php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-25 00:48:25 +02:00
Code Issues Packages Projects Releases Wiki Activity
35,158 Commits 549 Branches 1,485 Tags
57792acabc29f73e4ac3580f7ec2bc748afbb278
Commit Graph

448 Commits

Author SHA1 Message Date
Sebastian Bergmann 4223aa4d5e MFH: Bump year. 2007-01-01 09:36:18 +00:00
Ilia Alshanetsky ba64553913 Added boundary checks to php_binary deserializer 2006-12-31 22:25:55 +00:00
Ilia Alshanetsky ffd41a503f Session deserializer protection. 2006-12-26 16:53:47 +00:00
Antony Dovgal 7d2142a56e protect _SESSION, HTTP_SESSION_VARS and GLOBALS 
maintain an internal reference of _SESSION, so that it won't be possible to destroy it from userspace
 2006-12-20 19:31:28 +00:00
Antony Dovgal bcf457d828 MFH: fix retval type 2006-12-04 15:58:48 +00:00
Ilia Alshanetsky 35f78f221b Fixed bug #37627 (session save_path check checks the parent directory). 2006-12-04 15:19:26 +00:00
Ilia Alshanetsky 5f3e233ea7 Disallow \0 chars inside session.save_path 2006-12-01 00:27:20 +00:00
Hannes Magnusson 050f94f746 MFH: Fix double "wron param count" messages 2006-11-03 14:46:48 +00:00
Ilia Alshanetsky b1d8f7e09d Expose session storage module locater and serialization function via PHPAPI 2006-10-06 21:11:36 +00:00
Ilia Alshanetsky 154f70acf1 Fixed bug #38993 (Fixed safe_mode/open_basedir checks for 
session.save_path, allowing them to account for extra parameters).
 2006-10-01 20:58:02 +00:00
Antony Dovgal b6ced95187 change ini handlers to produce E_ERROR if they are called during startup 2006-08-30 16:24:40 +00:00
Antony Dovgal f8fd45a735 MFH: change E_ERROR to E_WARNING when invalid argument has been passed 
make sure ini_set() doesn't reset PS(mod) and PS(serializer) to invalid values
 2006-08-30 15:43:10 +00:00
Ilia Alshanetsky 7dfae526c7 Fixed proto 2006-08-10 21:10:03 +00:00
Ilia Alshanetsky e5fe441cbd Added support for httpOnly flag for session extension and cookie setting 
functions.

# Original patch by Scott MacVicar
 2006-08-10 13:50:56 +00:00
Antony Dovgal 0c4ef446e2 MFH: fix #38289 (segfault in session_decode() when _SESSION is NULL) 2006-08-02 09:16:52 +00:00
Antony Dovgal 52e6ede06e MFH: fix #38278 (session_cache_expire()'s value does not match phpinfo's session.cache_expire) 2006-08-01 08:32:07 +00:00
Ilia Alshanetsky 96324fb67f An improved fix for bug #38224 2006-07-27 15:33:16 +00:00
Ilia Alshanetsky bcc8854eaa make C++ compilers happy 2006-07-27 14:13:30 +00:00
Ilia Alshanetsky dcb4b314bf removed debug code 2006-07-27 14:05:03 +00:00
Ilia Alshanetsky e5a1182304 Fixed bug #38224 (session extension can't handle broken cookies). 2006-07-27 14:00:13 +00:00
Ilia Alshanetsky 1784db8087 Fixed compiler warnings. 2006-07-13 00:13:19 +00:00
Michael Wallner 33dbaff1ed MFH: add note why replace is 0, so that I don't wonder again in 2 months 
why session_regenerate_id() sends the session cookie twice
 2006-07-12 15:28:44 +00:00
Dmitry Stogov 1dbaae2795 Added automatic module globals management 2006-06-15 18:33:09 +00:00
Marcus Boerger aa0172a4da - MFH Fix bug #37510 session_regenerate_id changes session_id() even on failure 2006-05-18 22:12:26 +00:00
Rasmus Lerdorf 6cc9f92d16 (Missing patch from the PHP 4 tree that got lost in the shuffle) 
See: http://cvs.php.net/viewcvs.cgi/php-src/ext/session/session.c?r1=1.336.2.39&r2=1.336.2.40
- fix logic. if the client already sent us the cookie, we don't
  need to send it again.  if the id has been changed, we need to
  update the client side.
 2006-02-10 07:39:13 +00:00
Frank M. Kromann 80cc4867e3 Export symbols that will allow building WDDX as shared object 2006-01-28 06:18:01 +00:00
Ilia Alshanetsky 3d80bd0cdf Added a check for special characters in the session name. 2006-01-15 16:51:18 +00:00
foobar 5bd93221a8 bump year and license version 2006-01-01 12:51:34 +00:00
foobar 3e669bc950 MFH: nuke php3 legacy 2005-12-06 02:28:41 +00:00
foobar b5017bd725 MFH: Improved the fix for #21306 a bit 2005-09-23 08:14:13 +00:00
foobar de6b4c0091 MFH: - Fixed bug #21306 (catch bailouts of write handler during RSHUTDOWN) 2005-09-20 20:56:54 +00:00
Stanislav Malyshev bcb70109d2 fix crash on restarting static PHP having session modules loaded 2005-09-20 14:03:29 +00:00
foobar 23e671a51e - Bumber up year 2005-08-03 14:08:58 +00:00
foobar fd07bc5e6b nuke duplicate code 2005-06-03 22:09:22 +00:00
Antony Dovgal 29319a81b8 fix typo 
(see details here: http://news.php.net/php.internals/16350)
 2005-06-01 18:27:50 +00:00
Ilia Alshanetsky c24900dfa4 Added an optional remove old session parameter to session_regenerate_id(). 2005-05-29 16:51:25 +00:00
foobar 26d7b7fbc0 CS fix 2005-05-23 06:46:25 +00:00
Antony Dovgal a186549ec0 fix compile warning 2005-05-22 12:57:26 +00:00
Rasmus Lerdorf c1ef105535 Fixed bug 33072 - safemode/open_basedir check for runtime save_path change 2005-05-21 17:37:56 +00:00
Antony Dovgal 8f5ecf6da8 fix bug #32944 (Disabling session.use_cookies doesn't prevent reading session cookies) 2005-05-20 10:27:49 +00:00
Antony Dovgal 76e07faf87 fix leak when register_long_arrays is off 2005-03-24 00:17:16 +00:00
Antony Dovgal 5b78e4c025 hm.. 
fix #28324 _properly_
 2005-02-10 20:22:07 +00:00
Antony Dovgal 94982058b6 fix bug #28324 (HTTP_SESSION_VARS appear when register_long_arrays is Off) 2005-02-10 19:38:11 +00:00
Stefan Esser 581265f4d1 Correctly initialize ZVAL 2005-01-21 16:03:47 +00:00
Antony Dovgal d7072f8a9d efree(name) 2005-01-09 17:49:51 +00:00
Antony Dovgal c644b2a5a1 fix bug #31454 (session_set_save_handler crashes PHP when supplied non-existent object ref) 2005-01-09 17:42:02 +00:00
Antony Dovgal ad76be844b CS changes (as suggested by Ilia) 2004-12-09 17:15:52 +00:00
Antony Dovgal e76824c91f fix segfault in session_module_name() when session.save_handler is empty 2004-12-09 14:14:21 +00:00
Dmitry Stogov a22fa4d109 Fixed crash in phpinfo() after graceful Apache restart. 2004-12-07 18:02:25 +00:00
Andi Gutmans 11bcaedfc8 - Rename delete_global_variable() to zend_delete_global_variable() 2004-10-04 20:17:06 +00:00