* Unify headers already sent errors
Now whenever we need to check where headers were already sent in
ext/session, we call a single location that prints where, keeping it
consistent output wise.
* Unify session aready started errors
Similar to the one for headers.
* Also change session active checks too
This usually go hand in hand with the headers already sent checks, but
is in a separate commit because of the amount of tests it changes.
We had previously improved where sessions were already started, and
where headers were already sent when setting headers, but not where a
header has been sent if we try to set the header cookie.
Fixes GH-16372
Two issues:
1) The check happened before ZPP checks
2) The `return;` statement caused NULL to be returned while this
function can only return booleans. An exception seems not acceptable
in stable versions, but a warning may do.
Closes GH-16386.
The hash tables used are allocated via the persistent allocator.
When using ini_set, the allocation happens via the non-persistent
allocator. When the table is then freed in GSHUTDOWN, we get a crash
because the allocators are mismatched.
As a side note, it is strange that this is designed this way, because it
means that ini_sets persist between requests...
Co-authored-by: Kamil Tekiela <tekiela246@gmail.com>
It's illegal to return from a bailout because that doesn't restore the
original bailout data. Return outside of it.
Test by YuanchengJiang
Closes GH-13689.
Several session tests incidentally check the values of INI variables
like session.name and session.save_path. This isn't the point of the
tests, and it can cause spurious failures if (for example) you want to
override your temporary directory while testing. So here, we make the
expected output patterns more lenient.
* Note where a session was already started
Duplicated session starts can be annoying to debug. The error that
occurs when a session is already active doesn't tell you where it
was initialized, so figuring out the callsite involves manual
debugging to find it out.
This keeps track of the call site of session_start as a request
global, and frees at the end of the request. It should make it
easier to find these instances for PHP users.
The resulting message can look like:
Notice: session_start(): Ignoring session_start() because a session is already active (started from /home/calvin/src/php-src/inc.php on line 4) in /home/calvin/src/php-src/index.php on line 9
Fixes GH-10721
* Convert to using zend_string for session start location
* Fix leak with session start callsite filename
If this was already initialized, we'd forget it. Have shared free
between session_start and RSHUTDOWN.
* For sessions that are automatically started, note that
Easy to forget that you have this set, in which case, session start
is done at RINIT outside of user code. Because this config option
can't change at runtime, we can check for it and make the error
more specific if that's the case.
* Unserialize: Migrate "Unexpected end of serialized data" to E_WARNING
* Unserialize: Migrate "Error at offset %d of %d bytes" to E_WARNING
* Unserialize: Migrate "%s is returned from __sleep() multiple times" to E_WARNING
* Add NEWS for “Promote unserialize() notices to warning”
Niels Dossche