php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-29 11:42:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
36,090 Commits 547 Branches 1,481 Tags
43fccbf2b9047ee8ef4c2a175add71663df9970e
Commit Graph

674 Commits

Author SHA1 Message Date
Antony Dovgal
ffd09c0961 fix tests 2007-05-18 11:29:55 +00:00
Stanislav Malyshev
69650d0ebf do not send cookie when session is passed in URL, same as it happens with GET/POST 2007-05-16 01:18:14 +00:00
Antony Dovgal
1f65545121 fix test names 2007-05-07 18:03:01 +00:00
Antony Dovgal
39f9184fa6 MFH: fix #40998 (long session array keys are truncated) 2007-04-04 19:52:19 +00:00
Ilia Alshanetsky
7aab16c333 Fixed MOPB-22-2007:PHP session_regenerate_id() Double Free Vulnerability 
# Discovered by Stefan Esser
 2007-03-14 19:37:07 +00:00
Martin Kraemer
9c62ddde34 Typo 2007-03-14 09:58:14 +00:00
Ilia Alshanetsky
a500d1efe9 Adjust checks to allow paths without a trailing / 2007-03-03 15:07:31 +00:00
Ilia Alshanetsky
4735df26f8 Improve safe_mode check 2007-03-02 00:49:47 +00:00
Ilia Alshanetsky
efad70c2cc snprintf() -> slprintf() 2007-02-27 03:28:17 +00:00
Antony Dovgal
c667c70bdb fix typo 2007-02-26 17:47:21 +00:00
Marcus Boerger
50ea26760d - Avoid sprintf, even when checked copy'n'paste or changes lead to errors 2007-02-24 02:17:47 +00:00
Stanislav Malyshev
3e262bd369 disallow negative length 2007-02-24 01:18:14 +00:00
Ilia Alshanetsky
c6402df3a7 Eliminate strcat() usage. 2007-02-19 23:53:00 +00:00
Ilia Alshanetsky
629d7cf43f Fixed Bug #40274 (Sessions fail with numeric root keys). 2007-02-06 00:01:18 +00:00
Dmitry Stogov
ae792a06b0 Fixed SIGSEGV 2007-01-10 07:04:49 +00:00
Ilia Alshanetsky
81729c1ece Prevent SESSION/GLOBALS overload via session decoding 2007-01-09 15:31:12 +00:00
Ilia Alshanetsky
d1891c3d8a removed dl() block 2007-01-06 17:35:44 +00:00
Hannes Magnusson
630254d55e Fix skipif 2007-01-06 16:56:38 +00:00
Ilia Alshanetsky
7ba84b8807 Added missing open_basedir checks 2007-01-04 23:49:35 +00:00
Sebastian Bergmann
4223aa4d5e MFH: Bump year. 2007-01-01 09:36:18 +00:00
Ilia Alshanetsky
ba64553913 Added boundary checks to php_binary deserializer 2006-12-31 22:25:55 +00:00
Nuno Lopes
66e555c66f die("skip this is for PHP < 4.2.3"); 2006-12-27 15:22:28 +00:00
Ilia Alshanetsky
ffd41a503f Session deserializer protection. 2006-12-26 16:53:47 +00:00
Antony Dovgal
7d2142a56e protect _SESSION, HTTP_SESSION_VARS and GLOBALS 
maintain an internal reference of _SESSION, so that it won't be possible to destroy it from userspace
 2006-12-20 19:31:28 +00:00
Antony Dovgal
bcf457d828 MFH: fix retval type 2006-12-04 15:58:48 +00:00
Ilia Alshanetsky
35f78f221b Fixed bug #37627 (session save_path check checks the parent directory). 2006-12-04 15:19:26 +00:00
Ilia Alshanetsky
5f3e233ea7 Disallow \0 chars inside session.save_path 2006-12-01 00:27:20 +00:00
Hannes Magnusson
050f94f746 MFH: Fix double "wron param count" messages 2006-11-03 14:46:48 +00:00
Ilia Alshanetsky
3f71251ffa MFH: Fixed bug #39265 (Fixed path handling inside mod_files.sh). 2006-11-03 13:19:07 +00:00
Ilia Alshanetsky
b1d8f7e09d Expose session storage module locater and serialization function via PHPAPI 2006-10-06 21:11:36 +00:00
Ilia Alshanetsky
154f70acf1 Fixed bug #38993 (Fixed safe_mode/open_basedir checks for 
session.save_path, allowing them to account for extra parameters).
 2006-10-01 20:58:02 +00:00
Hannes Magnusson
6affa7d3e9 Fix tests 2006-09-18 16:12:13 +00:00
Antony Dovgal
b6ced95187 change ini handlers to produce E_ERROR if they are called during startup 2006-08-30 16:24:40 +00:00
Antony Dovgal
f8fd45a735 MFH: change E_ERROR to E_WARNING when invalid argument has been passed 
make sure ini_set() doesn't reset PS(mod) and PS(serializer) to invalid values
 2006-08-30 15:43:10 +00:00
Antony Dovgal
a6088ffc5a fix test 2006-08-11 10:35:22 +00:00
Ilia Alshanetsky
7dfae526c7 Fixed proto 2006-08-10 21:10:03 +00:00
Ilia Alshanetsky
e5fe441cbd Added support for httpOnly flag for session extension and cookie setting 
functions.

# Original patch by Scott MacVicar
 2006-08-10 13:50:56 +00:00
Ilia Alshanetsky
d58b3869a7 Fixed bug #38377 (session_destroy() gives warning after 
session_regenerate_id()).
 2006-08-08 14:54:49 +00:00
Antony Dovgal
0c4ef446e2 MFH: fix #38289 (segfault in session_decode() when _SESSION is NULL) 2006-08-02 09:16:52 +00:00
Antony Dovgal
52e6ede06e MFH: fix #38278 (session_cache_expire()'s value does not match phpinfo's session.cache_expire) 2006-08-01 08:32:07 +00:00
Ilia Alshanetsky
96324fb67f An improved fix for bug #38224 2006-07-27 15:33:16 +00:00
Ilia Alshanetsky
bcc8854eaa make C++ compilers happy 2006-07-27 14:13:30 +00:00
Ilia Alshanetsky
dcb4b314bf removed debug code 2006-07-27 14:05:03 +00:00
Ilia Alshanetsky
e5a1182304 Fixed bug #38224 (session extension can't handle broken cookies). 2006-07-27 14:00:13 +00:00
Ilia Alshanetsky
1784db8087 Fixed compiler warnings. 2006-07-13 00:13:19 +00:00
Michael Wallner
33dbaff1ed MFH: add note why replace is 0, so that I don't wonder again in 2 months 
why session_regenerate_id() sends the session cookie twice
 2006-07-12 15:28:44 +00:00
Dmitry Stogov
1dbaae2795 Added automatic module globals management 2006-06-15 18:33:09 +00:00
Marcus Boerger
aa0172a4da - MFH Fix bug #37510 session_regenerate_id changes session_id() even on failure 2006-05-18 22:12:26 +00:00
Ilia Alshanetsky
101d925baa Commit the actual fix 2006-04-18 00:31:45 +00:00
Ilia Alshanetsky
3022080d84 Fixed bug #36459 (Incorrect adding PHPSESSID to links, which contains \r\n). 2006-02-28 14:45:18 +00:00