It seems that in 2015, work was being done so that users could add their own custom
session handlers. The implementer intended to add a class called
SessionUpdateTimestampHandler, but never did so. The variable which was intended to point
to its class entry is never initialized.
The implementer also coded two methods for this class. Strangely, the method bodies
are declared with PHP_METHOD(SessionHandler, ...) rather than
PHP(SessionUpdateTimestampHandler, ...). However, these method implementations are not
added to the method table of any class or interface. They are just dead code.
The $Id$ keywords were used in Subversion where they can be substituted
with filename, last revision number change, last changed date, and last
user who changed it.
In Git this functionality is different and can be done with Git attribute
ident. These need to be defined manually for each file in the
.gitattributes file and are afterwards replaced with 40-character
hexadecimal blob object name which is based only on the particular file
contents.
This patch simplifies handling of $Id$ keywords by removing them since
they are not used anymore.
* PHP-5.6:
Fix bug #67972 (SessionHandler Invalid memory read create_sid()).
Update LSAPI to 6.7, added support for 'filter_input'. Fixed a crash in CLI mode.
5.5.18 now
* PHP-5.5:
Fix bug #67972 (SessionHandler Invalid memory read create_sid()).
Update LSAPI to 6.7, added support for 'filter_input'. Fixed a crash in CLI mode.
5.5.18 now
Conflicts:
configure.in
main/php_version.h
* Amended existing tests to cater for new functionality.
* Implemented fixes and optimisations recommended by NikiC
* Added create_sid to the registered interface. This was breaking
tests. It also now breaks BC for people implementing the interface
directly instead of extending the class.
A lot of code already existed to allow a custom create_sid handler, but
lacked a specific implementation.
Therefore I have added a 7th (optional) argument
session_set_save_handler, to allow a user function to be supplied for
session id generation.
If a create_sid function is not supplied, the default function is
called in its absence to preserve backwards compatibility.
Likewise create_sid only added to SessionHandler class, and not the
interface to maintain backwards compatibility. If the result is not
overridden, the default is called.
Allows user session handlers to create session IDs by adding an optional
7th argument to session_set_save_handler() and a create_sid() method
to SessionHandler.
* Amended existing tests to cater for new functionality.
* Implemented fixes and optimisations recommended by NikiC
* Added create_sid to the registered interface. This was breaking
tests. It also now breaks BC for people implementing the interface
directly instead of extending the class.
A lot of code already existed to allow a custom create_sid handler, but
lacked a specific implementation.
Therefore I have added a 7th (optional) argument
session_set_save_handler, to allow a user function to be supplied for
session id generation.
If a create_sid function is not supplied, the default function is
called in its absence to preserve backwards compatibility.
Likewise create_sid only added to SessionHandler class, and not the
interface to maintain backwards compatibility. If the result is not
overridden, the default is called.
Nikita Popov