php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-22 07:28:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
110,515 Commits 549 Branches 1,485 Tags
ce149b0cb8ce8983eae3885dd42e9ccbdc650d6e
Commit Graph

859 Commits

Author SHA1 Message Date
Christoph M. Becker b510250b8e Fix #79413: session_create_id() fails for active sessions 
The comment on `PS_VALIDATE_SID_FUNC(files)` is very clear that the
function is supposed to return `SUCCESS` if the session already exists.
So to detect a collision, we have to check for `SUCCESS`, not
`FAILURE`.

We also fix the wrong condition in session_regenerate_id() as well.
 2020-03-31 08:38:23 +02:00
Stanislav Malyshev 409965fe1c Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress 2020-02-17 00:19:30 -08:00
Stanislav Malyshev 25ec7eb346 Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Update NEWS
  Fix bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`)
  Fix #79099: OOB read in php_strip_tags_ex
  Fix #79091: heap use-after-free in session_create_id()
 2020-01-20 22:46:29 -08:00
Christoph M. Becker f79c774274 Fix #79091: heap use-after-free in session_create_id() 
If the `new_id` is released, we must not use it again.
 2020-01-20 21:43:42 -08:00
Christoph M. Becker f0ccd9ffc6 Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Fix #77911: Wrong warning for session.sid_bits_per_character
 2019-04-17 17:24:15 +02:00
Christoph M. Becker d20053a556 Fix #77911: Wrong warning for session.sid_bits_per_character 2019-04-17 17:23:23 +02:00
Pedro Magalhães a16aee6cee Fix #76688: Disallow excessive parameters after options array 2018-08-12 15:49:13 +02:00
Pedro Magalhães 2b58ab23c6 Support for samesite cookies with array syntax 
Allows using an alternative array argument with
support for the samesite option on the following
functions:
setcookie
setrawcookie
session_set_cookie_params
 2018-07-31 12:40:26 +02:00
Frederik Bosch 08b9310e6d implement same site cookie see https://bugs.php.net/bug.php?id=72230 see https://tools.ietf.org/html/draft-west-first-party-cookies-07 see https://scotthelme.co.uk/csrf-is-dead/ 2018-07-31 12:40:24 +02:00
Peter Kokot a5e80b22e1 Fix typos in code comments 2018-07-25 11:57:11 +02:00
Peter Kokot 8d3f8ca12a Remove unused Git attributes ident 
The $Id$ keywords were used in Subversion where they can be substituted
with filename, last revision number change, last changed date, and last
user who changed it.

In Git this functionality is different and can be done with Git attribute
ident. These need to be defined manually for each file in the
.gitattributes file and are afterwards replaced with 40-character
hexadecimal blob object name which is based only on the particular file
contents.

This patch simplifies handling of $Id$ keywords by removing them since
they are not used anymore.
 2018-07-25 00:53:25 +02:00
Dmitry Stogov 67b4c3379a Uze ZVAL_COPY_DEREF() instead of ZVAL_DEREF() and ZVAL_COPY() 2018-07-09 12:46:46 +03:00
Dmitry Stogov 169d454593 Use zval_ptr_dtor() imstead of zval_dtor() 2018-07-05 17:55:54 +03:00
Dmitry Stogov 4a475a4976 Replace legacy zval_dtor() by zval_ptr_dtor_nogc() or even more specialized destructors. 
zval_dtor() doesn't make a lot of sense in PHP-7.* and it's used incorrectly in some places.
Its occurances should be replaced by zval_ptr_dtor() or zval_ptr_dtor_nogc(), or even more specialized destructors.
 2018-07-04 19:22:24 +03:00
Dmitry Stogov af341213f7 se zval_ptr_dtor_str() instead of zend_string_release_ex(Z_STR(*), 0) 2018-07-04 12:08:07 +03:00
Dmitry Stogov 5eb1f92f31 Use zend_string_release_ex() instread of zend_string_release() in places, where we sure about string persistence. 2018-05-28 16:27:12 +03:00
Gabriel Caruso 2d48d734a2 Fix some misspellings 2018-02-06 16:59:00 +01:00
Xinchen Hui a6519d0514 year++ 2018-01-02 12:57:58 +08:00
Xinchen Hui 7a7ec01a49 year++ 2018-01-02 12:55:14 +08:00
Dmitry Stogov 83e495e0fd Move constants into read-only data segment 2017-12-14 22:14:36 +03:00
Dmitry Stogov f98721b4e0 Intern auto global name strings in first place 2017-11-29 17:10:51 +03:00
Dmitry Stogov ccc12b82da Avoid unnecessary reference-counting on strings. 2017-11-16 17:09:32 +03:00
Nikita Popov a57f370e59 Clarify bin_to_readable code 
I got a bit of a scare when I first saw this code. Turns out that
the way it's used inlen==outlen and that's why it works.
 2017-11-14 21:37:22 +01:00
Anatol Belski 0d1eeeb68d move zend_ato*() to size_t and remove casts 2017-07-28 14:59:31 +02:00
Anatol Belski 6aa9c1911b Merge branch 'PHP-7.2' 
* PHP-7.2:
  Fixed bug #74833, SID constant created with wrong module number
 2017-07-26 13:21:48 +02:00
Anatol Belski 9ff4801159 Merge branch 'PHP-7.1' into PHP-7.2 
* PHP-7.1:
  Fixed bug #74833, SID constant created with wrong module number
 2017-07-26 13:21:20 +02:00
Anatol Belski eaf5c7cdd4 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fixed bug #74833, SID constant created with wrong module number
 2017-07-26 13:20:48 +02:00
Anatol Belski bd00fe81cc Fixed bug #74833, SID constant created with wrong module number 2017-07-26 13:19:41 +02:00
dreamsxin 072ef62f6e Add warning for change session id when session is active 2017-07-25 09:27:58 +01:00
Sergei Morozov 9b9184a45a Fixed bug #74941 - Session fails to start after having headers sent 2017-07-20 07:52:02 +01:00
Sergei Morozov 5b12b46a19 Fixed bug #74936 - session_*() functions trigger a warning in read mode when the session is active 2017-07-18 22:25:22 +02:00
Yasuo Ohgaki a2d766503a Fixed bug #74514 5 session functions incorrectly warn when calling in read-only/getter mode 2017-07-01 03:32:54 +09:00
Nikita Popov 035a27cbc6 Only compute callback name in error cases 
Mostly the callback name is only used to report an error. Try to
avoid calculating it if no error occurred.
 2017-06-25 18:45:59 +02:00
Xinchen Hui 8f2d3539f2 Merge branch 'PHP-7.1' 
* PHP-7.1:
  Fixed tests when using cumstom php.ini(session.save_handler)
  Fix Bug #74541 Wrong reflection on session_start()
 2017-05-09 11:15:32 +08:00
Xinchen Hui 05c90e5994 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fixed tests when using cumstom php.ini(session.save_handler)
  Fix Bug #74541 Wrong reflection on session_start()
 2017-05-09 11:14:40 +08:00
Fabien Villepinte b39c70b4a7 Fix Bug #74541 Wrong reflection on session_start() 2017-05-08 22:42:09 +02:00
Nikita Popov 7cba31535c Separate array in session upload progress 2017-01-23 17:19:12 +00:00
Joe Watkins 71a42477ca Merge branch 'PHP-7.1' 
* PHP-7.1:
  Update comment, incorrect since 224aaf94
 2017-01-19 10:49:09 +00:00
SjonHortensius 631861e1fa Update comment, incorrect since 224aaf94 
In 224aaf94; the warning was enabled; making the comment above incorrect. I've updated the comment to reflect the current code
 2017-01-19 10:48:54 +00:00
Sammy Kaye Powers dac6c639bb Update copyright headers to 2017 2017-01-04 11:23:42 -06:00
Sammy Kaye Powers 478f119ab9 Update copyright headers to 2017 2017-01-04 11:14:55 -06:00
Sammy Kaye Powers 9e29f841ce Update copyright headers to 2017 2017-01-02 09:30:12 -06:00
dreamszhu e10425fe8b Add PHPAPI php_session_flush and php_session_destroy 2017-01-01 07:30:22 +08:00
Anatol Belski f8aa57ab2f fix uninitialized value 2016-12-27 23:43:49 +01:00
Graham Campbell 22f3695fe1 Fixed typo in "session_module_name" 2016-12-27 22:01:19 +01:00
Yasuo Ohgaki a93a51c3bf Fix bug #73100 - Improve bug fix. Forbid to set 'user' save handler other than set_save_handler(). 2016-12-22 16:04:28 +09:00
Yasuo Ohgaki bf5c502e3d Remove "register_globals" support codes from php/php_binary serializers. 
As a result, users may use PS_UNDEF_MAKER(=!) char for session variable name.
 2016-12-21 08:07:14 +09:00
Yasuo Ohgaki 7f196e321f Fix bug #71038 - session_start() returns true even when it failed 
PR #2167
 2016-11-17 11:09:07 +09:00
Yasuo Ohgaki 3d6e922367 Refactor and cleanup implementation. 2016-11-16 05:08:29 +00:00
Yasuo Ohgaki 7b29c3fba6 Revert "Fix Bug #73461" 
This reverts commit 0383de1467.
 2016-11-16 05:08:29 +00:00