php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-12 18:43:37 +02:00
Code Issues Packages Projects Releases Wiki Activity
110,727 Commits 547 Branches 1,483 Tags
5f4e034e570176cf63aaa29d2d476ddff2d0580b
Commit Graph

859 Commits

Author SHA1 Message Date
Christoph M. Becker
b510250b8e Fix #79413: session_create_id() fails for active sessions 
The comment on `PS_VALIDATE_SID_FUNC(files)` is very clear that the
function is supposed to return `SUCCESS` if the session already exists.
So to detect a collision, we have to check for `SUCCESS`, not
`FAILURE`.

We also fix the wrong condition in session_regenerate_id() as well.
 2020-03-31 08:38:23 +02:00
Stanislav Malyshev
409965fe1c Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress 2020-02-17 00:19:30 -08:00
Stanislav Malyshev
25ec7eb346 Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Update NEWS
  Fix bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`)
  Fix #79099: OOB read in php_strip_tags_ex
  Fix #79091: heap use-after-free in session_create_id()
 2020-01-20 22:46:29 -08:00
Christoph M. Becker
f79c774274 Fix #79091: heap use-after-free in session_create_id() 
If the `new_id` is released, we must not use it again.
 2020-01-20 21:43:42 -08:00
Christoph M. Becker
f0ccd9ffc6 Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Fix #77911: Wrong warning for session.sid_bits_per_character
 2019-04-17 17:24:15 +02:00
Christoph M. Becker
d20053a556 Fix #77911: Wrong warning for session.sid_bits_per_character 2019-04-17 17:23:23 +02:00
Pedro Magalhães
a16aee6cee Fix #76688: Disallow excessive parameters after options array 2018-08-12 15:49:13 +02:00
Pedro Magalhães
2b58ab23c6 Support for samesite cookies with array syntax 
Allows using an alternative array argument with
support for the samesite option on the following
functions:
setcookie
setrawcookie
session_set_cookie_params
 2018-07-31 12:40:26 +02:00
Frederik Bosch
08b9310e6d implement same site cookie see https://bugs.php.net/bug.php?id=72230 see https://tools.ietf.org/html/draft-west-first-party-cookies-07 see https://scotthelme.co.uk/csrf-is-dead/ 2018-07-31 12:40:24 +02:00
Peter Kokot
a5e80b22e1 Fix typos in code comments 2018-07-25 11:57:11 +02:00
Peter Kokot
8d3f8ca12a Remove unused Git attributes ident 
The $Id$ keywords were used in Subversion where they can be substituted
with filename, last revision number change, last changed date, and last
user who changed it.

In Git this functionality is different and can be done with Git attribute
ident. These need to be defined manually for each file in the
.gitattributes file and are afterwards replaced with 40-character
hexadecimal blob object name which is based only on the particular file
contents.

This patch simplifies handling of $Id$ keywords by removing them since
they are not used anymore.
 2018-07-25 00:53:25 +02:00
Dmitry Stogov
67b4c3379a Uze ZVAL_COPY_DEREF() instead of ZVAL_DEREF() and ZVAL_COPY() 2018-07-09 12:46:46 +03:00
Dmitry Stogov
169d454593 Use zval_ptr_dtor() imstead of zval_dtor() 2018-07-05 17:55:54 +03:00
Dmitry Stogov
4a475a4976 Replace legacy zval_dtor() by zval_ptr_dtor_nogc() or even more specialized destructors. 
zval_dtor() doesn't make a lot of sense in PHP-7.* and it's used incorrectly in some places.
Its occurances should be replaced by zval_ptr_dtor() or zval_ptr_dtor_nogc(), or even more specialized destructors.
 2018-07-04 19:22:24 +03:00
Dmitry Stogov
af341213f7 se zval_ptr_dtor_str() instead of zend_string_release_ex(Z_STR(*), 0) 2018-07-04 12:08:07 +03:00
Dmitry Stogov
5eb1f92f31 Use zend_string_release_ex() instread of zend_string_release() in places, where we sure about string persistence. 2018-05-28 16:27:12 +03:00
Gabriel Caruso
2d48d734a2 Fix some misspellings 2018-02-06 16:59:00 +01:00
Xinchen Hui
a6519d0514 year++ 2018-01-02 12:57:58 +08:00
Xinchen Hui
7a7ec01a49 year++ 2018-01-02 12:55:14 +08:00
Dmitry Stogov
83e495e0fd Move constants into read-only data segment 2017-12-14 22:14:36 +03:00
Dmitry Stogov
f98721b4e0 Intern auto global name strings in first place 2017-11-29 17:10:51 +03:00
Dmitry Stogov
ccc12b82da Avoid unnecessary reference-counting on strings. 2017-11-16 17:09:32 +03:00
Nikita Popov
a57f370e59 Clarify bin_to_readable code 
I got a bit of a scare when I first saw this code. Turns out that
the way it's used inlen==outlen and that's why it works.
 2017-11-14 21:37:22 +01:00
Anatol Belski
0d1eeeb68d move zend_ato*() to size_t and remove casts 2017-07-28 14:59:31 +02:00
Anatol Belski
6aa9c1911b Merge branch 'PHP-7.2' 
* PHP-7.2:
  Fixed bug #74833, SID constant created with wrong module number
 2017-07-26 13:21:48 +02:00
Anatol Belski
9ff4801159 Merge branch 'PHP-7.1' into PHP-7.2 
* PHP-7.1:
  Fixed bug #74833, SID constant created with wrong module number
 2017-07-26 13:21:20 +02:00
Anatol Belski
eaf5c7cdd4 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fixed bug #74833, SID constant created with wrong module number
 2017-07-26 13:20:48 +02:00
Anatol Belski
bd00fe81cc Fixed bug #74833, SID constant created with wrong module number 2017-07-26 13:19:41 +02:00
dreamsxin
072ef62f6e Add warning for change session id when session is active 2017-07-25 09:27:58 +01:00
Sergei Morozov
9b9184a45a Fixed bug #74941 - Session fails to start after having headers sent 2017-07-20 07:52:02 +01:00
Sergei Morozov
5b12b46a19 Fixed bug #74936 - session_*() functions trigger a warning in read mode when the session is active 2017-07-18 22:25:22 +02:00
Yasuo Ohgaki
a2d766503a Fixed bug #74514 5 session functions incorrectly warn when calling in read-only/getter mode 2017-07-01 03:32:54 +09:00
Nikita Popov
035a27cbc6 Only compute callback name in error cases 
Mostly the callback name is only used to report an error. Try to
avoid calculating it if no error occurred.
 2017-06-25 18:45:59 +02:00
Xinchen Hui
8f2d3539f2 Merge branch 'PHP-7.1' 
* PHP-7.1:
  Fixed tests when using cumstom php.ini(session.save_handler)
  Fix Bug #74541 Wrong reflection on session_start()
 2017-05-09 11:15:32 +08:00
Xinchen Hui
05c90e5994 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fixed tests when using cumstom php.ini(session.save_handler)
  Fix Bug #74541 Wrong reflection on session_start()
 2017-05-09 11:14:40 +08:00
Fabien Villepinte
b39c70b4a7 Fix Bug #74541 Wrong reflection on session_start() 2017-05-08 22:42:09 +02:00
Nikita Popov
7cba31535c Separate array in session upload progress 2017-01-23 17:19:12 +00:00
Joe Watkins
71a42477ca Merge branch 'PHP-7.1' 
* PHP-7.1:
  Update comment, incorrect since 224aaf94
 2017-01-19 10:49:09 +00:00
SjonHortensius
631861e1fa Update comment, incorrect since 224aaf94 
In 224aaf94; the warning was enabled; making the comment above incorrect. I've updated the comment to reflect the current code
 2017-01-19 10:48:54 +00:00
Sammy Kaye Powers
dac6c639bb Update copyright headers to 2017 2017-01-04 11:23:42 -06:00
Sammy Kaye Powers
478f119ab9 Update copyright headers to 2017 2017-01-04 11:14:55 -06:00
Sammy Kaye Powers
9e29f841ce Update copyright headers to 2017 2017-01-02 09:30:12 -06:00
dreamszhu
e10425fe8b Add PHPAPI php_session_flush and php_session_destroy 2017-01-01 07:30:22 +08:00
Anatol Belski
f8aa57ab2f fix uninitialized value 2016-12-27 23:43:49 +01:00
Graham Campbell
22f3695fe1 Fixed typo in "session_module_name" 2016-12-27 22:01:19 +01:00
Yasuo Ohgaki
a93a51c3bf Fix bug #73100 - Improve bug fix. Forbid to set 'user' save handler other than set_save_handler(). 2016-12-22 16:04:28 +09:00
Yasuo Ohgaki
bf5c502e3d Remove "register_globals" support codes from php/php_binary serializers. 
As a result, users may use PS_UNDEF_MAKER(=!) char for session variable name.
 2016-12-21 08:07:14 +09:00
Yasuo Ohgaki
7f196e321f Fix bug #71038 - session_start() returns true even when it failed 
PR #2167
 2016-11-17 11:09:07 +09:00
Yasuo Ohgaki
3d6e922367 Refactor and cleanup implementation. 2016-11-16 05:08:29 +00:00
Yasuo Ohgaki
7b29c3fba6 Revert "Fix Bug #73461" 
This reverts commit 0383de1467.
 2016-11-16 05:08:29 +00:00