MFB: An improved fix for bug #38224

2025-08-18 15:08:55 +02:00 · 2006-07-27 15:36:43 +00:00 · 2006-07-27 15:36:43 +00:00 · a081be13fc
commit a081be13fc
parent 1dcb726c5a
3 changed files with 6 additions and 3 deletions
--- a/ext/session/mod_files.c
+++ b/ext/session/mod_files.c
@ -152,6 +152,7 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC)
 		
 		if (!ps_files_valid_key(key)) {
 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'");
+			PS(invalid_session_id) = 1;
 			return;
 		}
 		if (!ps_files_path_create(buf, sizeof(buf), data, key))
--- a/ext/session/php_session.h
+++ b/ext/session/php_session.h
@ -123,6 +123,7 @@ typedef struct _php_ps_globals {
 	long hash_bits_per_character;
 	int send_cookie;
 	int define_sid;
+	zend_bool invalid_session_id;	/* allows the driver to report about an invalid session id and request id regeneration */
 } php_ps_globals;

 typedef php_ps_globals zend_ps_globals;
--- a/ext/session/session.c
+++ b/ext/session/session.c
@ -653,7 +653,6 @@ static void php_session_initialize(TSRMLS_D)
 {
 	char *val;
 	int vallen;
-	zend_bool make_new = 0;

 	/* check session name for invalid characters */
 	if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\")) {
@ -679,7 +678,6 @@ new_session:
 		if (PS(use_cookies)) {
 			PS(send_cookie) = 1;
 		}
-		make_new = 1;
 	}
 	
 	/* Read data */
@ -689,10 +687,13 @@ new_session:
 	 * session information
 	 */
 	php_session_track_init(TSRMLS_C);
+	PS(invalid_session_id) = 0;
 	if (PS(mod)->s_read(&PS(mod_data), PS(id), &val, &vallen TSRMLS_CC) == SUCCESS) {
 		php_session_decode(val, vallen TSRMLS_CC);
 		efree(val);
-	} else if (!make_new) {
+	} else if (PS(invalid_session_id)) { /* address instances where the session read fails due to an invalid id */
+		PS(invalid_session_id) = 0;
+		efree(PS(id));
 		goto new_session;
 	}
 }