In eaee504c the session's save_path global was changed to a
zend_string pointer, but there are a few direct char-pointer accesses
in ext/session/mod_mm.c that slipped through the cracks. GCC-15
notices them and fails to build due to the incompatible pointer types.
Three ZSTR_* wrappers are all that is needed.
Gentoo-Bug: https://bugs.gentoo.org/967862
Closes GH-20772.
Don't use persistent string/attribute for the global SID constant, which is
created at runtime and destroyed at the end of the request.
Requires CFLAGS="-DZEND_RC_DEBUG=1" to reproduce.
Closes GH-19595
* Add SAPI_HEADER_DELETE_PREFIX operation
The session ext currently munges into the linked list of headers
itself, because the delete header API is given the key for headers to
delete. The session ext wants to use a prefix past the colon separator,
for i.e. "Set-Cookie: PHPSESSID=", to eliminate only the specific cookie
rather than all cookies.
This changes the SAPI code to add a new header op to take a prefix
instead. Call sites are yet unchanged. Also fix some whitespace.
* Simplify cookie setting code in ext/session
Use the modern SAPI header ops API, including the remove prefix op we
just added.
* [ci skip] Remove redundant and unnecessary comment
The purpose of this is clear, and after refactoring, the special case is
no longer there, so it has no value.
* Un-deprecate simple add/replace header API, use it
Suggestion from Jakub.
* Restore the optimization removing session cookies had
I don't think this needs to be special cased with the parameter.
* Move setting header length to caller
Suggestion from Jakub.
* [ci skip] adjust tab count
It may be better to use spaces in here instead.
* Use session_cookie_len rather than calling strlen
* Unify headers already sent errors
Now whenever we need to check where headers were already sent in
ext/session, we call a single location that prints where, keeping it
consistent output wise.
* Unify session aready started errors
Similar to the one for headers.
* Also change session active checks too
This usually go hand in hand with the headers already sent checks, but
is in a separate commit because of the amount of tests it changes.
We had previously improved where sessions were already started, and
where headers were already sent when setting headers, but not where a
header has been sent if we try to set the header cookie.
Fixes GH-16372
Two issues:
1) The check happened before ZPP checks
2) The `return;` statement caused NULL to be returned while this
function can only return booleans. An exception seems not acceptable
in stable versions, but a warning may do.
Closes GH-16386.
Using `php_error_docref()` is preferable since it outputs additional
details (which function has been called and whether it is a startup or
shutdown error), uses HTML markup, and also provides a link to the
documentation, if configured.
Since these deprecation warnings have been introduced recently[1][2],
i.e. for PHP 8.4, there are no BC concerns.
[1] <e8ff7c70f9>
[2] <b36eac94d2>
Co-authored-by: Máté Kocsis <kocsismate90@gmail.com>
Currently, internal classes are registered with the following code:
INIT_CLASS_ENTRY(ce, "InternalClass", class_InternalClass_methods);
class_entry = zend_register_internal_class_ex(&ce, NULL);
class_entry->ce_flags |= ...;
This has worked well so far, except if InternalClass is readonly. It is because some inheritance checks are run by zend_register_internal_class_ex before ZEND_ACC_READONLY_CLASS is added to ce_flags.
The issue is fixed by adding a zend_register_internal_class_with_flags() zend API function that stubs can use from now on. This function makes sure to add the flags before running any checks. Since the new API is not available in lower PHP versions, gen_stub.php has to keep support for the existing API for PHP 8.3 and below.
This is at this point only meta-data information for extensions to
depend also on date extension. This is a configure phase dependency for
consistency.
