diff options
Diffstat (limited to 'ext/session')
| -rw-r--r-- | ext/session/mod_files.sh | 67 | ||||
| -rw-r--r-- | ext/session/mod_mm.c | 2 | ||||
| -rw-r--r-- | ext/session/session.c | 43 | ||||
| -rw-r--r-- | ext/session/tests/020.phpt | 2 | ||||
| -rw-r--r-- | ext/session/tests/bug50308.phpt | 30 | ||||
| -rw-r--r-- | ext/session/tests/session_name_error.phpt | 100 | ||||
| -rw-r--r-- | ext/session/tests/session_name_variation1.phpt | 12 | ||||
| -rw-r--r-- | ext/session/tests/session_status_disabled.phpt | 2 |
8 files changed, 213 insertions, 45 deletions
diff --git a/ext/session/mod_files.sh b/ext/session/mod_files.sh index 1d2672847..4fc4f20f7 100644 --- a/ext/session/mod_files.sh +++ b/ext/session/mod_files.sh @@ -1,24 +1,65 @@ #! /bin/sh -if test "$2" = ""; then - echo "usage: $0 basedir depth" - exit 1 +if [[ "$2" = "" ]] || [[ "$3" = "" ]]; then + echo "Usage: $0 BASE_DIRECTORY DEPTH HASH_BITS" + echo "BASE_DIRECTORY will be created if it doesn't exist" + echo "DEPTH must be an integer number >0" + echo "HASH_BITS(session.hash_bits_per_charactor) should be one of 4, 5, or 6" + exit 1 fi -if test "$2" = "0"; then - exit 0 +if [[ "$2" = "0" ]] && [[ ! "$4" = "recurse" ]]; then + echo "Can't create a directory tree with depth of 0, exiting." fi +if [[ "$2" = "0" ]]; then + exit 0 +fi + +directory="$1" +depth="$2" +hashbits="$3" + hash_chars="0 1 2 3 4 5 6 7 8 9 a b c d e f" -if test "$3" -a "$3" -ge "5"; then - hash_chars="$hash_chars g h i j k l m n o p q r s t u v" - if test "$3" -eq "6"; then - hash_chars="$hash_chars w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z - ," - fi + +if [[ "$hashbits" -ge "5" ]]; then + hash_chars="$hash_chars g h i j k l m n o p q r s t u v" fi +if [[ "$hashbits" -ge "6" ]]; then + hash_chars="$hash_chars w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z - ," +fi + +while [[ -d $directory ]] && [[ $( ls $directory ) ]]; do + echo "Directory $directory is not empty! What would you like to do?" + + options="\"Delete directory contents\" \"Choose another directory\" \"Quit\"" + eval set $options + select opt in "$@"; do + + if [[ $opt = "Delete directory contents" ]]; then + echo "Deleting $directory contents... " + rm -rf $directory/* + elif [[ $opt = "Choose another directory" ]]; then + echo "Which directory would you like to choose?" + read directory + elif [[ $opt = "Quit" ]]; then + exit 0 + fi + + break; + done +done + +if [[ ! -d $directory ]]; then + mkdir -p $directory +fi + + +echo "Creating session path in $directory with a depth of $depth for session.hash_bits_per_character = $hashbits" + for i in $hash_chars; do - newpath="$1/$i" - mkdir $newpath || exit 1 - sh $0 $newpath `expr $2 - 1` $3 + newpath="$directory/$i" + mkdir $newpath || exit 1 + sh $0 $newpath `expr $depth - 1` $hashbits recurse done diff --git a/ext/session/mod_mm.c b/ext/session/mod_mm.c index e5406d0bc..e0d16d192 100644 --- a/ext/session/mod_mm.c +++ b/ext/session/mod_mm.c @@ -271,6 +271,8 @@ PHP_MINIT_FUNCTION(ps_mm) } if (!(euid_len = slprintf(euid, sizeof(euid), "%d", geteuid()))) { + free(ps_mm_instance); + ps_mm_instance = NULL; return FAILURE; } diff --git a/ext/session/session.c b/ext/session/session.c index a3be9a78c..e699cb9b5 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -281,7 +281,7 @@ PHPAPI char *php_session_create_id(PS_CREATE_SID_ARGS) /* {{{ */ PHP_MD5_CTX md5_context; PHP_SHA1_CTX sha1_context; #if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH) - void *hash_context; + void *hash_context = NULL; #endif unsigned char *digest; int digest_len; @@ -341,7 +341,7 @@ PHPAPI char *php_session_create_id(PS_CREATE_SID_ARGS) /* {{{ */ unsigned char rbuf[2048]; size_t toread = PS(entropy_length); - if (php_win32_get_random_bytes(rbuf, (size_t) toread) == SUCCESS){ + if (php_win32_get_random_bytes(rbuf, MIN(toread, sizeof(rbuf))) == SUCCESS){ switch (PS(hash_func)) { case PS_HASH_FUNC_MD5: @@ -615,6 +615,31 @@ static PHP_INI_MH(OnUpdateSaveDir) /* {{{ */ } /* }}} */ +static PHP_INI_MH(OnUpdateName) /* {{{ */ +{ + /* Numeric session.name won't work at all */ + if (PG(modules_activated) && + (!new_value_length || is_numeric_string(new_value, new_value_length, NULL, NULL, 0))) { + int err_type; + + if (stage == ZEND_INI_STAGE_RUNTIME) { + err_type = E_WARNING; + } else { + err_type = E_ERROR; + } + + /* Do not output error when restoring ini options. */ + if (stage != ZEND_INI_STAGE_DEACTIVATE) { + php_error_docref(NULL TSRMLS_CC, err_type, "session.name cannot be a numeric or empty '%s'", new_value); + } + return FAILURE; + } + + OnUpdateStringUnempty(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); + return SUCCESS; +} +/* }}} */ + static PHP_INI_MH(OnUpdateHashFunc) /* {{{ */ { long val; @@ -706,9 +731,9 @@ static ZEND_INI_MH(OnUpdateSmartStr) /* {{{ */ */ PHP_INI_BEGIN() STD_PHP_INI_ENTRY("session.save_path", "", PHP_INI_ALL, OnUpdateSaveDir,save_path, php_ps_globals, ps_globals) - STD_PHP_INI_ENTRY("session.name", "PHPSESSID", PHP_INI_ALL, OnUpdateString, session_name, php_ps_globals, ps_globals) + STD_PHP_INI_ENTRY("session.name", "PHPSESSID", PHP_INI_ALL, OnUpdateName, session_name, php_ps_globals, ps_globals) PHP_INI_ENTRY("session.save_handler", "files", PHP_INI_ALL, OnUpdateSaveHandler) - STD_PHP_INI_BOOLEAN("session.auto_start", "0", PHP_INI_ALL, OnUpdateBool, auto_start, php_ps_globals, ps_globals) + STD_PHP_INI_BOOLEAN("session.auto_start", "0", PHP_INI_PERDIR, OnUpdateBool, auto_start, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.gc_probability", "1", PHP_INI_ALL, OnUpdateLong, gc_probability, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.gc_divisor", "100", PHP_INI_ALL, OnUpdateLong, gc_divisor, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.gc_maxlifetime", "1440", PHP_INI_ALL, OnUpdateLong, gc_maxlifetime, php_ps_globals, ps_globals) @@ -1027,7 +1052,7 @@ static inline void strcpy_gmt(char *ubuf, time_t *when) /* {{{ */ res = php_gmtime_r(when, &tm); if (!res) { - buf[0] = '\0'; + ubuf[0] = '\0'; return; } @@ -2221,6 +2246,12 @@ static PHP_MSHUTDOWN_FUNCTION(session) /* {{{ */ PHP_MSHUTDOWN(ps_mm) (SHUTDOWN_FUNC_ARGS_PASSTHRU); #endif + /* reset rfc1867 callbacks */ + php_session_rfc1867_orig_callback = NULL; + if (php_rfc1867_callback == php_session_rfc1867_callback) { + php_rfc1867_callback = NULL; + } + ps_serializers[PREDEFINED_SERIALIZERS].name = NULL; memset(&ps_modules[PREDEFINED_MODULES], 0, (MAX_MODULES-PREDEFINED_MODULES)*sizeof(ps_module *)); @@ -2363,7 +2394,7 @@ static void php_session_rfc1867_update(php_session_rfc1867_progress *progress, i php_session_initialize(TSRMLS_C); PS(session_status) = php_session_active; IF_SESSION_VARS() { - progress->cancel_upload = php_check_cancel_upload(progress TSRMLS_CC); + progress->cancel_upload |= php_check_cancel_upload(progress TSRMLS_CC); ZEND_SET_SYMBOL_WITH_LENGTH(Z_ARRVAL_P(PS(http_session_vars)), progress->key.c, progress->key.len+1, progress->data, 2, 0); } php_session_flush(TSRMLS_C); diff --git a/ext/session/tests/020.phpt b/ext/session/tests/020.phpt index f43bac5d1..014112982 100644 --- a/ext/session/tests/020.phpt +++ b/ext/session/tests/020.phpt @@ -1,5 +1,5 @@ --TEST-- -rewriter uses arg_seperator.output for modifying URLs +rewriter uses arg_separator.output for modifying URLs --SKIPIF-- <?php include('skipif.inc'); ?> --INI-- diff --git a/ext/session/tests/bug50308.phpt b/ext/session/tests/bug50308.phpt new file mode 100644 index 000000000..110277ce3 --- /dev/null +++ b/ext/session/tests/bug50308.phpt @@ -0,0 +1,30 @@ +--TEST-- +Bug #50308 (session id not appended properly for empty anchor tags) +--SKIPIF-- +<?php include('skipif.inc'); ?> +--INI-- +session.name=PHPSESSID +session.save_handler=files +session.use_trans_sid=1 +session.use_only_cookies=0 +--FILE-- +<?php +@session_start(); +?> +<a href=""/> +<a href="" /> +<a href="foo"/> +<a href="foo" /> +<a href=foo/> +<a href=/> +<a href=?foo=bar/> +<a href="?foo=bar"/> +--EXPECTF-- +<a href="?PHPSESSID=%s"/> +<a href="?PHPSESSID=%s" /> +<a href="foo?PHPSESSID=%s"/> +<a href="foo?PHPSESSID=%s" /> +<a href=foo/?PHPSESSID=%s> +<a href=/?PHPSESSID=%s> +<a href=?foo=bar/&PHPSESSID=%s> +<a href="?foo=bar&PHPSESSID=%s"/> diff --git a/ext/session/tests/session_name_error.phpt b/ext/session/tests/session_name_error.phpt index 2ed10d92a..1b99d4ea3 100644 --- a/ext/session/tests/session_name_error.phpt +++ b/ext/session/tests/session_name_error.phpt @@ -86,7 +86,7 @@ $inputs = array( $iterator = 1; foreach($inputs as $input) { echo "\n-- Iteration $iterator --\n"; - var_dump(session_name($input)); + var_dump($input, session_name($input)); $iterator++; }; @@ -98,77 +98,139 @@ ob_end_flush(); *** Testing session_name() : error functionality *** -- Iteration 1 -- + +Warning: session_name(): session.name cannot be a numeric or empty '0' in %s on line %d +int(0) string(9) "PHPSESSID" -- Iteration 2 -- -string(1) "0" + +Warning: session_name(): session.name cannot be a numeric or empty '1' in %s on line %d +int(1) +string(9) "PHPSESSID" -- Iteration 3 -- -string(1) "1" + +Warning: session_name(): session.name cannot be a numeric or empty '12345' in %s on line %d +int(12345) +string(9) "PHPSESSID" -- Iteration 4 -- -string(5) "12345" + +Warning: session_name(): session.name cannot be a numeric or empty '-2345' in %s on line %d +int(-2345) +string(9) "PHPSESSID" -- Iteration 5 -- -string(5) "-2345" + +Warning: session_name(): session.name cannot be a numeric or empty '10.5' in %s on line %d +float(10.5) +string(9) "PHPSESSID" -- Iteration 6 -- -string(4) "10.5" + +Warning: session_name(): session.name cannot be a numeric or empty '-10.5' in %s on line %d +float(-10.5) +string(9) "PHPSESSID" -- Iteration 7 -- -string(5) "-10.5" + +Warning: session_name(): session.name cannot be a numeric or empty '123456789000' in %s on line %d +float(123456789000) +string(9) "PHPSESSID" -- Iteration 8 -- -string(12) "123456789000" + +Warning: session_name(): session.name cannot be a numeric or empty '1.23456789E-9' in %s on line %d +float(1.23456789E-9) +string(9) "PHPSESSID" -- Iteration 9 -- -string(13) "1.23456789E-9" + +Warning: session_name(): session.name cannot be a numeric or empty '0.5' in %s on line %d +float(0.5) +string(9) "PHPSESSID" -- Iteration 10 -- -string(3) "0.5" + +Warning: session_name(): session.name cannot be a numeric or empty '' in %s on line %d +NULL +string(9) "PHPSESSID" -- Iteration 11 -- -string(0) "" + +Warning: session_name(): session.name cannot be a numeric or empty '' in %s on line %d +NULL +string(9) "PHPSESSID" -- Iteration 12 -- -string(0) "" + +Warning: session_name(): session.name cannot be a numeric or empty '1' in %s on line %d +bool(true) +string(9) "PHPSESSID" -- Iteration 13 -- -string(1) "1" + +Warning: session_name(): session.name cannot be a numeric or empty '' in %s on line %d +bool(false) +string(9) "PHPSESSID" -- Iteration 14 -- -string(0) "" + +Warning: session_name(): session.name cannot be a numeric or empty '1' in %s on line %d +bool(true) +string(9) "PHPSESSID" -- Iteration 15 -- -string(1) "1" + +Warning: session_name(): session.name cannot be a numeric or empty '' in %s on line %d +bool(false) +string(9) "PHPSESSID" -- Iteration 16 -- + +Warning: session_name(): session.name cannot be a numeric or empty '' in %s on line %d string(0) "" +string(9) "PHPSESSID" -- Iteration 17 -- + +Warning: session_name(): session.name cannot be a numeric or empty '' in %s on line %d string(0) "" +string(9) "PHPSESSID" -- Iteration 18 -- -string(0) "" +string(7) "Nothing" +string(9) "PHPSESSID" -- Iteration 19 -- string(7) "Nothing" +string(7) "Nothing" -- Iteration 20 -- +string(12) "Hello World!" string(7) "Nothing" -- Iteration 21 -- +object(classA)#1 (0) { +} string(12) "Hello World!" -- Iteration 22 -- + +Warning: session_name(): session.name cannot be a numeric or empty '' in %s on line %d +NULL string(12) "Hello World!" -- Iteration 23 -- -string(0) "" + +Warning: session_name(): session.name cannot be a numeric or empty '' in %s on line %d +NULL +string(12) "Hello World!" -- Iteration 24 -- Warning: session_name() expects parameter 1 to be string, resource given in %s on line %d +resource(5) of type (stream) NULL -Done - +Done
\ No newline at end of file diff --git a/ext/session/tests/session_name_variation1.phpt b/ext/session/tests/session_name_variation1.phpt index 16d6ad462..b0de3ee36 100644 --- a/ext/session/tests/session_name_variation1.phpt +++ b/ext/session/tests/session_name_variation1.phpt @@ -43,18 +43,20 @@ ob_end_flush(); *** Testing session_name() : variation *** string(9) "PHPSESSID" bool(true) -string(0) "" +string(9) "PHPSESSID" bool(true) -string(0) "" -string(0) "" +string(9) "PHPSESSID" +string(9) "PHPSESSID" bool(true) string(1) " " bool(true) string(1) " " + +Warning: session_name(): session.name cannot be a numeric or empty '' in %s on line %d string(1) " " bool(true) -string(0) "" +string(1) " " bool(true) -string(0) "" +string(1) " " Done diff --git a/ext/session/tests/session_status_disabled.phpt b/ext/session/tests/session_status_disabled.phpt index 24e0ecd7b..c4d1f2192 100644 --- a/ext/session/tests/session_status_disabled.phpt +++ b/ext/session/tests/session_status_disabled.phpt @@ -3,7 +3,7 @@ Test session_status() function : disabled --SKIPIF-- <?php include('skipif.inc'); ?> --INI-- -session.save_handler=non-existant +session.save_handler=non-existent --FILE-- <?php |