| #
688e56d0 |
| 22-Mar-2021 |
Christoph M. Becker |
Properly initialize PS(mod) on RINIT
We need to do that in case a user handler has been set. However, we
can't do that in `php_rinit_session_globals()` since that function is
called
Properly initialize PS(mod) on RINIT
We need to do that in case a user handler has been set. However, we
can't do that in `php_rinit_session_globals()` since that function is
called by PHP function `session_destroy()` too, but in that case we
don't want to reset PS(mod).
Closes GH-6795.
show more ...
|
| #
838951c2 |
| 22-Mar-2021 |
Christoph M. Becker |
Fix #80889: amendment
`session_set_save_handler()` may be called with callables instead of an
object; we need to cater to that as well.
We also extract a set_user_save_handler_i
Fix #80889: amendment
`session_set_save_handler()` may be called with callables instead of an
object; we need to cater to that as well.
We also extract a set_user_save_handler_ini() function to avoid code
duplication.
Closes GH-6796.
show more ...
|
| #
06bfada9 |
| 19-Mar-2021 |
Christoph M. Becker |
Fix #80889: Cannot set save handler when save_handler is invalid
There is no need to require a (valid) save_handler to be set, when a
user handler is supposed to be set. We just have to
Fix #80889: Cannot set save handler when save_handler is invalid
There is no need to require a (valid) save_handler to be set, when a
user handler is supposed to be set. We just have to make sure, that
no user handler is already set in this case.
Closes GH-6788.
show more ...
|
| #
d7c98ca1 |
| 19-Feb-2021 |
Christoph M. Becker |
Fix #80774: session_name() problem with backslash
Since we do no longer URL decode cookie names[1], we must not URL
encode the session name. We need to prevent broken Set-Cookie headers
Fix #80774: session_name() problem with backslash
Since we do no longer URL decode cookie names[1], we must not URL
encode the session name. We need to prevent broken Set-Cookie headers,
by rejecting names which contain invalid characters.
[1] <http://git.php.net/?p=php-src.git;a=commit;h=6559fe912661ca5ce5f0eeeb591d928451428ed0>
Closes GH-6711.
show more ...
|
| #
b510250b |
| 26-Mar-2020 |
Christoph M. Becker |
Fix #79413: session_create_id() fails for active sessions
The comment on `PS_VALIDATE_SID_FUNC(files)` is very clear that the
function is supposed to return `SUCCESS` if the session alre
Fix #79413: session_create_id() fails for active sessions
The comment on `PS_VALIDATE_SID_FUNC(files)` is very clear that the
function is supposed to return `SUCCESS` if the session already exists.
So to detect a collision, we have to check for `SUCCESS`, not
`FAILURE`.
We also fix the wrong condition in session_regenerate_id() as well.
show more ...
|
| #
409965fe |
| 16-Feb-2020 |
Stanislav Malyshev |
Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress
|
| #
d76f7c6c |
| 16-Feb-2020 |
Stanislav Malyshev |
Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress
|
| #
282bfb10 |
| 16-Feb-2020 |
Stanislav Malyshev |
Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress
|
| #
f79c7742 |
| 20-Jan-2020 |
Christoph M. Becker |
Fix #79091: heap use-after-free in session_create_id()
If the `new_id` is released, we must not use it again.
|
| #
ed3811e7 |
| 30-Dec-2019 |
Nikita Popov |
Revert "Increase serialize_lock while decoding session"
This reverts commit b8ef7c35abd31666d9fb317db4b09a9eef0ede6c.
See bug #79031. The semantics of serialize locking aren't quite
Revert "Increase serialize_lock while decoding session"
This reverts commit b8ef7c35abd31666d9fb317db4b09a9eef0ede6c.
See bug #79031. The semantics of serialize locking aren't quite
correct right now, and the use of the lock in this particular
place makes us hit the issue in a common case. I'm reverting this
commit for PHP 7.4 and will try to fix this properly for PHP 8,
as I believe it will require ABI breakage.
show more ...
|
|
Revision tags: php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1, php-7.4.0RC5, php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4, php-7.3.11RC1, php-7.2.24RC1, php-7.4.0RC3 |
|
| #
b8ef7c35 |
| 25-Sep-2019 |
Nikita Popov |
Increase serialize_lock while decoding session
Avoid leaking state between Serializable::unserialize() and
session_decode().
|
|
Revision tags: php-7.2.23, php-7.3.10, php-7.4.0RC2, php-7.2.23RC1, php-7.3.10RC1, php-7.4.0RC1, php-7.1.32, php-7.2.22, php-7.3.9, php-7.4.0beta4, php-7.2.22RC1, php-7.3.9RC1, php-7.4.0beta2, php-7.1.31, php-7.2.21, php-7.3.8, php-7.4.0beta1, php-7.2.21RC1, php-7.3.8RC1, php-7.4.0alpha3, php-7.3.7, php-7.2.20, php-7.4.0alpha2, php-7.3.7RC3, php-7.3.7RC2, php-7.2.20RC2, php-7.4.0alpha1, php-7.3.7RC1, php-7.2.20RC1, php-7.2.19, php-7.3.6, php-7.1.30, php-7.2.19RC1, php-7.3.6RC1, php-7.1.29, php-7.2.18, php-7.3.5, php-7.2.18RC1, php-7.3.5RC1, php-7.2.17, php-7.3.4, php-7.1.28, php-7.3.4RC1, php-7.2.17RC1, php-7.1.27, php-7.3.3, php-7.2.16 |
|
| #
a31f4642 |
| 26-Feb-2019 |
Nikita Popov |
Allow exceptions in __toString()
RFC: https://wiki.php.net/rfc/tostring_exceptions
And convert some object to string conversion related recoverable
fatal errors into Error excep
Allow exceptions in __toString()
RFC: https://wiki.php.net/rfc/tostring_exceptions
And convert some object to string conversion related recoverable
fatal errors into Error exceptions.
Improve exception safety of internal code performing string
conversions.
show more ...
|
| #
d20053a5 |
| 17-Apr-2019 |
Christoph M. Becker |
Fix #77911: Wrong warning for session.sid_bits_per_character
|
|
Revision tags: php-7.3.3RC1, php-7.2.16RC1, php-7.2.15, php-7.3.2, php-7.2.15RC1 |
|
| #
92ac598a |
| 22-Jan-2019 |
Peter Kokot |
Remove local variables
This patch removes the so called local variables defined per
file basis for certain editors to properly show tab width, and
similar settings. These are mainly
Remove local variables
This patch removes the so called local variables defined per
file basis for certain editors to properly show tab width, and
similar settings. These are mainly used by Vim and Emacs editors
yet with recent changes the once working definitions don't work
anymore in Vim without custom plugins or additional configuration.
Neither are these settings synced across the PHP code base.
A simpler and better approach is EditorConfig and fixing code
using some code style fixing tools in the future instead.
This patch also removes the so called modelines for Vim. Modelines
allow Vim editor specifically to set some editor configuration such as
syntax highlighting, indentation style and tab width to be set in the
first line or the last 5 lines per file basis. Since the php test
files have syntax highlighting already set in most editors properly and
EditorConfig takes care of the indentation settings, this patch removes
these as well for the Vim 6.0 and newer versions.
With the removal of local variables for certain editors such as
Emacs and Vim, the footer is also probably not needed anymore when
creating extensions using ext_skel.php script.
Additionally, Vim modelines for setting php syntax and some editor
settings has been removed from some *.phpt files. All these are
mostly not relevant for phpt files neither work properly in the
middle of the file.
show more ...
|
| #
0cf7de1c |
| 30-Jan-2019 |
Zeev Suraski |
Remove yearly range from copyright notice
|
|
Revision tags: php-7.3.2RC1, php-5.6.40, php-7.1.26, php-7.3.1, php-7.2.14, php-7.2.14RC1, php-7.3.1RC1, php-5.6.39, php-7.1.25, php-7.2.13, php-7.0.33, php-7.3.0, php-7.1.25RC1, php-7.2.13RC1, php-7.3.0RC6, php-7.1.24, php-7.2.12, php-7.3.0RC5, php-7.1.24RC1, php-7.2.12RC1, php-7.3.0RC4, php-7.1.23, php-7.2.11, php-7.3.0RC3, php-7.1.23RC1, php-7.2.11RC1, php-7.3.0RC2, php-5.6.38, php-7.1.22, php-7.3.0RC1, php-7.2.10, php-7.0.32, php-7.1.22RC1, php-7.3.0beta3, php-7.2.10RC1, php-7.1.21, php-7.2.9, php-7.3.0beta2 |
|
| #
84b195d9 |
| 10-Aug-2018 |
Gabriel Caruso |
Fix some misspellings
|
| #
a16aee6c |
| 01-Aug-2018 |
Pedro Magalhães |
Fix #76688: Disallow excessive parameters after options array
|
|
Revision tags: php-7.1.21RC1, php-7.3.0beta1, php-7.2.9RC1, php-5.6.37, php-7.1.20 |
|
| #
2b58ab23 |
| 19-Jul-2018 |
Pedro Magalhães |
Support for samesite cookies with array syntax
Allows using an alternative array argument with
support for the samesite option on the following
functions:
setcookie
setrawcoo
Support for samesite cookies with array syntax
Allows using an alternative array argument with
support for the samesite option on the following
functions:
setcookie
setrawcookie
session_set_cookie_params
show more ...
|
|
Revision tags: php-7.3.0alpha4, php-7.0.31, php-7.2.8, php-7.1.20RC1, php-7.2.8RC1, php-7.3.0alpha3, php-7.3.0alpha2, php-7.1.19, php-7.2.7, php-7.1.19RC1, php-7.3.0alpha1, php-7.2.7RC1, php-7.1.18, php-7.2.6, php-7.2.6RC1, php-7.1.18RC1, php-5.6.36, php-7.2.5, php-7.1.17, php-7.0.30, php-7.1.17RC1, php-7.2.5RC1, php-5.6.35, php-7.0.29, php-7.2.4, php-7.1.16, php-7.1.16RC1, php-7.2.4RC1, php-7.1.15, php-5.6.34, php-7.2.3, php-7.0.28, php-7.2.3RC1, php-7.1.15RC1, php-7.1.14, php-7.2.2, php-7.1.14RC1, php-7.2.2RC1, php-7.1.13, php-5.6.33, php-7.2.1, php-7.0.27, php-7.2.1RC1, php-7.1.13RC1, php-7.0.27RC1, php-7.2.0, php-7.1.12, php-7.0.26, php-7.1.12RC1, php-7.2.0RC6, php-7.0.26RC1, php-7.1.11, php-5.6.32, php-7.2.0RC5, php-7.0.25, php-7.1.11RC1, php-7.2.0RC4, php-7.0.25RC1, php-7.1.10, php-7.2.0RC3, php-7.0.24, php-7.2.0RC2, php-7.1.10RC1, php-7.0.24RC1, php-7.1.9, php-7.2.0RC1, php-7.0.23, php-7.1.9RC1, php-7.2.0beta3, php-7.0.23RC1, php-7.1.8, php-7.2.0beta2, php-7.0.22, php-7.1.8RC1, php-7.2.0beta1, php-7.0.22RC1 |
|
| #
08b9310e |
| 07-Jul-2017 |
Frederik Bosch |
implement same site cookie see https://bugs.php.net/bug.php?id=72230 see https://tools.ietf.org/html/draft-west-first-party-cookies-07 see https://scotthelme.co.uk/csrf-is-dead/
|
| #
a5e80b22 |
| 25-Jul-2018 |
Peter Kokot |
Fix typos in code comments
|
| #
8d3f8ca1 |
| 03-Jul-2018 |
Peter Kokot |
Remove unused Git attributes ident
The $Id$ keywords were used in Subversion where they can be substituted
with filename, last revision number change, last changed date, and last
use
Remove unused Git attributes ident
The $Id$ keywords were used in Subversion where they can be substituted
with filename, last revision number change, last changed date, and last
user who changed it.
In Git this functionality is different and can be done with Git attribute
ident. These need to be defined manually for each file in the
.gitattributes file and are afterwards replaced with 40-character
hexadecimal blob object name which is based only on the particular file
contents.
This patch simplifies handling of $Id$ keywords by removing them since
they are not used anymore.
show more ...
|
| #
67b4c337 |
| 09-Jul-2018 |
Dmitry Stogov |
Uze ZVAL_COPY_DEREF() instead of ZVAL_DEREF() and ZVAL_COPY()
|
| #
169d4545 |
| 05-Jul-2018 |
Dmitry Stogov |
Use zval_ptr_dtor() imstead of zval_dtor()
|
| #
4a475a49 |
| 04-Jul-2018 |
Dmitry Stogov |
Replace legacy zval_dtor() by zval_ptr_dtor_nogc() or even more specialized destructors.
zval_dtor() doesn't make a lot of sense in PHP-7.* and it's used incorrectly in some places.
Its occur
Replace legacy zval_dtor() by zval_ptr_dtor_nogc() or even more specialized destructors.
zval_dtor() doesn't make a lot of sense in PHP-7.* and it's used incorrectly in some places.
Its occurances should be replaced by zval_ptr_dtor() or zval_ptr_dtor_nogc(), or even more specialized destructors.
show more ...
|
| #
af341213 |
| 04-Jul-2018 |
Dmitry Stogov |
se zval_ptr_dtor_str() instead of zend_string_release_ex(Z_STR(*), 0)
|
