ab211d72a3
Fix session test failures as reported by Antony Dovgal.
...
These were caused by the tests assuming default values for some session
configuration settings, in particular session.save_path and session.name.
The tests now explicitly set these settings in the --INI-- section.
2008-04-30 15:20:16 +00:00
3a30d703c0
Fix session test failures as reported by Antony Dovgal.
...
These were caused by the tests assuming default values for some session
configuration settings, in particular session.save_path and session.name.
The tests now explicitly set these settings in the --INI-- section.
2008-04-30 09:27:59 +00:00
ad86c485cd
MFH Fixed bug #44720 (Prevent infinite recursion within session_register)
2008-04-29 14:42:38 +00:00
597adbfef1
More session tests to improve code coverage for untested extension code
2008-04-29 09:24:17 +00:00
2d2ad8e8d3
More session tests to improve code coverage for untested extension code
2008-04-29 08:57:12 +00:00
64de2d2d45
New set of session extension tests for PHP 5.2 branch.
...
These hopefully test a reasonable set of basic, error and variations for
the twenty or so session functions. Note however that they do not
test all the session configuration settings, nor do they test anything
with register_globals enabled.
2008-04-22 16:04:00 +00:00
1f4fa0ba1f
These tests were backported from the PHP 6.0 branch, which in turn were ported from this branch and then updated to remove any dependencies on register_globals. With register_globals removed they are useful tests to run against the 5.X branches.
2008-04-22 15:58:34 +00:00
d9f3a1305f
MFH: Bump copyright year, 2 of 2.
2007-12-31 07:20:42 +00:00
ea6de20d86
Fixed Bug #42596 (session.save_path MODE option does not work).
2007-09-10 23:42:54 +00:00
de85bf4060
MFH: ws + cs changes (sync to ease merging patches around!)
2007-08-23 12:23:59 +00:00
19401951c0
MFH: sync
2007-08-23 11:42:21 +00:00
89c0ba1685
Fixed bug #37273 (Symlinks and mod_files session handler allow open_basedir
...
bypass).
2007-08-23 02:04:39 +00:00
6b7f164803
correct fix for access control for save_path and .htaccess
2007-08-03 01:16:40 +00:00
3034092111
Fixed bug #42135 (Second call of session_start() causes creation of SID)
2007-07-29 14:43:30 +00:00
143badba52
always check save_path (issue reported by Maksymilian Arciemowicz)
2007-07-10 17:40:41 +00:00
e2d606e18b
Fixed compiler warning
2007-06-17 14:25:46 +00:00
df7bfe0a0f
MFH
2007-06-16 07:48:07 +00:00
70a8f9313b
Disallow characters that Cookie RFC does not allow in unquoted cookies
2007-06-15 22:40:00 +00:00
d042fd0675
MFH: php_gmtime_r() fixes
2007-06-07 08:59:00 +00:00
c38ad55e8e
Fixed bug #41600 (url rewriter tags doesn't work with namespaced tags).
2007-06-06 00:00:28 +00:00
ffd09c0961
fix tests
2007-05-18 11:29:55 +00:00
69650d0ebf
do not send cookie when session is passed in URL, same as it happens with GET/POST
2007-05-16 01:18:14 +00:00
1f65545121
fix test names
2007-05-07 18:03:01 +00:00
39f9184fa6
MFH: fix #40998 (long session array keys are truncated)
2007-04-04 19:52:19 +00:00
7aab16c333
Fixed MOPB-22-2007:PHP session_regenerate_id() Double Free Vulnerability
...
# Discovered by Stefan Esser
2007-03-14 19:37:07 +00:00
9c62ddde34
Typo
2007-03-14 09:58:14 +00:00
a500d1efe9
Adjust checks to allow paths without a trailing /
2007-03-03 15:07:31 +00:00
4735df26f8
Improve safe_mode check
2007-03-02 00:49:47 +00:00
efad70c2cc
snprintf() -> slprintf()
2007-02-27 03:28:17 +00:00
c667c70bdb
fix typo
2007-02-26 17:47:21 +00:00
50ea26760d
- Avoid sprintf, even when checked copy'n'paste or changes lead to errors
2007-02-24 02:17:47 +00:00
3e262bd369
disallow negative length
2007-02-24 01:18:14 +00:00
c6402df3a7
Eliminate strcat() usage.
2007-02-19 23:53:00 +00:00
629d7cf43f
Fixed Bug #40274 (Sessions fail with numeric root keys).
2007-02-06 00:01:18 +00:00
ae792a06b0
Fixed SIGSEGV
2007-01-10 07:04:49 +00:00
81729c1ece
Prevent SESSION/GLOBALS overload via session decoding
2007-01-09 15:31:12 +00:00
d1891c3d8a
removed dl() block
2007-01-06 17:35:44 +00:00
630254d55e
Fix skipif
2007-01-06 16:56:38 +00:00
7ba84b8807
Added missing open_basedir checks
2007-01-04 23:49:35 +00:00
4223aa4d5e
MFH: Bump year.
2007-01-01 09:36:18 +00:00
ba64553913
Added boundary checks to php_binary deserializer
2006-12-31 22:25:55 +00:00
66e555c66f
die("skip this is for PHP < 4.2.3");
2006-12-27 15:22:28 +00:00
ffd41a503f
Session deserializer protection.
2006-12-26 16:53:47 +00:00
7d2142a56e
protect _SESSION, HTTP_SESSION_VARS and GLOBALS
...
maintain an internal reference of _SESSION, so that it won't be possible to destroy it from userspace
2006-12-20 19:31:28 +00:00
bcf457d828
MFH: fix retval type
2006-12-04 15:58:48 +00:00
35f78f221b
Fixed bug #37627 (session save_path check checks the parent directory).
2006-12-04 15:19:26 +00:00
5f3e233ea7
Disallow \0 chars inside session.save_path
2006-12-01 00:27:20 +00:00
050f94f746
MFH: Fix double "wron param count" messages
2006-11-03 14:46:48 +00:00
3f71251ffa
MFH: Fixed bug #39265 (Fixed path handling inside mod_files.sh).
2006-11-03 13:19:07 +00:00
b1d8f7e09d
Expose session storage module locater and serialization function via PHPAPI
2006-10-06 21:11:36 +00:00
Ant Phillips