php/archived-frankenphp
1
0
Fork 0
mirror of https://github.com/php/frankenphp.git synced 2026-03-24 00:52:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(worker): reset ini settinfs and session if changed during worker request

Browse Source
This commit is contained in:
Xavier Leune
2026-02-03 16:27:35 +01:00
committed by GitHub
parent 0f410a2e37
commit ad7e4f146d
6 changed files with 738 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
testdata/ini-leak.php vendored Normal file
View File

@@ -0,0 +1,67 @@
<?php
require_once __DIR__.'/_executor.php';
return function () {
$action = $_GET['action'] ?? 'default';
$output = [];
switch ($action) {
case 'change_ini':
// Change several INI values at runtime
$before = ini_get('display_errors');
ini_set('display_errors', '0');
$after = ini_get('display_errors');
$output[] = "display_errors: before=$before, after=$after";
$before = ini_get('max_execution_time');
ini_set('max_execution_time', '999');
$after = ini_get('max_execution_time');
$output[] = "max_execution_time: before=$before, after=$after";
$before = ini_get('precision');
ini_set('precision', '10');
$after = ini_get('precision');
$output[] = "precision: before=$before, after=$after";
$output[] = "INI_CHANGED";
break;
case 'check_ini':
// Check if INI values from previous request leaked
$display_errors = ini_get('display_errors');
$max_execution_time = ini_get('max_execution_time');
$precision = ini_get('precision');
$output[] = "display_errors=$display_errors";
$output[] = "max_execution_time=$max_execution_time";
$output[] = "precision=$precision";
// Check for leaks (values set in previous request)
$leaks = [];
if ($display_errors === '0') {
$leaks[] = "display_errors leaked (expected default, got 0)";
}
if ($max_execution_time === '999') {
$leaks[] = "max_execution_time leaked (expected default, got 999)";
}
if ($precision === '10') {
$leaks[] = "precision leaked (expected default, got 10)";
}
if (empty($leaks)) {
$output[] = "NO_LEAKS";
} else {
$output[] = "LEAKS_DETECTED";
foreach ($leaks as $leak) {
$output[] = "LEAK: $leak";
}
}
break;
default:
$output[] = "UNKNOWN_ACTION";
}
echo implode("\n", $output);
};

115
testdata/session-handler.php vendored Normal file
View File

@@ -0,0 +1,115 @@
<?php
require_once __DIR__.'/_executor.php';
// Custom session handler class
class TestSessionHandler implements SessionHandlerInterface
{
private static array $data = [];
public function open(string $path, string $name): bool
{
return true;
}
public function close(): bool
{
return true;
}
public function read(string $id): string|false
{
return self::$data[$id] ?? '';
}
public function write(string $id, string $data): bool
{
self::$data[$id] = $data;
return true;
}
public function destroy(string $id): bool
{
unset(self::$data[$id]);
return true;
}
public function gc(int $max_lifetime): int|false
{
return 0;
}
}
return function () {
$action = $_GET['action'] ?? 'default';
// Collect output, don't send until end
$output = [];
switch ($action) {
case 'set_handler_and_start':
// Set custom handler and start session
$handler = new TestSessionHandler();
session_set_save_handler($handler, true);
session_id('test-session-id');
session_start();
$_SESSION['value'] = $_GET['value'] ?? 'none';
session_write_close();
$output[] = "HANDLER_SET_AND_STARTED";
$output[] = "session.save_handler=" . ini_get('session.save_handler');
break;
case 'start_without_handler':
// Try to start session without setting handler
// This should use the default handler (files) but in worker mode
// the INI session.save_handler might still be "user" from previous request
$saveHandlerBefore = ini_get('session.save_handler');
$error = null;
$exception = null;
$result = false;
// Capture any errors
set_error_handler(function($errno, $errstr) use (&$error) {
$error = $errstr;
return true;
});
try {
session_id('test-session-id-2');
$result = session_start();
if ($result) {
session_write_close();
}
} catch (Throwable $e) {
$exception = $e->getMessage();
}
restore_error_handler();
// Now output everything
$output[] = "save_handler_before=" . $saveHandlerBefore;
$output[] = "SESSION_START_RESULT=" . ($result ? "true" : "false");
if ($error) {
$output[] = "ERROR:" . $error;
}
if ($exception) {
$output[] = "EXCEPTION:" . $exception;
}
break;
case 'just_start':
// Simple session start without any custom handler
// This should always work
session_id('test-session-id-3');
session_start();
$_SESSION['test'] = 'value';
session_write_close();
$output[] = "SESSION_STARTED_OK";
break;
default:
$output[] = "UNKNOWN_ACTION";
}
echo implode("\n", $output);
};

63
testdata/worker-with-ini.php vendored Normal file
View File

@@ -0,0 +1,63 @@
<?php
// Modify INI values BEFORE the worker loop (simulating framework setup)
$preLoopPrecision = '8';
$preLoopDisplayErrors = '0';
ini_set('precision', $preLoopPrecision);
ini_set('display_errors', $preLoopDisplayErrors);
$requestCount = 0;
do {
$ok = frankenphp_handle_request(function () use (
&$requestCount,
$preLoopPrecision,
$preLoopDisplayErrors
): void {
$requestCount++;
$output = [];
$output[] = "request=$requestCount";
$action = $_GET['action'] ?? 'check';
switch ($action) {
case 'change_ini':
// Change INI values during the request
ini_set('precision', '5');
ini_set('display_errors', '1');
$output[] = "precision=" . ini_get('precision');
$output[] = "display_errors=" . ini_get('display_errors');
$output[] = "INI_CHANGED";
break;
case 'check':
default:
// Check if pre-loop INI values are preserved
$precision = ini_get('precision');
$displayErrors = ini_get('display_errors');
$output[] = "precision=$precision";
$output[] = "display_errors=$displayErrors";
$issues = [];
if ($precision !== $preLoopPrecision) {
$issues[] = "precision mismatch (expected $preLoopPrecision)";
}
if ($displayErrors !== $preLoopDisplayErrors) {
$issues[] = "display_errors mismatch (expected $preLoopDisplayErrors)";
}
if (empty($issues)) {
$output[] = "PRELOOP_INI_PRESERVED";
} else {
$output[] = "PRELOOP_INI_LOST";
foreach ($issues as $issue) {
$output[] = "ISSUE: $issue";
}
}
}
echo implode("\n", $output);
});
} while ($ok);

98
testdata/worker-with-session-handler.php vendored Normal file
View File

@@ -0,0 +1,98 @@
<?php
// Custom session handler defined BEFORE the worker loop
class PreLoopSessionHandler implements SessionHandlerInterface
{
private static array $data = [];
public function open(string $path, string $name): bool
{
return true;
}
public function close(): bool
{
return true;
}
public function read(string $id): string|false
{
return self::$data[$id] ?? '';
}
public function write(string $id, string $data): bool
{
self::$data[$id] = $data;
return true;
}
public function destroy(string $id): bool
{
unset(self::$data[$id]);
return true;
}
public function gc(int $max_lifetime): int|false
{
return 0;
}
}
// Set the session handler BEFORE the worker loop
$handler = new PreLoopSessionHandler();
session_set_save_handler($handler, true);
$requestCount = 0;
do {
$ok = frankenphp_handle_request(function () use (&$requestCount): void {
$requestCount++;
$output = [];
$output[] = "request=$requestCount";
$action = $_GET['action'] ?? 'check';
switch ($action) {
case 'use_session':
// Try to use the session - should work with pre-loop handler
$error = null;
set_error_handler(function ($errno, $errstr) use (&$error) {
$error = $errstr;
return true;
});
try {
session_id('test-preloop-' . $requestCount);
$result = session_start();
if ($result) {
$_SESSION['test'] = 'value-' . $requestCount;
session_write_close();
$output[] = "SESSION_OK";
} else {
$output[] = "SESSION_START_FAILED";
}
} catch (Throwable $e) {
$output[] = "EXCEPTION:" . $e->getMessage();
}
restore_error_handler();
if ($error) {
$output[] = "ERROR:" . $error;
}
break;
case 'check':
default:
$saveHandler = ini_get('session.save_handler');
$output[] = "save_handler=$saveHandler";
if ($saveHandler === 'user') {
$output[] = "HANDLER_PRESERVED";
} else {
$output[] = "HANDLER_LOST";
}
}
echo implode("\n", $output);
});
} while ($ok);