- Fixed bug #60860 (session.save_handler=user without defined function core dumps)

NEWS

@@ -8,6 +8,10 @@ PHP                                                                        NEWS
 - OpenSSL:
   . Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
     CVE-2011-3389. (Scott)
+    
+- Session:
+  . Fixed bug #60860 (session.save_handler=user without defined function core
+    dumps). (Felipe)
 
 19 Jan 2012, PHP 5.4.0 RC6
 

ext/session/mod_user.c

@@ -80,6 +80,13 @@ PS_OPEN_FUNC(user)
 {
 	zval *args[2];
 	STDVARS;
+	
+	if (PSF(open) == NULL) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING,
+			"user session functions not defined");
+			
+		return FAILURE;
+	}
 
 	SESS_ZVAL_STRING((char*)save_path, args[0]);
 	SESS_ZVAL_STRING((char*)session_name, args[1]);

ext/session/tests/bug60860.phpt

@@ -0,0 +1,17 @@
+--TEST--
+Bug #60860 (session.save_handler=user without defined function core dumps)
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--INI--
+session.save_handler=user
+--FILE--
+<?php
+
+session_start();
+echo "ok\n";
+
+?>
+--EXPECTF--
+Warning: session_start(): user session functions not defined in %s on line 3
+
+Fatal error: session_start(): Failed to initialize storage module: user (path: ) in %s on line 3