php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-22 07:28:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
37,703 Commits 549 Branches 1,485 Tags
89273e14821e6c19259cf43b2cd30cb8489e9497
Commit Graph

467 Commits

Author SHA1 Message Date
Sebastian Bergmann d1dded8751 MFH: Bump copyright year, 2 of 2. 2007-12-31 07:17:19 +00:00
Yiduo (David) Wang 4b4d634cb9 MFH: Added macros for managing zval refcounts and is_ref statuses 2007-10-07 05:22:07 +00:00
Dmitry Stogov 6c810b0d4c Improved memory usage by movig constants to read only memory. (Dmitry, Pierre) 2007-09-27 18:00:48 +00:00
Stanislav Malyshev 6b7f164803 correct fix for access control for save_path and .htaccess 2007-08-03 01:16:40 +00:00
Ilia Alshanetsky 3034092111 Fixed bug #42135 (Second call of session_start() causes creation of SID) 2007-07-29 14:43:30 +00:00
Ilia Alshanetsky e2d606e18b Fixed compiler warning 2007-06-17 14:25:46 +00:00
Stefan Esser df7bfe0a0f MFH 2007-06-16 07:48:07 +00:00
Stanislav Malyshev 70a8f9313b Disallow characters that Cookie RFC does not allow in unquoted cookies 2007-06-15 22:40:00 +00:00
Antony Dovgal d042fd0675 MFH: php_gmtime_r() fixes 2007-06-07 08:59:00 +00:00
Stanislav Malyshev 69650d0ebf do not send cookie when session is passed in URL, same as it happens with GET/POST 2007-05-16 01:18:14 +00:00
Antony Dovgal 39f9184fa6 MFH: fix #40998 (long session array keys are truncated) 2007-04-04 19:52:19 +00:00
Ilia Alshanetsky 7aab16c333 Fixed MOPB-22-2007:PHP session_regenerate_id() Double Free Vulnerability 
# Discovered by Stefan Esser
 2007-03-14 19:37:07 +00:00
Ilia Alshanetsky a500d1efe9 Adjust checks to allow paths without a trailing / 2007-03-03 15:07:31 +00:00
Ilia Alshanetsky 4735df26f8 Improve safe_mode check 2007-03-02 00:49:47 +00:00
Ilia Alshanetsky efad70c2cc snprintf() -> slprintf() 2007-02-27 03:28:17 +00:00
Marcus Boerger 50ea26760d - Avoid sprintf, even when checked copy'n'paste or changes lead to errors 2007-02-24 02:17:47 +00:00
Stanislav Malyshev 3e262bd369 disallow negative length 2007-02-24 01:18:14 +00:00
Dmitry Stogov ae792a06b0 Fixed SIGSEGV 2007-01-10 07:04:49 +00:00
Ilia Alshanetsky 81729c1ece Prevent SESSION/GLOBALS overload via session decoding 2007-01-09 15:31:12 +00:00
Sebastian Bergmann 4223aa4d5e MFH: Bump year. 2007-01-01 09:36:18 +00:00
Ilia Alshanetsky ba64553913 Added boundary checks to php_binary deserializer 2006-12-31 22:25:55 +00:00
Ilia Alshanetsky ffd41a503f Session deserializer protection. 2006-12-26 16:53:47 +00:00
Antony Dovgal 7d2142a56e protect _SESSION, HTTP_SESSION_VARS and GLOBALS 
maintain an internal reference of _SESSION, so that it won't be possible to destroy it from userspace
 2006-12-20 19:31:28 +00:00
Antony Dovgal bcf457d828 MFH: fix retval type 2006-12-04 15:58:48 +00:00
Ilia Alshanetsky 35f78f221b Fixed bug #37627 (session save_path check checks the parent directory). 2006-12-04 15:19:26 +00:00
Ilia Alshanetsky 5f3e233ea7 Disallow \0 chars inside session.save_path 2006-12-01 00:27:20 +00:00
Hannes Magnusson 050f94f746 MFH: Fix double "wron param count" messages 2006-11-03 14:46:48 +00:00
Ilia Alshanetsky b1d8f7e09d Expose session storage module locater and serialization function via PHPAPI 2006-10-06 21:11:36 +00:00
Ilia Alshanetsky 154f70acf1 Fixed bug #38993 (Fixed safe_mode/open_basedir checks for 
session.save_path, allowing them to account for extra parameters).
 2006-10-01 20:58:02 +00:00
Antony Dovgal b6ced95187 change ini handlers to produce E_ERROR if they are called during startup 2006-08-30 16:24:40 +00:00
Antony Dovgal f8fd45a735 MFH: change E_ERROR to E_WARNING when invalid argument has been passed 
make sure ini_set() doesn't reset PS(mod) and PS(serializer) to invalid values
 2006-08-30 15:43:10 +00:00
Ilia Alshanetsky 7dfae526c7 Fixed proto 2006-08-10 21:10:03 +00:00
Ilia Alshanetsky e5fe441cbd Added support for httpOnly flag for session extension and cookie setting 
functions.

# Original patch by Scott MacVicar
 2006-08-10 13:50:56 +00:00
Antony Dovgal 0c4ef446e2 MFH: fix #38289 (segfault in session_decode() when _SESSION is NULL) 2006-08-02 09:16:52 +00:00
Antony Dovgal 52e6ede06e MFH: fix #38278 (session_cache_expire()'s value does not match phpinfo's session.cache_expire) 2006-08-01 08:32:07 +00:00
Ilia Alshanetsky 96324fb67f An improved fix for bug #38224 2006-07-27 15:33:16 +00:00
Ilia Alshanetsky bcc8854eaa make C++ compilers happy 2006-07-27 14:13:30 +00:00
Ilia Alshanetsky dcb4b314bf removed debug code 2006-07-27 14:05:03 +00:00
Ilia Alshanetsky e5a1182304 Fixed bug #38224 (session extension can't handle broken cookies). 2006-07-27 14:00:13 +00:00
Ilia Alshanetsky 1784db8087 Fixed compiler warnings. 2006-07-13 00:13:19 +00:00
Michael Wallner 33dbaff1ed MFH: add note why replace is 0, so that I don't wonder again in 2 months 
why session_regenerate_id() sends the session cookie twice
 2006-07-12 15:28:44 +00:00
Dmitry Stogov 1dbaae2795 Added automatic module globals management 2006-06-15 18:33:09 +00:00
Marcus Boerger aa0172a4da - MFH Fix bug #37510 session_regenerate_id changes session_id() even on failure 2006-05-18 22:12:26 +00:00
Rasmus Lerdorf 6cc9f92d16 (Missing patch from the PHP 4 tree that got lost in the shuffle) 
See: http://cvs.php.net/viewcvs.cgi/php-src/ext/session/session.c?r1=1.336.2.39&r2=1.336.2.40
- fix logic. if the client already sent us the cookie, we don't
  need to send it again.  if the id has been changed, we need to
  update the client side.
 2006-02-10 07:39:13 +00:00
Frank M. Kromann 80cc4867e3 Export symbols that will allow building WDDX as shared object 2006-01-28 06:18:01 +00:00
Ilia Alshanetsky 3d80bd0cdf Added a check for special characters in the session name. 2006-01-15 16:51:18 +00:00
foobar 5bd93221a8 bump year and license version 2006-01-01 12:51:34 +00:00
foobar 3e669bc950 MFH: nuke php3 legacy 2005-12-06 02:28:41 +00:00
foobar b5017bd725 MFH: Improved the fix for #21306 a bit 2005-09-23 08:14:13 +00:00
foobar de6b4c0091 MFH: - Fixed bug #21306 (catch bailouts of write handler during RSHUTDOWN) 2005-09-20 20:56:54 +00:00