The `php_serialize` decode function has to return `FAILURE`, if the
unserialization failed on anything but an empty string.
The `php` decode function has also to return `FAILURE`, if there is
trailing garbage in the string.
It seems that in 2015, work was being done so that users could add their own custom
session handlers. The implementer intended to add a class called
SessionUpdateTimestampHandler, but never did so. The variable which was intended to point
to its class entry is never initialized.
The implementer also coded two methods for this class. Strangely, the method bodies
are declared with PHP_METHOD(SessionHandler, ...) rather than
PHP(SessionUpdateTimestampHandler, ...). However, these method implementations are not
added to the method table of any class or interface. They are just dead code.
The comment on `PS_VALIDATE_SID_FUNC(files)` is very clear that the
function is supposed to return `SUCCESS` if the session already exists.
So to detect a collision, we have to check for `SUCCESS`, not
`FAILURE`.
We also fix the wrong condition in session_regenerate_id() as well.
This reverts commit b8ef7c35ab.
See bug #79031. The semantics of serialize locking aren't quite
correct right now, and the use of the lock in this particular
place makes us hit the issue in a common case. I'm reverting this
commit for PHP 7.4 and will try to fix this properly for PHP 8,
as I believe it will require ABI breakage.
RFC: https://wiki.php.net/rfc/tostring_exceptions
And convert some object to string conversion related recoverable
fatal errors into Error exceptions.
Improve exception safety of internal code performing string
conversions.
This patch removes the so called local variables defined per
file basis for certain editors to properly show tab width, and
similar settings. These are mainly used by Vim and Emacs editors
yet with recent changes the once working definitions don't work
anymore in Vim without custom plugins or additional configuration.
Neither are these settings synced across the PHP code base.
A simpler and better approach is EditorConfig and fixing code
using some code style fixing tools in the future instead.
This patch also removes the so called modelines for Vim. Modelines
allow Vim editor specifically to set some editor configuration such as
syntax highlighting, indentation style and tab width to be set in the
first line or the last 5 lines per file basis. Since the php test
files have syntax highlighting already set in most editors properly and
EditorConfig takes care of the indentation settings, this patch removes
these as well for the Vim 6.0 and newer versions.
With the removal of local variables for certain editors such as
Emacs and Vim, the footer is also probably not needed anymore when
creating extensions using ext_skel.php script.
Additionally, Vim modelines for setting php syntax and some editor
settings has been removed from some *.phpt files. All these are
mostly not relevant for phpt files neither work properly in the
middle of the file.
This is logically an integer, and the function also returns the old
value as an integer. The fact that the integer needs to be converted
to a string for the ini assignment is an implementation detail.
Allows using an alternative array argument with
support for the samesite option on the following
functions:
setcookie
setrawcookie
session_set_cookie_params
