCESS){ switch (PS(hash_func)) { case PS_HASH_FUNC_MD5: @@ -615,6 +615,31 @@ static PHP_INI_MH(OnUpdateSaveDir) /* {{{ */ } /* }}} */ +static PHP_INI_MH(OnUpdateName) /* {{{ */ +{ + /* Numeric session.name won't work at all */ + if (PG(modules_activated) && + (!new_value_length || is_numeric_string(new_value, new_value_length, NULL, NULL, 0))) { + int err_type; + + if (stage == ZEND_INI_STAGE_RUNTIME) { + err_type = E_WARNING; + } else { + err_type = E_ERROR; + } + + /* Do not output error when restoring ini options. */ + if (stage != ZEND_INI_STAGE_DEACTIVATE) { + php_error_docref(NULL TSRMLS_CC, err_type, "session.name cannot be a numeric or empty '%s'", new_value); + } + return FAILURE; + } + + OnUpdateStringUnempty(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); + return SUCCESS; +} +/* }}} */ + static PHP_INI_MH(OnUpdateHashFunc) /* {{{ */ { long val; @@ -706,9 +731,9 @@ static ZEND_INI_MH(OnUpdateSmartStr) /* {{{ */ */ PHP_INI_BEGIN() STD_PHP_INI_ENTRY("session.save_path", "", PHP_INI_ALL, OnUpdateSaveDir,save_path, php_ps_globals, ps_globals) - STD_PHP_INI_ENTRY("session.name", "PHPSESSID", PHP_INI_ALL, OnUpdateString, session_name, php_ps_globals, ps_globals) + STD_PHP_INI_ENTRY("session.name", "PHPSESSID", PHP_INI_ALL, OnUpdateName, session_name, php_ps_globals, ps_globals) PHP_INI_ENTRY("session.save_handler", "files", PHP_INI_ALL, OnUpdateSaveHandler) - STD_PHP_INI_BOOLEAN("session.auto_start", "0", PHP_INI_ALL, OnUpdateBool, auto_start, php_ps_globals, ps_globals) + STD_PHP_INI_BOOLEAN("session.auto_start", "0", PHP_INI_PERDIR, OnUpdateBool, auto_start, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.gc_probability", "1", PHP_INI_ALL, OnUpdateLong, gc_probability, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.gc_divisor", "100", PHP_INI_ALL, OnUpdateLong, gc_divisor, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.gc_maxlifetime", "1440", PHP_INI_ALL, OnUpdateLong, gc_maxlifetime, php_ps_globals, ps_globals) @@ -1027,7 +1052,7 @@ static inline void strcpy_gmt(char *ubuf, time_t *when) /* {{{ */ res = php_gmtime_r(when, &tm); if (!res) { - buf[0] = '\0'; + ubuf[0] = '\0'; return; } @@ -2221,6 +2246,12 @@ static PHP_MSHUTDOWN_FUNCTION(session) /* {{{ */ PHP_MSHUTDOWN(ps_mm) (SHUTDOWN_FUNC_ARGS_PASSTHRU); #endif + /* reset rfc1867 callbacks */ + php_session_rfc1867_orig_callback = NULL; + if (php_rfc1867_callback == php_session_rfc1867_callback) { + php_rfc1867_callback = NULL; + } + ps_serializers[PREDEFINED_SERIALIZERS].name = NULL; memset(&ps_modules[PREDEFINED_MODULES], 0, (MAX_MODULES-PREDEFINED_MODULES)*sizeof(ps_module *)); @@ -2363,7 +2394,7 @@ static void php_session_rfc1867_update(php_session_rfc1867_progress *progress, i php_session_initialize(TSRMLS_C); PS(session_status) = php_session_active; IF_SESSION_VARS() { - progress->cancel_upload = php_check_cancel_upload(progress TSRMLS_CC); + progress->cancel_upload |= php_check_cancel_upload(progress TSRMLS_CC); ZEND_SET_SYMBOL_WITH_LENGTH(Z_ARRVAL_P(PS(http_session_vars)), progress->key.c, progress->key.len+1, progress->data, 2, 0); } php_session_flush(TSRMLS_C); |