php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-01 05:02:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
137,591 Commits 547 Branches 1,481 Tags
php-8.4.0beta4
Commit Graph

604 Commits

Author SHA1 Message Date
Kamil Tekiela
c5bce0d8a2 Deprecate disabling use_only_cookies (#13578) 2024-08-24 16:33:45 +02:00
Jorg Adam Sowa
ff69f334f1 ext/session: Warn when providing invalid values for session.gc_probability and session.gc_divisor 2024-08-22 01:29:40 +01:00
Christoph M. Becker
3ed5eee5d3 [skip ci] Fix bug71162.phpt xfail message (GH-15506) 
The test failure is unlikely to be caused by `SessionHandlerInterface`
not being available.
 2024-08-20 14:48:52 +02:00
Jorg Adam Sowa
21fa5e15f9 ext/session: session_create_id() now throws a ValueError for large prefix (#15338) 2024-08-15 11:10:18 +01:00
Jorg Adam Sowa
c4eccf33e9 ext/session: session.save_handler - add tests fortwo uncovered cases (#15337) 2024-08-11 15:39:56 +01:00
Jorg Adam Sowa
6bf7b7220d ValueError on null byte in session_name() (#15286) 2024-08-11 13:26:54 +01:00
Tim Düsterhus
e8ff7c70f9 session: Deprecate session.sid_length and session.sid_bits_per_character (#15213) 
RFC: https://wiki.php.net/rfc/deprecations_php_8_4
 2024-08-04 18:25:31 +02:00
Jorg Adam Sowa
8e1561cdbe Check session_create_id() input for null byte (#14728) 2024-07-06 21:18:35 +01:00
Niels Dossche
a58c3a7eb1 Merge branch 'PHP-8.3' 
* PHP-8.3:
  Fix reading zlib ini settings in ext-soap
  Fix memory leak if calling SoapServer::setClass() twice
  Fix memory leak if calling SoapServer::setObject() twice
  Fix missing error restore code in ext-soap (#14379)
  Fix GH-14368: Test failure in ext/session/tests/gh13856.phpt (#14378)
 2024-05-31 18:27:22 +02:00
Niels Dossche
2b1097a87d Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix reading zlib ini settings in ext-soap
  Fix memory leak if calling SoapServer::setClass() twice
  Fix memory leak if calling SoapServer::setObject() twice
  Fix missing error restore code in ext-soap (#14379)
  Fix GH-14368: Test failure in ext/session/tests/gh13856.phpt (#14378)
 2024-05-31 18:26:22 +02:00
Niels Dossche
d7aa0be3a8 Fix GH-14368: Test failure in ext/session/tests/gh13856.phpt (#14378) 
If the runner overrides session.save_path, the test fails.
Manually set it to a value known to trigger the issue.
 2024-05-31 18:18:40 +02:00
Peter Kokot
c1d71cfeea Remove forgotten obsolete session INI directives (#14238) 
The session.hash_function and session.hash_bits_per_character INI
directives have been removed in PHP 7.1:
3467526a65
 2024-05-15 17:01:15 +02:00
Jorg Adam Sowa
4829b8f2cb ext/session: Add test for session_start with read_and_close option (#13799) 2024-04-14 13:22:43 +01:00
Niels Dossche
cf313321c2 Merge branch 'PHP-8.3' 
* PHP-8.3:
  [ci skip] NEWS
  Fix GH-13891: memleak and segfault when using ini_set with session.trans_sid_hosts (#13892)
 2024-04-06 13:45:10 +02:00
Niels Dossche
eb244fcb49 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  [ci skip] NEWS
  Fix GH-13891: memleak and segfault when using ini_set with session.trans_sid_hosts (#13892)
 2024-04-06 13:45:00 +02:00
Niels Dossche
5ce9687cb2 Fix GH-13891: memleak and segfault when using ini_set with session.trans_sid_hosts (#13892) 
The hash tables used are allocated via the persistent allocator.
When using ini_set, the allocation happens via the non-persistent
allocator. When the table is then freed in GSHUTDOWN, we get a crash
because the allocators are mismatched.

As a side note, it is strange that this is designed this way, because it
means that ini_sets persist between requests...

Co-authored-by: Kamil Tekiela <tekiela246@gmail.com>
 2024-04-06 13:43:26 +02:00
Niels Dossche
0dc599853a Merge branch 'PHP-8.3' 
* PHP-8.3:
  Fix GH-13856: Member access within null pointer of type 'ps_files' in ext/session/mod_files.c
 2024-04-01 14:16:28 +02:00
Niels Dossche
3f598a3073 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-13856: Member access within null pointer of type 'ps_files' in ext/session/mod_files.c
 2024-04-01 14:16:23 +02:00
Niels Dossche
46f45a51b4 Fix GH-13856: Member access within null pointer of type 'ps_files' in ext/session/mod_files.c 
We should not mark the session as opened when there was a failure in
open.

Closes GH-13858.
 2024-04-01 14:15:51 +02:00
Jorg Adam Sowa
f69d540541 Removed impossible paths from session_decode and session_encode (#13796) 2024-03-24 20:20:42 +01:00
Niels Dossche
8793f9938b Merge branch 'PHP-8.3' 
* PHP-8.3:
  Fix GH-13680: Segfault with session_decode and compilation error
 2024-03-13 17:59:43 +01:00
Niels Dossche
b58dc6fd1a Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-13680: Segfault with session_decode and compilation error
 2024-03-13 17:49:31 +01:00
Niels Dossche
6985aff7c3 Fix GH-13680: Segfault with session_decode and compilation error 
It's illegal to return from a bailout because that doesn't restore the
original bailout data. Return outside of it.

Test by YuanchengJiang

Closes GH-13689.
 2024-03-13 17:47:25 +01:00
Niels Dossche
2c4534a5b9 Merge branch 'PHP-8.3' 
* PHP-8.3:
  Fix GH-12504: Corrupted session written when there's a fatal error in autoloader
 2024-01-22 22:04:20 +01:00
Niels Dossche
d50393e242 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-12504: Corrupted session written when there's a fatal error in autoloader
 2024-01-22 22:02:28 +01:00
Niels Dossche
7f7031eb72 Fix GH-12504: Corrupted session written when there's a fatal error in autoloader 
For details and reasoning, see [1] and following.

[1] https://github.com/php/php-src/issues/12504#issuecomment-1790870399

Closes GH-13207.
 2024-01-22 21:59:11 +01:00
Máté Kocsis
b36eac94d2 Deprecate calling session_set_save_handler() with more than 2 arguments 2023-12-04 22:35:30 +01:00
Ilija Tovilo
f39b5c4c25 Close PHP tags in tests 
Closes GH-12422
 2023-10-18 17:34:10 +02:00
Christian Clauss
886bf820c9 [skip ci] Fix typos discovered by codespell (#12228) 2023-09-18 11:07:17 +01:00
Ilija Tovilo
9bcdf219ec Resolve open_basedir paths on ini update 
Closes GH-10987
 2023-07-18 14:43:40 +02:00
Michael Orlitzky
092e090cf0 ext/session/tests: more lenient expected output checks. (#11631) 
Several session tests incidentally check the values of INI variables
like session.name and session.save_path. This isn't the point of the
tests, and it can cause spurious failures if (for example) you want to
override your temporary directory while testing. So here, we make the
expected output patterns more lenient.
 2023-07-10 09:25:25 +01:00
Remi Collet
0561783903 ensure session.sid_length have proper value for test 2023-06-07 07:33:36 +02:00
Mikhail Galanin
2eee46e989 ext/session: pass ini options to extra processes in tests (#11294) 2023-05-24 12:05:09 +02:00
Calvin Buckley
180f785404 Note where a session was already started (#10736) 
* Note where a session was already started

Duplicated session starts can be annoying to debug. The error that
occurs when a session is already active doesn't tell you where it
was initialized, so figuring out the callsite involves manual
debugging to find it out.

This keeps track of the call site of session_start as a request
global, and frees at the end of the request. It should make it
easier to find these instances for PHP users.

The resulting message can look like:
Notice: session_start(): Ignoring session_start() because a session is already active (started from /home/calvin/src/php-src/inc.php on line 4) in /home/calvin/src/php-src/index.php on line 9

Fixes GH-10721

* Convert to using zend_string for session start location

* Fix leak with session start callsite filename

If this was already initialized, we'd forget it. Have shared free
between session_start and RSHUTDOWN.

* For sessions that are automatically started, note that

Easy to forget that you have this set, in which case, session start
is done at RINIT outside of user code. Because this config option
can't change at runtime, we can check for it and make the error
more specific if that's the case.
 2023-03-28 15:14:21 +01:00
Tim Düsterhus
dd8de1e726 Promote unserialize() notices to warning (#9629) 
* Unserialize: Migrate "Unexpected end of serialized data" to E_WARNING

* Unserialize: Migrate "Error at offset %d of %d bytes" to E_WARNING

* Unserialize: Migrate "%s is returned from __sleep() multiple times" to E_WARNING

* Add NEWS for “Promote unserialize() notices to warning”
 2022-11-15 19:36:38 +01:00
David Carlier
da47547809 Merge branch 'PHP-8.2' 2022-11-15 12:31:33 +00:00
David Carlier
65782fbbe8 Merge branch 'PHP-8.1' into PHP-8.2 2022-11-15 12:30:04 +00:00
David Carlier
a4298c14c1 Fix GH-9932: Discards further characters for session name. 
As those are converted, it s better to make aware of the code caller of the naming inadequacy.
Closes GH-9940.
 2022-11-15 12:27:44 +00:00
George Peter Banyard
8e9fa2bd23 Convert mod user FINISH macro to static function 2022-10-22 12:47:34 +01:00
George Peter Banyard
5b40d06680 Refactor session_set_save_handler() 
Use proper ZPP callables with FCI/FCC
 2022-10-22 12:47:34 +01:00
George Peter Banyard
15c0df76b5 Add regression test for not setting optional closures again 2022-10-22 12:47:34 +01:00
George Peter Banyard
5465eff03c Remove tests as they are identical to already existing basic tests 2022-10-22 12:47:34 +01:00
George Peter Banyard
386892f1fe Restructure ext-session tests 
And small improvements to some
 2022-10-22 12:47:34 +01:00
George Peter Banyard
7d5ce1c483 Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  Actually fix GH-9583
 2022-10-06 14:31:29 +01:00
George Peter Banyard
09a57d385d Merge branch 'PHP-8.0' into PHP-8.1 
* PHP-8.0:
  Actually fix GH-9583
 2022-10-06 14:29:53 +01:00
George Peter Banyard
499fbcd679 Actually fix GH-9583 
The issue is that PS(mod)->s_validate_sid is always defined for user modules, thus we need to check that the actual callable is set
Add another regression test to ensure current working behaviour is not broken (which was by the previous incorrect fix)

Closes GH-9638
 2022-10-06 14:29:13 +01:00
George Peter Banyard
3579ddaace Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  Fix GH-9583: session_create_id() fails with user defined save handler that doesn't have a validateId() method
 2022-09-27 15:58:30 +01:00
George Peter Banyard
72cb47338e Merge branch 'PHP-8.0' into PHP-8.1 
* PHP-8.0:
  Fix GH-9583: session_create_id() fails with user defined save handler that doesn't have a validateId() method
 2022-09-27 15:54:37 +01:00
George Peter Banyard
8b115254c0 Fix GH-9583: session_create_id() fails with user defined save handler that doesn't have a validateId() method 2022-09-27 15:52:21 +01:00
Ilija Tovilo
3071d85a6b PS(mod_user_class_name) must not leak into next request 
Fixes GH-9584
 2022-09-22 11:37:37 +02:00