php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-25 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
145,501 Commits 547 Branches 1,481 Tags
master
Commit Graph

638 Commits

Author SHA1 Message Date
ndossche
64092352a4 Merge branch 'PHP-8.5' 
* PHP-8.5:
  Revert "ext/session: Fix memory leak due to multiple exception happening during session abort"
 2026-03-10 20:29:14 +01:00
ndossche
3b8aac8dad Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  Revert "ext/session: Fix memory leak due to multiple exception happening during session abort"
 2026-03-10 20:29:08 +01:00
ndossche
3073948885 Revert "ext/session: Fix memory leak due to multiple exception happening during session abort" 
This reverts commit 0acde11945.

The patch is incorrect as described in GH-21200 in the post-merge
comments.
 2026-03-10 20:28:47 +01:00
Gina Peter Banyard
f2d96c84f0 Merge branch 'PHP-8.5' 
* PHP-8.5:
  ext/session: Fix memory leak due to multiple exception happening during session abort
 2026-03-07 13:30:28 +00:00
Gina Peter Banyard
10e02b0a4a Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  ext/session: Fix memory leak due to multiple exception happening during session abort
 2026-03-07 13:30:15 +00:00
Gina Peter Banyard
0acde11945 ext/session: Fix memory leak due to multiple exception happening during session abort 
Closes GH-21200

Co-authored-by: arshidkv12 <arshidkv12@gmail.com>
 2026-03-07 13:28:42 +00:00
Gina Peter Banyard
86b4921157 ext/session: only return false when could not encode session at all (#21181) 
* ext/session: only return false when could not encode session at all

This also fixes bug 71162
 2026-02-16 11:44:15 +00:00
Gina Peter Banyard
1041a47ed3 ext/standard: throw ValueError if argument contains null byte in session_module_name() 
And fix error message to use 'must not' rather than 'cannot'
 2026-02-09 10:49:59 +00:00
Gina Peter Banyard
a8bdfa665b ext/session: remove mod_user_class_name global 2026-02-09 10:49:59 +00:00
Gina Peter Banyard
f18e99244b Zend: Deprecate __sleep() (#19682) 
RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_the_sleep_and_wakeup_magic_methods
 2025-09-10 08:54:16 +01:00
Daniel Scherzer
4731245952 ext/session: Add #[\Deprecated] to SID constant (#19566) 2025-08-25 01:52:35 -07:00
Niels Dossche
1bba07ecc0 partitioned option for setcookie/setrawcookie and sessions 
RFC: https://wiki.php.net/rfc/CHIPS

Closes GH-12646.
Closes GH-12652.
 2025-08-15 08:41:24 +02:00
Tim Düsterhus
3d9d68e1ca zend_compile: Deprecate backticks as an alias for shell_exec() (#19443) 
RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_backticks_as_an_alias_for_shell_exec
 2025-08-12 12:02:13 +02:00
DanielEScherzer
d8577d9bfb Deprecate returning non-string values from a user output handler (#18932) 
https://wiki.php.net/rfc/deprecations_php_8_4
 2025-07-07 14:31:13 -07:00
Gina Peter Banyard
7f80d4dc7d ext/session: Remove bool type coercions in tests 2025-06-23 14:57:13 +02:00
Jessica Smith
042a975238 ext/session: Fix GH-18634 (#18653) 
Show warning when saving session if a pipe character is used in one of the $_SESSION keys

Fixes #18634
 2025-05-26 11:17:25 +01:00
Gina Peter Banyard
3930b6f378 Merge branch 'PHP-8.4' 
* PHP-8.4:
  ext/session: Fix GH-17541 (ext/session NULL pointer dereferencement during ID reset)
 2025-01-24 14:10:12 +00:00
Gina Peter Banyard
d35904adf2 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  ext/session: Fix GH-17541 (ext/session NULL pointer dereferencement during ID reset)
 2025-01-24 14:10:00 +00:00
Gina Peter Banyard
a85666c17b ext/session: Fix GH-17541 (ext/session NULL pointer dereferencement during ID reset) 
Closes GH-17541
Closes GH-17546
 2025-01-24 14:04:58 +00:00
Niels Dossche
6d4598eba8 Merge branch 'PHP-8.4' 
* PHP-8.4:
  Fix type confusion with session SID constant
 2025-01-23 19:03:45 +01:00
Niels Dossche
b448d540c2 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix type confusion with session SID constant
 2025-01-23 19:03:35 +01:00
Niels Dossche
2a2cc2ccce Fix type confusion with session SID constant 
Closes GH-17548.
 2025-01-23 19:03:04 +01:00
David Carlier
a091e52316 ext/session: session_start() options arguments type checks. 
close GH-17388
 2025-01-07 23:52:39 +00:00
Niels Dossche
173bdb2c06 Merge branch 'PHP-8.4' 
* PHP-8.4:
  Fix GH-16590: UAF in session_encode()
  Fix various memory leaks on error conditions in openssl_x509_parse()
 2024-11-04 20:05:42 +01:00
Niels Dossche
cc39bc21e3 Fix GH-16590: UAF in session_encode() 
The `PS_ENCODE_LOOP` does not protect the session hash table that it
iterates over. Change it by temporarily creating a copy.

Closes GH-16640.
 2024-11-04 20:05:32 +01:00
Calvin Buckley
84d6cb8cf0 Unify headers already sent/session already started error handler (#16451) 
* Unify headers already sent errors

Now whenever we need to check where headers were already sent in
ext/session, we call a single location that prints where, keeping it
consistent output wise.

* Unify session aready started errors

Similar to the one for headers.

* Also change session active checks too

This usually go hand in hand with the headers already sent checks, but
is in a separate commit because of the amount of tests it changes.
 2024-10-17 13:13:56 -03:00
Calvin Buckley
edf351ce6d Mention where headers were already sent if session_start fails (#16378) 
We had previously improved where sessions were already started, and
where headers were already sent when setting headers, but not where a
header has been sent if we try to set the header cookie.

Fixes GH-16372
 2024-10-14 21:13:43 -03:00
David Carlier
4d008e300b Merge branch 'PHP-8.3' into PHP-8.4 2024-10-13 14:19:45 +01:00
David Carlier
f31232e218 Merge branch 'PHP-8.2' into PHP-8.3 2024-10-13 14:19:33 +01:00
David Carlier
84a8fea251 Fix GH-16290: session cookie_lifetime ini value overflow. 
close GH-16295
 2024-10-13 14:19:18 +01:00
Niels Dossche
45f7f87b75 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-16385: Unexpected null returned by session_set_cookie_params
 2024-10-12 13:09:24 +02:00
Niels Dossche
a1f7ce5617 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-16385: Unexpected null returned by session_set_cookie_params
 2024-10-12 13:09:06 +02:00
Niels Dossche
7cdd1302c3 Fix GH-16385: Unexpected null returned by session_set_cookie_params 
Two issues:
1) The check happened before ZPP checks
2) The `return;` statement caused NULL to be returned while this
   function can only return booleans. An exception seems not acceptable
   in stable versions, but a warning may do.

Closes GH-16386.
 2024-10-12 13:08:37 +02:00
Christoph M. Becker
217ea732fc Use php_error_docref() instead of zend_error() in session.c (GH-15505) 
Using `php_error_docref()` is preferable since it outputs additional
details (which function has been called and whether it is a startup or
shutdown error), uses HTML markup, and also provides a link to the
documentation, if configured.

Since these deprecation warnings have been introduced recently[1][2],
i.e. for PHP 8.4, there are no BC concerns.

[1] <e8ff7c70f9>
[2] <b36eac94d2>

Co-authored-by: Máté Kocsis <kocsismate90@gmail.com>
 2024-09-04 16:00:28 +02:00
Kamil Tekiela
c5bce0d8a2 Deprecate disabling use_only_cookies (#13578) 2024-08-24 16:33:45 +02:00
Jorg Adam Sowa
ff69f334f1 ext/session: Warn when providing invalid values for session.gc_probability and session.gc_divisor 2024-08-22 01:29:40 +01:00
Christoph M. Becker
3ed5eee5d3 [skip ci] Fix bug71162.phpt xfail message (GH-15506) 
The test failure is unlikely to be caused by `SessionHandlerInterface`
not being available.
 2024-08-20 14:48:52 +02:00
Jorg Adam Sowa
21fa5e15f9 ext/session: session_create_id() now throws a ValueError for large prefix (#15338) 2024-08-15 11:10:18 +01:00
Jorg Adam Sowa
c4eccf33e9 ext/session: session.save_handler - add tests fortwo uncovered cases (#15337) 2024-08-11 15:39:56 +01:00
Jorg Adam Sowa
6bf7b7220d ValueError on null byte in session_name() (#15286) 2024-08-11 13:26:54 +01:00
Tim Düsterhus
e8ff7c70f9 session: Deprecate session.sid_length and session.sid_bits_per_character (#15213) 
RFC: https://wiki.php.net/rfc/deprecations_php_8_4
 2024-08-04 18:25:31 +02:00
Jorg Adam Sowa
8e1561cdbe Check session_create_id() input for null byte (#14728) 2024-07-06 21:18:35 +01:00
Niels Dossche
a58c3a7eb1 Merge branch 'PHP-8.3' 
* PHP-8.3:
  Fix reading zlib ini settings in ext-soap
  Fix memory leak if calling SoapServer::setClass() twice
  Fix memory leak if calling SoapServer::setObject() twice
  Fix missing error restore code in ext-soap (#14379)
  Fix GH-14368: Test failure in ext/session/tests/gh13856.phpt (#14378)
 2024-05-31 18:27:22 +02:00
Niels Dossche
2b1097a87d Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix reading zlib ini settings in ext-soap
  Fix memory leak if calling SoapServer::setClass() twice
  Fix memory leak if calling SoapServer::setObject() twice
  Fix missing error restore code in ext-soap (#14379)
  Fix GH-14368: Test failure in ext/session/tests/gh13856.phpt (#14378)
 2024-05-31 18:26:22 +02:00
Niels Dossche
d7aa0be3a8 Fix GH-14368: Test failure in ext/session/tests/gh13856.phpt (#14378) 
If the runner overrides session.save_path, the test fails.
Manually set it to a value known to trigger the issue.
 2024-05-31 18:18:40 +02:00
Peter Kokot
c1d71cfeea Remove forgotten obsolete session INI directives (#14238) 
The session.hash_function and session.hash_bits_per_character INI
directives have been removed in PHP 7.1:
3467526a65
 2024-05-15 17:01:15 +02:00
Jorg Adam Sowa
4829b8f2cb ext/session: Add test for session_start with read_and_close option (#13799) 2024-04-14 13:22:43 +01:00
Niels Dossche
cf313321c2 Merge branch 'PHP-8.3' 
* PHP-8.3:
  [ci skip] NEWS
  Fix GH-13891: memleak and segfault when using ini_set with session.trans_sid_hosts (#13892)
 2024-04-06 13:45:10 +02:00
Niels Dossche
eb244fcb49 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  [ci skip] NEWS
  Fix GH-13891: memleak and segfault when using ini_set with session.trans_sid_hosts (#13892)
 2024-04-06 13:45:00 +02:00
Niels Dossche
5ce9687cb2 Fix GH-13891: memleak and segfault when using ini_set with session.trans_sid_hosts (#13892) 
The hash tables used are allocated via the persistent allocator.
When using ini_set, the allocation happens via the non-persistent
allocator. When the table is then freed in GSHUTDOWN, we get a crash
because the allocators are mismatched.

As a side note, it is strange that this is designed this way, because it
means that ini_sets persist between requests...

Co-authored-by: Kamil Tekiela <tekiela246@gmail.com>
 2024-04-06 13:43:26 +02:00