archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-18 15:08:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
77348 commits 526 branches 1434 tags 877 MiB
Commit graph

607 commits

Author SHA1 Message Date
Stanislav Malyshev
3798eb6fd5 Fix bug #72562 - destroy var_hash properly 2016-07-12 23:27:45 -07:00
Stanislav Malyshev
fc8eff897b More fixes for bug #70219 2015-08-28 21:50:21 -07:00
Stanislav Malyshev
24dda816d0 Merge branch 'PHP-5.4.45' into PHP-5.5.29 
* PHP-5.4.45:
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  5.4.45 next

Conflicts:
	configure.in
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	main/php_version.h
 2015-08-25 23:08:49 -07:00
Stanislav Malyshev
df4bf28f9f Fix bug #70219 (Use after free vulnerability in session deserializer) 2015-08-23 19:56:12 -07:00
Julien Pauli
4dba99c226 Fix flaws in session module 2015-03-16 16:00:46 +01:00
Yasuo Ohgaki
853ae39d6e Fixed bug #68063 Empty session IDs do still start sessions 2015-02-03 13:38:49 +09:00
Xinchen Hui
73c1be2653 Bump year 2015-01-15 23:26:03 +08:00
Stanislav Malyshev
531be9662f Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix missing type checks in various functions
 2014-07-28 00:34:27 -07:00
Stanislav Malyshev
b4a4db467b Fix missing type checks in various functions 2014-07-27 02:42:49 -07:00
Yasuo Ohgaki
f83a6c33b4 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fixed bug #66827 Session raises E_NOTICE when session name variable is array
 2014-07-19 09:53:04 +09:00
Yasuo Ohgaki
e946de29d2 Fixed bug #66827 Session raises E_NOTICE when session name variable is array 2014-07-19 09:52:31 +09:00
Anatol Belski
6d1d8ec330 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  fix zts
 2014-01-22 12:04:25 +01:00
Anatol Belski
34792280bc fix zts 2014-01-22 12:03:54 +01:00
Yasuo Ohgaki
fa224b1c58 Fixed previous commit may delete unwanted cookies. 2014-01-22 19:23:01 +09:00
Yasuo Ohgaki
58f94345a7 Fixed previous commit may delete unwanted cookies. Sync tests from upper branches. 2014-01-22 19:21:25 +09:00
Yasuo Ohgaki
383423a1ee Re-fixed bug #66469 2014-01-22 13:46:59 +09:00
Yasuo Ohgaki
a27e51fd4e Re-fixed bug #66469 2014-01-22 13:40:58 +09:00
Xinchen Hui
9799816e0c Merge branch 'PHP-5.4' into PHP-5.5 2014-01-16 14:41:52 +08:00
Xinchen Hui
b777248ded Re-fixed Bug #66481 (Calls to session_name() segfault when session.name is null) 2014-01-16 14:41:12 +08:00
Xinchen Hui
271053ad47 Revert "Bug #66481 Segfaults on session_name()" 
This reverts commit 5662ffb295.
 2014-01-16 14:38:35 +08:00
Yasuo Ohgaki
744f38c2d6 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Bug #66481 Segfaults on session_name()
 2014-01-16 11:34:31 +09:00
Conor McDermottroe
5662ffb295 Bug #66481 Segfaults on session_name() 
If the previous value of session.name was NULL then any call to
session_name($string) would result in a segmentation fault.

This changes the behaviour to set the value of session.name to
"PHPSESSID" if a blank value is given in php.ini or via -d on the
command line. There is already protection against setting it to NULL via
session_name() or ini_set().
 2014-01-16 11:33:10 +09:00
Yasuo Ohgaki
f52c251f60 Fixed session module is sending multiple set-cookie headers when session.use_strict_mode=1 2014-01-15 11:06:06 +09:00
Xinchen Hui
47c9027772 Bump year 2014-01-03 11:06:16 +08:00
Xinchen Hui
c0d060f5c0 Bump year 2014-01-03 11:04:26 +08:00
Christopher Jones
d85827fb7f Reduce compilation noise during normal compilation: 
php-5.5/ext/session/session.c:836: warning: unused variable ‘struc’
    php-5.5/ext/session/session.c:836: warning: unused variable ‘num_key’
    php-5.5/ext/session/session.c:836: warning: unused variable ‘key_length’
    php-5.5/ext/session/session.c:836: warning: unused variable ‘key’
    php-5.5/ext/session/session.c:835: warning: unused variable ‘key_type’
    php-5.5/ext/session/session.c:834: warning: unused variable ‘_ht’
    php-5.5/ext/session/session.c:857: warning: unused variable ‘has_value’
    php-5.5/ext/session/session.c:856: warning: unused variable ‘namelen’
    php-5.5/ext/session/session.c:853: warning: unused variable ‘name’
    php-5.5/ext/session/session.c:852: warning: unused variable ‘p’

    php-5.5/ext/session/mod_user.c:191: warning: unused variable ‘ret’
 2013-08-21 10:34:09 -07:00
Yasuo Ohgaki
c51f77fe83 Add php_serialize session.serialize_handler. This patch closes 
Request #25630
  Request #43980
  Request #54383
  Bug #65359

and many others similar to these that are closed as "wont fix" or
"not a bug".

Current serializers have limitations due to register_globals support
that are no longer supported. Changing existing serializer may cause
compatibility issue. Therefore, new handler is needed to remove
needless limitations.

php_serialize does not have special characters and allow numerical
index in $_SESSION. $_SESSION can be used as ordinary array.
 2013-08-21 10:51:51 +09:00
Christopher Jones
39612afc72 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings.

Conflicts:
	ext/dba/libinifile/inifile.c
 2013-08-14 20:43:25 -07:00
Christopher Jones
9ad97cd489 Reduce (some) compile noise of 'unused variable' and 'may be used uninitialized' warnings. 2013-08-14 20:36:50 -07:00
Yasuo Ohgaki
2df95b1354 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fixed possible buffer overflow under Windows. Note: Not a security fix.
 2013-08-11 06:43:37 +09:00
Yasuo Ohgaki
0ad81ac18a Fixed possible buffer overflow under Windows. Note: Not a security fix. 2013-08-11 06:43:01 +09:00
Yasuo Ohgaki
9d95a1a7d1 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fixed Bug #62015 Changed session.auto_start to PHP_INI_PERDIR. It is simply wrong and never worked if the value is changed at runtime
 2013-08-10 18:29:29 +09:00
Yasuo Ohgaki
e9b128c1bf Fixed Bug #62015 Changed session.auto_start to PHP_INI_PERDIR. It is simply wrong and never worked if the value is changed at runtime 2013-08-10 18:29:13 +09:00
Stanislav Malyshev
b80d73ce15 fix crash, enable session_id and fix test 2013-08-04 17:43:20 -07:00
Yasuo Ohgaki
25e8fcc88f Strict session 2013-08-04 16:36:45 -07:00
Arpad Ray
0d3d739bf7 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix bug #62129 - rfc1867 crashes php even though turned off
 2013-07-17 11:05:23 +01:00
Arpad Ray
ba3234888d Fix bug #62129 - rfc1867 crashes php even though turned off 
Patch by gxd305 at gmail dot com
 2013-07-17 11:02:48 +01:00
Anatol Belski
54b740a7e1 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fixed typo ensuring header str is \0 terminated
 2013-07-16 00:15:29 +02:00
Anatol Belski
bcb39d9c6a Fixed typo ensuring header str is \0 terminated 
This was obviously intended to send an empty header if
php_gmtime_r() fails. Currently it could send garbage.
 2013-07-16 00:14:05 +02:00
Anatol Belski
1968fac697 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fixed mysql tests parsing phpinfo()
  Update NEWS
  Fixed bug #35703: when session_name("123") consist only digits, should warning
  Fixed bug #49175: mod_files.sh does not support hash bits
 2013-07-02 08:24:37 +02:00
Yasuo Ohgaki
87dda666c7 Fixed bug #35703: when session_name("123") consist only digits, should warning 2013-06-29 11:35:55 +09:00
Arpad Ray
70ae67b5da Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix bug #62535 - $_SESSION[$key]["cancel_upload"] doesn't work as documented
 2013-06-27 19:12:46 +01:00
Arpad Ray
ce8c023910 Fix bug #62535 - $_SESSION[$key]["cancel_upload"] doesn't work as documented 
When uploading multiple files, the array in the session where the progress
data is stored (and cancel_upload key is set) was overwritten whenever the
progress data was updated, so pending uploads would proceed anyway.
 2013-06-27 19:05:23 +01:00
Arpad Ray
1e836cdd64 BC fix for PR 109 merge - create_sid() method in SessionHandler 
Creates a new SessionIdInterface and moves create_sid() into it, so existing
handlers implementing SessionHandlerInterface don't require create_sid().
SessionHandler still includes the method so the default mod can be called, but
now implements both interfaces.

Also added several more tests for this feature.
 2013-06-27 12:33:56 +01:00
Arpad Ray
b66c14b0c8 Merge PR 109 - Add create_sid to session_set_save_handler and SessionHandler 
Allows user session handlers to create session IDs by adding an optional
7th argument to session_set_save_handler() and a create_sid() method
to SessionHandler.
 2013-06-27 12:29:44 +01:00
Dmitry Stogov
731b4a3fa4 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Callback has to be restored in MSHUTDOWN
 2013-06-10 12:34:08 +04:00
Dmitry Stogov
336a8e1943 Callback has to be restored in MSHUTDOWN 2013-06-10 12:32:53 +04:00
Lars Strojny
ec2fff80e7 Bug #23955: allow specifiy max age for setcookie() 2013-01-06 03:22:44 +01:00
Xinchen Hui
a666285bc2 Happy New Year 2013-01-01 16:37:09 +08:00
Xinchen Hui
0a7395e009 Happy New Year 2013-01-01 16:28:54 +08:00