archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 14:08:47 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'PHP-5.6' into PHP-7.0

Browse source 
* PHP-5.6:
  Improved fix for bug #68063 (Empty session IDs do still start sessions).
This commit is contained in:
Yasuo Ohgaki 2016-01-15 10:19:01 +09:00
commit 132d919c85
3 changed files with 14 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

1
NEWS
View file

@ -44,6 +44,7 @@ PHP NEWS
immediately). (Laruence) immediately). (Laruence)
- Session: - Session:
. Improved fix for bug #68063 (Empty session IDs do still start sessions). (Yasuo)
. Fixed bug #71038 (session_start() returns TRUE on failure). . Fixed bug #71038 (session_start() returns TRUE on failure).
Session save handlers must return 'string' always for successful read. Session save handlers must return 'string' always for successful read.
i.e. Non-existing session read must return empty string. PHP 7.0 is made i.e. Non-existing session read must return empty string. PHP 7.0 is made

10
ext/session/session.c
View file

@ -522,7 +522,10 @@ static void php_session_initialize(void) /* {{{ */
} }
/* If there is no ID, use session module to create one */ /* If there is no ID, use session module to create one */
if (!PS(id)) { if (!PS(id) || !ZSTR_VAL(PS(id))[0]) {
if (PS(id)) {
efree(PS(id));
}
PS(id) = PS(mod)->s_create_sid(&PS(mod_data)); PS(id) = PS(mod)->s_create_sid(&PS(mod_data));
if (!PS(id)) { if (!PS(id)) {
php_session_abort(); php_session_abort();
@ -2282,11 +2285,6 @@ static PHP_FUNCTION(session_start)
RETURN_FALSE; RETURN_FALSE;
} }
if (PS(id) && !(ZSTR_LEN(PS(id)))) {
php_error_docref(NULL, E_WARNING, "Cannot start session with empty session ID");
RETURN_FALSE;
}
/* set options */ /* set options */
if (options) { if (options) {
ZEND_HASH_FOREACH_KEY_VAL(Z_ARRVAL_P(options), num_idx, str_idx, value) { ZEND_HASH_FOREACH_KEY_VAL(Z_ARRVAL_P(options), num_idx, str_idx, value) {

14
ext/session/tests/bug68063.phpt
View file

@ -3,18 +3,22 @@ Bug #68063 (Empty session IDs do still start sessions)
--SKIPIF-- --SKIPIF--
<?php include('skipif.inc'); ?> <?php include('skipif.inc'); ?>
--INI-- --INI--
session.use_strict_mode=0
session.hash_function=1
session.hash_bits_per_character=4
--FILE-- --FILE--
<?php <?php
// Empty session ID may happen by browser bugs
// Could also be set with a cookie like "PHPSESSID=; path=/" // Could also be set with a cookie like "PHPSESSID=; path=/"
session_id(''); session_id('');
// Will still start the session and return true // Start the session with empty string should result in new session ID
var_dump(session_start()); var_dump(session_start());
// Returns an empty string // Returns newly created session ID
var_dump(session_id()); var_dump(session_id());
?> ?>
--EXPECTF-- --EXPECTF--
Warning: session_start(): Cannot start session with empty session ID in %s on line %d bool(true)
bool(false) string(40) "%s"
string(0) ""