1 /*
2 +----------------------------------------------------------------------+
3 | PHP Version 7 |
4 +----------------------------------------------------------------------+
5 | Copyright (c) 1997-2018 The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Sascha Schumann <sascha@schumann.cx> |
16 | Andrei Zmievski <andrei@php.net> |
17 +----------------------------------------------------------------------+
18 */
19
20 /* $Id$ */
21
22 #ifdef HAVE_CONFIG_H
23 #include "config.h"
24 #endif
25
26 #include "php.h"
27
28 #ifdef PHP_WIN32
29 # include "win32/winutil.h"
30 # include "win32/time.h"
31 #else
32 # include <sys/time.h>
33 #endif
34
35 #include <sys/stat.h>
36 #include <fcntl.h>
37
38 #include "php_ini.h"
39 #include "SAPI.h"
40 #include "rfc1867.h"
41 #include "php_variables.h"
42 #include "php_session.h"
43 #include "ext/standard/php_random.h"
44 #include "ext/standard/php_var.h"
45 #include "ext/date/php_date.h"
46 #include "ext/standard/php_lcg.h"
47 #include "ext/standard/url_scanner_ex.h"
48 #include "ext/standard/info.h"
49 #include "zend_smart_str.h"
50 #include "ext/standard/url.h"
51 #include "ext/standard/basic_functions.h"
52 #include "ext/standard/head.h"
53
54 #include "mod_files.h"
55 #include "mod_user.h"
56
57 #ifdef HAVE_LIBMM
58 #include "mod_mm.h"
59 #endif
60
61 PHPAPI ZEND_DECLARE_MODULE_GLOBALS(ps)
62
63 static int php_session_rfc1867_callback(unsigned int event, void *event_data, void **extra);
64 static int (*php_session_rfc1867_orig_callback)(unsigned int event, void *event_data, void **extra);
65 static void php_session_track_init(void);
66
67 /* SessionHandler class */
68 zend_class_entry *php_session_class_entry;
69
70 /* SessionHandlerInterface */
71 zend_class_entry *php_session_iface_entry;
72
73 /* SessionIdInterface */
74 zend_class_entry *php_session_id_iface_entry;
75
76 /* SessionUpdateTimestampHandler class */
77 zend_class_entry *php_session_update_timestamp_class_entry;
78
79 /* SessionUpdateTimestampInterface */
80 zend_class_entry *php_session_update_timestamp_iface_entry;
81
82 #define PS_MAX_SID_LENGTH 256
83
84 /* ***********
85 * Helpers *
86 *********** */
87
88 #define IF_SESSION_VARS() \
89 if (Z_ISREF_P(&PS(http_session_vars)) && Z_TYPE_P(Z_REFVAL(PS(http_session_vars))) == IS_ARRAY)
90
91 #define SESSION_CHECK_ACTIVE_STATE \
92 if (PS(session_status) == php_session_active) { \
93 php_error_docref(NULL, E_WARNING, "A session is active. You cannot change the session module's ini settings at this time"); \
94 return FAILURE; \
95 }
96
97 #define APPLY_TRANS_SID (PS(use_trans_sid) && !PS(use_only_cookies))
98
99 static void php_session_send_cookie(void);
100 static void php_session_abort(void);
101
102 /* Initialized in MINIT, readonly otherwise. */
103 static int my_module_number = 0;
104
105 /* Dispatched by RINIT and by php_session_destroy */
php_rinit_session_globals(void)106 static inline void php_rinit_session_globals(void) /* {{{ */
107 {
108 /* Do NOT init PS(mod_user_names) here! */
109 /* TODO: These could be moved to MINIT and removed. These should be initialized by php_rshutdown_session_globals() always when execution is finished. */
110 PS(id) = NULL;
111 PS(session_status) = php_session_none;
112 PS(in_save_handler) = 0;
113 PS(mod_data) = NULL;
114 PS(mod_user_is_open) = 0;
115 PS(define_sid) = 1;
116 PS(session_vars) = NULL;
117 PS(module_number) = my_module_number;
118 ZVAL_UNDEF(&PS(http_session_vars));
119 }
120 /* }}} */
121
122 /* Dispatched by RSHUTDOWN and by php_session_destroy */
php_rshutdown_session_globals(void)123 static inline void php_rshutdown_session_globals(void) /* {{{ */
124 {
125 /* Do NOT destroy PS(mod_user_names) here! */
126 if (!Z_ISUNDEF(PS(http_session_vars))) {
127 zval_ptr_dtor(&PS(http_session_vars));
128 ZVAL_UNDEF(&PS(http_session_vars));
129 }
130 if (PS(mod_data) || PS(mod_user_implemented)) {
131 zend_try {
132 PS(mod)->s_close(&PS(mod_data));
133 } zend_end_try();
134 }
135 if (PS(id)) {
136 zend_string_release(PS(id));
137 PS(id) = NULL;
138 }
139
140 if (PS(session_vars)) {
141 zend_string_release(PS(session_vars));
142 PS(session_vars) = NULL;
143 }
144
145 /* User save handlers may end up directly here by misuse, bugs in user script, etc. */
146 /* Set session status to prevent error while restoring save handler INI value. */
147 PS(session_status) = php_session_none;
148 }
149 /* }}} */
150
php_session_destroy(void)151 static int php_session_destroy(void) /* {{{ */
152 {
153 int retval = SUCCESS;
154
155 if (PS(session_status) != php_session_active) {
156 php_error_docref(NULL, E_WARNING, "Trying to destroy uninitialized session");
157 return FAILURE;
158 }
159
160 if (PS(id) && PS(mod)->s_destroy(&PS(mod_data), PS(id)) == FAILURE) {
161 retval = FAILURE;
162 php_error_docref(NULL, E_WARNING, "Session object destruction failed");
163 }
164
165 php_rshutdown_session_globals();
166 php_rinit_session_globals();
167
168 return retval;
169 }
170 /* }}} */
171
php_add_session_var(zend_string * name)172 PHPAPI void php_add_session_var(zend_string *name) /* {{{ */
173 {
174 IF_SESSION_VARS() {
175 zval *sess_var = Z_REFVAL(PS(http_session_vars));
176 SEPARATE_ARRAY(sess_var);
177 if (!zend_hash_exists(Z_ARRVAL_P(sess_var), name)) {
178 zval empty_var;
179 ZVAL_NULL(&empty_var);
180 zend_hash_update(Z_ARRVAL_P(sess_var), name, &empty_var);
181 }
182 }
183 }
184 /* }}} */
185
php_set_session_var(zend_string * name,zval * state_val,php_unserialize_data_t * var_hash)186 PHPAPI zval* php_set_session_var(zend_string *name, zval *state_val, php_unserialize_data_t *var_hash) /* {{{ */
187 {
188 IF_SESSION_VARS() {
189 zval *sess_var = Z_REFVAL(PS(http_session_vars));
190 SEPARATE_ARRAY(sess_var);
191 return zend_hash_update(Z_ARRVAL_P(sess_var), name, state_val);
192 }
193 return NULL;
194 }
195 /* }}} */
196
php_get_session_var(zend_string * name)197 PHPAPI zval* php_get_session_var(zend_string *name) /* {{{ */
198 {
199 IF_SESSION_VARS() {
200 return zend_hash_find(Z_ARRVAL_P(Z_REFVAL(PS(http_session_vars))), name);
201 }
202 return NULL;
203 }
204 /* }}} */
205
php_session_track_init(void)206 static void php_session_track_init(void) /* {{{ */
207 {
208 zval session_vars;
209 zend_string *var_name = zend_string_init("_SESSION", sizeof("_SESSION") - 1, 0);
210 /* Unconditionally destroy existing array -- possible dirty data */
211 zend_delete_global_variable(var_name);
212
213 if (!Z_ISUNDEF(PS(http_session_vars))) {
214 zval_ptr_dtor(&PS(http_session_vars));
215 }
216
217 array_init(&session_vars);
218 ZVAL_NEW_REF(&PS(http_session_vars), &session_vars);
219 Z_ADDREF_P(&PS(http_session_vars));
220 zend_hash_update_ind(&EG(symbol_table), var_name, &PS(http_session_vars));
221 zend_string_release(var_name);
222 }
223 /* }}} */
224
php_session_encode(void)225 static zend_string *php_session_encode(void) /* {{{ */
226 {
227 IF_SESSION_VARS() {
228 if (!PS(serializer)) {
229 php_error_docref(NULL, E_WARNING, "Unknown session.serialize_handler. Failed to encode session object");
230 return NULL;
231 }
232 return PS(serializer)->encode();
233 } else {
234 php_error_docref(NULL, E_WARNING, "Cannot encode non-existent session");
235 }
236 return NULL;
237 }
238 /* }}} */
239
php_session_decode(zend_string * data)240 static int php_session_decode(zend_string *data) /* {{{ */
241 {
242 if (!PS(serializer)) {
243 php_error_docref(NULL, E_WARNING, "Unknown session.serialize_handler. Failed to decode session object");
244 return FAILURE;
245 }
246 if (PS(serializer)->decode(ZSTR_VAL(data), ZSTR_LEN(data)) == FAILURE) {
247 php_session_destroy();
248 php_session_track_init();
249 php_error_docref(NULL, E_WARNING, "Failed to decode session object. Session has been destroyed");
250 return FAILURE;
251 }
252 return SUCCESS;
253 }
254 /* }}} */
255
256 /*
257 * Note that we cannot use the BASE64 alphabet here, because
258 * it contains "/" and "+": both are unacceptable for simple inclusion
259 * into URLs.
260 */
261
262 static char hexconvtab[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ,-";
263
264 /* returns a pointer to the byte after the last valid character in out */
bin_to_readable(unsigned char * in,size_t inlen,char * out,char nbits)265 static size_t bin_to_readable(unsigned char *in, size_t inlen, char *out, char nbits) /* {{{ */
266 {
267 unsigned char *p, *q;
268 unsigned short w;
269 size_t len = inlen;
270 int mask;
271 int have;
272
273 p = (unsigned char *)in;
274 q = (unsigned char *)in + inlen;
275
276 w = 0;
277 have = 0;
278 mask = (1 << nbits) - 1;
279
280 while (inlen--) {
281 if (have < nbits) {
282 if (p < q) {
283 w |= *p++ << have;
284 have += 8;
285 } else {
286 /* consumed everything? */
287 if (have == 0) break;
288 /* No? We need a final round */
289 have = nbits;
290 }
291 }
292
293 /* consume nbits */
294 *out++ = hexconvtab[w & mask];
295 w >>= nbits;
296 have -= nbits;
297 }
298
299 *out = '\0';
300 return len;
301 }
302 /* }}} */
303
304 #define PS_EXTRA_RAND_BYTES 60
305
php_session_create_id(PS_CREATE_SID_ARGS)306 PHPAPI zend_string *php_session_create_id(PS_CREATE_SID_ARGS) /* {{{ */
307 {
308 unsigned char rbuf[PS_MAX_SID_LENGTH + PS_EXTRA_RAND_BYTES];
309 zend_string *outid;
310
311 /* Read additional PS_EXTRA_RAND_BYTES just in case CSPRNG is not safe enough */
312 if (php_random_bytes_throw(rbuf, PS(sid_length) + PS_EXTRA_RAND_BYTES) == FAILURE) {
313 return NULL;
314 }
315
316 outid = zend_string_alloc(PS(sid_length), 0);
317 ZSTR_LEN(outid) = bin_to_readable(rbuf, PS(sid_length), ZSTR_VAL(outid), (char)PS(sid_bits_per_character));
318
319 return outid;
320 }
321 /* }}} */
322
323 /* Default session id char validation function allowed by ps_modules.
324 * If you change the logic here, please also update the error message in
325 * ps_modules appropriately */
php_session_valid_key(const char * key)326 PHPAPI int php_session_valid_key(const char *key) /* {{{ */
327 {
328 size_t len;
329 const char *p;
330 char c;
331 int ret = SUCCESS;
332
333 for (p = key; (c = *p); p++) {
334 /* valid characters are a..z,A..Z,0..9 */
335 if (!((c >= 'a' && c <= 'z')
336 || (c >= 'A' && c <= 'Z')
337 || (c >= '0' && c <= '9')
338 || c == ','
339 || c == '-')) {
340 ret = FAILURE;
341 break;
342 }
343 }
344
345 len = p - key;
346
347 /* Somewhat arbitrary length limit here, but should be way more than
348 anyone needs and avoids file-level warnings later on if we exceed MAX_PATH */
349 if (len == 0 || len > PS_MAX_SID_LENGTH) {
350 ret = FAILURE;
351 }
352
353 return ret;
354 }
355 /* }}} */
356
357
php_session_gc(zend_bool immediate)358 static zend_long php_session_gc(zend_bool immediate) /* {{{ */
359 {
360 int nrand;
361 zend_long num = -1;
362
363 /* GC must be done before reading session data. */
364 if ((PS(mod_data) || PS(mod_user_implemented))) {
365 if (immediate) {
366 PS(mod)->s_gc(&PS(mod_data), PS(gc_maxlifetime), &num);
367 return num;
368 }
369 nrand = (zend_long) ((float) PS(gc_divisor) * php_combined_lcg());
370 if (PS(gc_probability) > 0 && nrand < PS(gc_probability)) {
371 PS(mod)->s_gc(&PS(mod_data), PS(gc_maxlifetime), &num);
372 }
373 }
374 return num;
375 } /* }}} */
376
php_session_initialize(void)377 static void php_session_initialize(void) /* {{{ */
378 {
379 zend_string *val = NULL;
380
381 PS(session_status) = php_session_active;
382
383 if (!PS(mod)) {
384 PS(session_status) = php_session_disabled;
385 php_error_docref(NULL, E_ERROR, "No storage module chosen - failed to initialize session");
386 return;
387 }
388
389 /* Open session handler first */
390 if (PS(mod)->s_open(&PS(mod_data), PS(save_path), PS(session_name)) == FAILURE
391 /* || PS(mod_data) == NULL */ /* FIXME: open must set valid PS(mod_data) with success */
392 ) {
393 php_session_abort();
394 php_error_docref(NULL, E_ERROR, "Failed to initialize storage module: %s (path: %s)", PS(mod)->s_name, PS(save_path));
395 return;
396 }
397
398 /* If there is no ID, use session module to create one */
399 if (!PS(id) || !ZSTR_VAL(PS(id))[0]) {
400 if (PS(id)) {
401 zend_string_release(PS(id));
402 }
403 PS(id) = PS(mod)->s_create_sid(&PS(mod_data));
404 if (!PS(id)) {
405 php_session_abort();
406 zend_throw_error(NULL, "Failed to create session ID: %s (path: %s)", PS(mod)->s_name, PS(save_path));
407 return;
408 }
409 if (PS(use_cookies)) {
410 PS(send_cookie) = 1;
411 }
412 } else if (PS(use_strict_mode) && PS(mod)->s_validate_sid &&
413 PS(mod)->s_validate_sid(&PS(mod_data), PS(id)) == FAILURE) {
414 if (PS(id)) {
415 zend_string_release(PS(id));
416 }
417 PS(id) = PS(mod)->s_create_sid(&PS(mod_data));
418 if (!PS(id)) {
419 PS(id) = php_session_create_id(NULL);
420 }
421 if (PS(use_cookies)) {
422 PS(send_cookie) = 1;
423 }
424 }
425
426 php_session_reset_id();
427
428 /* Read data */
429 php_session_track_init();
430 if (PS(mod)->s_read(&PS(mod_data), PS(id), &val, PS(gc_maxlifetime)) == FAILURE) {
431 php_session_abort();
432 /* FYI: Some broken save handlers return FAILURE for non-existent session ID, this is incorrect */
433 php_error_docref(NULL, E_WARNING, "Failed to read session data: %s (path: %s)", PS(mod)->s_name, PS(save_path));
434 return;
435 }
436
437 /* GC must be done after read */
438 php_session_gc(0);
439
440 if (PS(session_vars)) {
441 zend_string_release(PS(session_vars));
442 PS(session_vars) = NULL;
443 }
444 if (val) {
445 if (PS(lazy_write)) {
446 PS(session_vars) = zend_string_copy(val);
447 }
448 php_session_decode(val);
449 zend_string_release(val);
450 }
451 }
452 /* }}} */
453
php_session_save_current_state(int write)454 static void php_session_save_current_state(int write) /* {{{ */
455 {
456 int ret = FAILURE;
457
458 if (write) {
459 IF_SESSION_VARS() {
460 if (PS(mod_data) || PS(mod_user_implemented)) {
461 zend_string *val;
462
463 val = php_session_encode();
464 if (val) {
465 if (PS(lazy_write) && PS(session_vars)
466 && PS(mod)->s_update_timestamp
467 && PS(mod)->s_update_timestamp != php_session_update_timestamp
468 && ZSTR_LEN(val) == ZSTR_LEN(PS(session_vars))
469 && !memcmp(ZSTR_VAL(val), ZSTR_VAL(PS(session_vars)), ZSTR_LEN(val))
470 ) {
471 ret = PS(mod)->s_update_timestamp(&PS(mod_data), PS(id), val, PS(gc_maxlifetime));
472 } else {
473 ret = PS(mod)->s_write(&PS(mod_data), PS(id), val, PS(gc_maxlifetime));
474 }
475 zend_string_release(val);
476 } else {
477 ret = PS(mod)->s_write(&PS(mod_data), PS(id), ZSTR_EMPTY_ALLOC(), PS(gc_maxlifetime));
478 }
479 }
480
481 if ((ret == FAILURE) && !EG(exception)) {
482 if (!PS(mod_user_implemented)) {
483 php_error_docref(NULL, E_WARNING, "Failed to write session data (%s). Please "
484 "verify that the current setting of session.save_path "
485 "is correct (%s)",
486 PS(mod)->s_name,
487 PS(save_path));
488 } else {
489 php_error_docref(NULL, E_WARNING, "Failed to write session data using user "
490 "defined save handler. (session.save_path: %s)", PS(save_path));
491 }
492 }
493 }
494 }
495
496 if (PS(mod_data) || PS(mod_user_implemented)) {
497 PS(mod)->s_close(&PS(mod_data));
498 }
499 }
500 /* }}} */
501
php_session_normalize_vars()502 static void php_session_normalize_vars() /* {{{ */
503 {
504 PS_ENCODE_VARS;
505
506 IF_SESSION_VARS() {
507 PS_ENCODE_LOOP(
508 if (Z_TYPE_P(struc) == IS_PTR) {
509 zval *zv = (zval *)Z_PTR_P(struc);
510 ZVAL_COPY_VALUE(struc, zv);
511 ZVAL_UNDEF(zv);
512 }
513 );
514 }
515 }
516 /* }}} */
517
518 /* *************************
519 * INI Settings/Handlers *
520 ************************* */
521
PHP_INI_MH(OnUpdateSaveHandler)522 static PHP_INI_MH(OnUpdateSaveHandler) /* {{{ */
523 {
524 ps_module *tmp;
525 SESSION_CHECK_ACTIVE_STATE;
526
527 tmp = _php_find_ps_module(ZSTR_VAL(new_value));
528
529 if (PG(modules_activated) && !tmp) {
530 int err_type;
531
532 if (stage == ZEND_INI_STAGE_RUNTIME) {
533 err_type = E_WARNING;
534 } else {
535 err_type = E_ERROR;
536 }
537
538 /* Do not output error when restoring ini options. */
539 if (stage != ZEND_INI_STAGE_DEACTIVATE) {
540 php_error_docref(NULL, err_type, "Cannot find save handler '%s'", ZSTR_VAL(new_value));
541 }
542 return FAILURE;
543 }
544
545 PS(default_mod) = PS(mod);
546 PS(mod) = tmp;
547
548 return SUCCESS;
549 }
550 /* }}} */
551
PHP_INI_MH(OnUpdateSerializer)552 static PHP_INI_MH(OnUpdateSerializer) /* {{{ */
553 {
554 const ps_serializer *tmp;
555 SESSION_CHECK_ACTIVE_STATE;
556
557 tmp = _php_find_ps_serializer(ZSTR_VAL(new_value));
558
559 if (PG(modules_activated) && !tmp) {
560 int err_type;
561
562 if (stage == ZEND_INI_STAGE_RUNTIME) {
563 err_type = E_WARNING;
564 } else {
565 err_type = E_ERROR;
566 }
567
568 /* Do not output error when restoring ini options. */
569 if (stage != ZEND_INI_STAGE_DEACTIVATE) {
570 php_error_docref(NULL, err_type, "Cannot find serialization handler '%s'", ZSTR_VAL(new_value));
571 }
572 return FAILURE;
573 }
574 PS(serializer) = tmp;
575
576 return SUCCESS;
577 }
578 /* }}} */
579
PHP_INI_MH(OnUpdateTransSid)580 static PHP_INI_MH(OnUpdateTransSid) /* {{{ */
581 {
582 SESSION_CHECK_ACTIVE_STATE;
583
584 if (!strncasecmp(ZSTR_VAL(new_value), "on", sizeof("on"))) {
585 PS(use_trans_sid) = (zend_bool) 1;
586 } else {
587 PS(use_trans_sid) = (zend_bool) atoi(ZSTR_VAL(new_value));
588 }
589
590 return SUCCESS;
591 }
592 /* }}} */
593
PHP_INI_MH(OnUpdateSaveDir)594 static PHP_INI_MH(OnUpdateSaveDir) /* {{{ */
595 {
596 /* Only do the safemode/open_basedir check at runtime */
597 if (stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) {
598 char *p;
599
600 if (memchr(ZSTR_VAL(new_value), '\0', ZSTR_LEN(new_value)) != NULL) {
601 return FAILURE;
602 }
603
604 /* we do not use zend_memrchr() since path can contain ; itself */
605 if ((p = strchr(ZSTR_VAL(new_value), ';'))) {
606 char *p2;
607 p++;
608 if ((p2 = strchr(p, ';'))) {
609 p = p2 + 1;
610 }
611 } else {
612 p = ZSTR_VAL(new_value);
613 }
614
615 if (PG(open_basedir) && *p && php_check_open_basedir(p)) {
616 return FAILURE;
617 }
618 }
619
620 OnUpdateString(entry, new_value, mh_arg1, mh_arg2, mh_arg3, stage);
621 return SUCCESS;
622 }
623 /* }}} */
624
PHP_INI_MH(OnUpdateName)625 static PHP_INI_MH(OnUpdateName) /* {{{ */
626 {
627 /* Numeric session.name won't work at all */
628 if ((!ZSTR_LEN(new_value) || is_numeric_string(ZSTR_VAL(new_value), ZSTR_LEN(new_value), NULL, NULL, 0))) {
629 int err_type;
630
631 if (stage == ZEND_INI_STAGE_RUNTIME || stage == ZEND_INI_STAGE_ACTIVATE || stage == ZEND_INI_STAGE_STARTUP) {
632 err_type = E_WARNING;
633 } else {
634 err_type = E_ERROR;
635 }
636
637 /* Do not output error when restoring ini options. */
638 if (stage != ZEND_INI_STAGE_DEACTIVATE) {
639 php_error_docref(NULL, err_type, "session.name cannot be a numeric or empty '%s'", ZSTR_VAL(new_value));
640 }
641 return FAILURE;
642 }
643
644 OnUpdateStringUnempty(entry, new_value, mh_arg1, mh_arg2, mh_arg3, stage);
645 return SUCCESS;
646 }
647 /* }}} */
648
PHP_INI_MH(OnUpdateSidLength)649 static PHP_INI_MH(OnUpdateSidLength) /* {{{ */
650 {
651 zend_long val;
652 char *endptr = NULL;
653
654 val = ZEND_STRTOL(ZSTR_VAL(new_value), &endptr, 10);
655 if (endptr && (*endptr == '\0')
656 && val >= 22 && val <= PS_MAX_SID_LENGTH) {
657 /* Numeric value */
658 PS(sid_length) = val;
659 return SUCCESS;
660 }
661
662 php_error_docref(NULL, E_WARNING, "session.configuration 'session.sid_length' must be between 22 and 256.");
663 return FAILURE;
664 }
665 /* }}} */
666
PHP_INI_MH(OnUpdateSidBits)667 static PHP_INI_MH(OnUpdateSidBits) /* {{{ */
668 {
669 zend_long val;
670 char *endptr = NULL;
671
672 val = ZEND_STRTOL(ZSTR_VAL(new_value), &endptr, 10);
673 if (endptr && (*endptr == '\0')
674 && val >= 4 && val <=6) {
675 /* Numeric value */
676 PS(sid_bits_per_character) = val;
677 return SUCCESS;
678 }
679
680 php_error_docref(NULL, E_WARNING, "session.configuration 'session.sid_bits' must be between 4 and 6.");
681 return FAILURE;
682 }
683 /* }}} */
684
685
PHP_INI_MH(OnUpdateRfc1867Freq)686 static PHP_INI_MH(OnUpdateRfc1867Freq) /* {{{ */
687 {
688 int tmp;
689 tmp = zend_atoi(ZSTR_VAL(new_value), (int)ZSTR_LEN(new_value));
690 if(tmp < 0) {
691 php_error_docref(NULL, E_WARNING, "session.upload_progress.freq must be greater than or equal to zero");
692 return FAILURE;
693 }
694 if(ZSTR_LEN(new_value) > 0 && ZSTR_VAL(new_value)[ZSTR_LEN(new_value)-1] == '%') {
695 if(tmp > 100) {
696 php_error_docref(NULL, E_WARNING, "session.upload_progress.freq cannot be over 100%%");
697 return FAILURE;
698 }
699 PS(rfc1867_freq) = -tmp;
700 } else {
701 PS(rfc1867_freq) = tmp;
702 }
703 return SUCCESS;
704 } /* }}} */
705
706 /* {{{ PHP_INI
707 */
708 PHP_INI_BEGIN()
709 STD_PHP_INI_ENTRY("session.save_path", "", PHP_INI_ALL, OnUpdateSaveDir,save_path, php_ps_globals, ps_globals)
710 STD_PHP_INI_ENTRY("session.name", "PHPSESSID", PHP_INI_ALL, OnUpdateName, session_name, php_ps_globals, ps_globals)
711 PHP_INI_ENTRY("session.save_handler", "files", PHP_INI_ALL, OnUpdateSaveHandler)
712 STD_PHP_INI_BOOLEAN("session.auto_start", "0", PHP_INI_PERDIR, OnUpdateBool, auto_start, php_ps_globals, ps_globals)
713 STD_PHP_INI_ENTRY("session.gc_probability", "1", PHP_INI_ALL, OnUpdateLong, gc_probability, php_ps_globals, ps_globals)
714 STD_PHP_INI_ENTRY("session.gc_divisor", "100", PHP_INI_ALL, OnUpdateLong, gc_divisor, php_ps_globals, ps_globals)
715 STD_PHP_INI_ENTRY("session.gc_maxlifetime", "1440", PHP_INI_ALL, OnUpdateLong, gc_maxlifetime, php_ps_globals, ps_globals)
716 PHP_INI_ENTRY("session.serialize_handler", "php", PHP_INI_ALL, OnUpdateSerializer)
717 STD_PHP_INI_ENTRY("session.cookie_lifetime", "0", PHP_INI_ALL, OnUpdateLong, cookie_lifetime, php_ps_globals, ps_globals)
718 STD_PHP_INI_ENTRY("session.cookie_path", "/", PHP_INI_ALL, OnUpdateString, cookie_path, php_ps_globals, ps_globals)
719 STD_PHP_INI_ENTRY("session.cookie_domain", "", PHP_INI_ALL, OnUpdateString, cookie_domain, php_ps_globals, ps_globals)
720 STD_PHP_INI_BOOLEAN("session.cookie_secure", "", PHP_INI_ALL, OnUpdateBool, cookie_secure, php_ps_globals, ps_globals)
721 STD_PHP_INI_BOOLEAN("session.cookie_httponly", "", PHP_INI_ALL, OnUpdateBool, cookie_httponly, php_ps_globals, ps_globals)
722 STD_PHP_INI_BOOLEAN("session.use_cookies", "1", PHP_INI_ALL, OnUpdateBool, use_cookies, php_ps_globals, ps_globals)
723 STD_PHP_INI_BOOLEAN("session.use_only_cookies", "1", PHP_INI_ALL, OnUpdateBool, use_only_cookies, php_ps_globals, ps_globals)
724 STD_PHP_INI_BOOLEAN("session.use_strict_mode", "0", PHP_INI_ALL, OnUpdateBool, use_strict_mode, php_ps_globals, ps_globals)
725 STD_PHP_INI_ENTRY("session.referer_check", "", PHP_INI_ALL, OnUpdateString, extern_referer_chk, php_ps_globals, ps_globals)
726 STD_PHP_INI_ENTRY("session.cache_limiter", "nocache", PHP_INI_ALL, OnUpdateString, cache_limiter, php_ps_globals, ps_globals)
727 STD_PHP_INI_ENTRY("session.cache_expire", "180", PHP_INI_ALL, OnUpdateLong, cache_expire, php_ps_globals, ps_globals)
728 PHP_INI_ENTRY("session.use_trans_sid", "0", PHP_INI_ALL, OnUpdateTransSid)
729 PHP_INI_ENTRY("session.sid_length", "32", PHP_INI_ALL, OnUpdateSidLength)
730 PHP_INI_ENTRY("session.sid_bits_per_character", "4", PHP_INI_ALL, OnUpdateSidBits)
731 STD_PHP_INI_BOOLEAN("session.lazy_write", "1", PHP_INI_ALL, OnUpdateBool, lazy_write, php_ps_globals, ps_globals)
732
733 /* Upload progress */
734 STD_PHP_INI_BOOLEAN("session.upload_progress.enabled",
735 "1", ZEND_INI_PERDIR, OnUpdateBool, rfc1867_enabled, php_ps_globals, ps_globals)
736 STD_PHP_INI_BOOLEAN("session.upload_progress.cleanup",
737 "1", ZEND_INI_PERDIR, OnUpdateBool, rfc1867_cleanup, php_ps_globals, ps_globals)
738 STD_PHP_INI_ENTRY("session.upload_progress.prefix",
739 "upload_progress_", ZEND_INI_PERDIR, OnUpdateString, rfc1867_prefix, php_ps_globals, ps_globals)
740 STD_PHP_INI_ENTRY("session.upload_progress.name",
741 "PHP_SESSION_UPLOAD_PROGRESS", ZEND_INI_PERDIR, OnUpdateString, rfc1867_name, php_ps_globals, ps_globals)
742 STD_PHP_INI_ENTRY("session.upload_progress.freq", "1%", ZEND_INI_PERDIR, OnUpdateRfc1867Freq, rfc1867_freq, php_ps_globals, ps_globals)
743 STD_PHP_INI_ENTRY("session.upload_progress.min_freq",
744 "1", ZEND_INI_PERDIR, OnUpdateReal, rfc1867_min_freq,php_ps_globals, ps_globals)
745
746 /* Commented out until future discussion */
747 /* PHP_INI_ENTRY("session.encode_sources", "globals,track", PHP_INI_ALL, NULL) */
PHP_INI_END()748 PHP_INI_END()
749 /* }}} */
750
751 /* ***************
752 * Serializers *
753 *************** */
754 PS_SERIALIZER_ENCODE_FUNC(php_serialize) /* {{{ */
755 {
756 smart_str buf = {0};
757 php_serialize_data_t var_hash;
758
759 IF_SESSION_VARS() {
760 PHP_VAR_SERIALIZE_INIT(var_hash);
761 php_var_serialize(&buf, Z_REFVAL(PS(http_session_vars)), &var_hash);
762 PHP_VAR_SERIALIZE_DESTROY(var_hash);
763 }
764 return buf.s;
765 }
766 /* }}} */
767
PS_SERIALIZER_DECODE_FUNC(php_serialize)768 PS_SERIALIZER_DECODE_FUNC(php_serialize) /* {{{ */
769 {
770 const char *endptr = val + vallen;
771 zval session_vars;
772 php_unserialize_data_t var_hash;
773 int result;
774 zend_string *var_name = zend_string_init("_SESSION", sizeof("_SESSION") - 1, 0);
775
776 ZVAL_NULL(&session_vars);
777 PHP_VAR_UNSERIALIZE_INIT(var_hash);
778 result = php_var_unserialize(
779 &session_vars, (const unsigned char **)&val, (const unsigned char *)endptr, &var_hash);
780 PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
781 if (!result) {
782 zval_ptr_dtor(&session_vars);
783 ZVAL_NULL(&session_vars);
784 }
785
786 if (!Z_ISUNDEF(PS(http_session_vars))) {
787 zval_ptr_dtor(&PS(http_session_vars));
788 }
789 if (Z_TYPE(session_vars) == IS_NULL) {
790 array_init(&session_vars);
791 }
792 ZVAL_NEW_REF(&PS(http_session_vars), &session_vars);
793 Z_ADDREF_P(&PS(http_session_vars));
794 zend_hash_update_ind(&EG(symbol_table), var_name, &PS(http_session_vars));
795 zend_string_release(var_name);
796 return SUCCESS;
797 }
798 /* }}} */
799
800 #define PS_BIN_NR_OF_BITS 8
801 #define PS_BIN_UNDEF (1<<(PS_BIN_NR_OF_BITS-1))
802 #define PS_BIN_MAX (PS_BIN_UNDEF-1)
803
PS_SERIALIZER_ENCODE_FUNC(php_binary)804 PS_SERIALIZER_ENCODE_FUNC(php_binary) /* {{{ */
805 {
806 smart_str buf = {0};
807 php_serialize_data_t var_hash;
808 PS_ENCODE_VARS;
809
810 PHP_VAR_SERIALIZE_INIT(var_hash);
811
812 PS_ENCODE_LOOP(
813 if (ZSTR_LEN(key) > PS_BIN_MAX) continue;
814 smart_str_appendc(&buf, (unsigned char)ZSTR_LEN(key));
815 smart_str_appendl(&buf, ZSTR_VAL(key), ZSTR_LEN(key));
816 php_var_serialize(&buf, struc, &var_hash);
817 } else {
818 if (ZSTR_LEN(key) > PS_BIN_MAX) continue;
819 smart_str_appendc(&buf, (unsigned char) (ZSTR_LEN(key) & PS_BIN_UNDEF));
820 smart_str_appendl(&buf, ZSTR_VAL(key), ZSTR_LEN(key));
821 );
822
823 smart_str_0(&buf);
824 PHP_VAR_SERIALIZE_DESTROY(var_hash);
825
826 return buf.s;
827 }
828 /* }}} */
829
830 PS_SERIALIZER_DECODE_FUNC(php_binary) /* {{{ */
831 {
832 const char *p;
833 const char *endptr = val + vallen;
834 int has_value;
835 int namelen;
836 zend_string *name;
837 php_unserialize_data_t var_hash;
838
839 PHP_VAR_UNSERIALIZE_INIT(var_hash);
840
841 for (p = val; p < endptr; ) {
842 namelen = ((unsigned char)(*p)) & (~PS_BIN_UNDEF);
843
844 if (namelen < 0 || namelen > PS_BIN_MAX || (p + namelen) >= endptr) {
845 PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
846 return FAILURE;
847 }
848
849 has_value = *p & PS_BIN_UNDEF ? 0 : 1;
850
851 name = zend_string_init(p + 1, namelen, 0);
852
853 p += namelen + 1;
854
855 if (has_value) {
856 zval *current, rv;
857 current = var_tmp_var(&var_hash);
858 if (php_var_unserialize(current, (const unsigned char **) &p, (const unsigned char *) endptr, &var_hash)) {
859 ZVAL_PTR(&rv, current);
860 php_set_session_var(name, &rv, &var_hash);
861 } else {
862 zend_string_release(name);
863 php_session_normalize_vars();
864 PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
865 return FAILURE;
866 }
867 } else {
868 PS_ADD_VARL(name);
869 }
870 zend_string_release(name);
871 }
872
873 php_session_normalize_vars();
874 PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
875
876 return SUCCESS;
877 }
878 /* }}} */
879
880 #define PS_DELIMITER '|'
881 #define PS_UNDEF_MARKER '!'
882
883 PS_SERIALIZER_ENCODE_FUNC(php) /* {{{ */
884 {
885 smart_str buf = {0};
886 php_serialize_data_t var_hash;
887 PS_ENCODE_VARS;
888
889 PHP_VAR_SERIALIZE_INIT(var_hash);
890
891 PS_ENCODE_LOOP(
892 smart_str_appendl(&buf, ZSTR_VAL(key), ZSTR_LEN(key));
893 if (memchr(ZSTR_VAL(key), PS_DELIMITER, ZSTR_LEN(key)) || memchr(ZSTR_VAL(key), PS_UNDEF_MARKER, ZSTR_LEN(key))) {
894 PHP_VAR_SERIALIZE_DESTROY(var_hash);
895 smart_str_free(&buf);
896 return NULL;
897 }
898 smart_str_appendc(&buf, PS_DELIMITER);
899
900 php_var_serialize(&buf, struc, &var_hash);
901 } else {
902 smart_str_appendc(&buf, PS_UNDEF_MARKER);
903 smart_str_appendl(&buf, ZSTR_VAL(key), ZSTR_LEN(key));
904 smart_str_appendc(&buf, PS_DELIMITER);
905 );
906
907 smart_str_0(&buf);
908
909 PHP_VAR_SERIALIZE_DESTROY(var_hash);
910 return buf.s;
911 }
912 /* }}} */
913
914 PS_SERIALIZER_DECODE_FUNC(php) /* {{{ */
915 {
916 const char *p, *q;
917 const char *endptr = val + vallen;
918 ptrdiff_t namelen;
919 zend_string *name;
920 int has_value, retval = SUCCESS;
921 php_unserialize_data_t var_hash;
922
923 PHP_VAR_UNSERIALIZE_INIT(var_hash);
924
925 p = val;
926
927 while (p < endptr) {
928 q = p;
929 while (*q != PS_DELIMITER) {
930 if (++q >= endptr) goto break_outer_loop;
931 }
932 if (p[0] == PS_UNDEF_MARKER) {
933 p++;
934 has_value = 0;
935 } else {
936 has_value = 1;
937 }
938
939 namelen = q - p;
940 name = zend_string_init(p, namelen, 0);
941 q++;
942
943 if (has_value) {
944 zval *current, rv;
945 current = var_tmp_var(&var_hash);
946 if (php_var_unserialize(current, (const unsigned char **)&q, (const unsigned char *)endptr, &var_hash)) {
947 ZVAL_PTR(&rv, current);
948 php_set_session_var(name, &rv, &var_hash);
949 } else {
950 zend_string_release(name);
951 retval = FAILURE;
952 goto break_outer_loop;
953 }
954 } else {
955 PS_ADD_VARL(name);
956 }
957 zend_string_release(name);
958
959 p = q;
960 }
961 break_outer_loop:
962 php_session_normalize_vars();
963
964 PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
965
966 return retval;
967 }
968 /* }}} */
969
970 #define MAX_SERIALIZERS 32
971 #define PREDEFINED_SERIALIZERS 3
972
973 static ps_serializer ps_serializers[MAX_SERIALIZERS + 1] = {
974 PS_SERIALIZER_ENTRY(php_serialize),
975 PS_SERIALIZER_ENTRY(php),
976 PS_SERIALIZER_ENTRY(php_binary)
977 };
978
979 PHPAPI int php_session_register_serializer(const char *name, zend_string *(*encode)(PS_SERIALIZER_ENCODE_ARGS), int (*decode)(PS_SERIALIZER_DECODE_ARGS)) /* {{{ */
980 {
981 int ret = FAILURE;
982 int i;
983
984 for (i = 0; i < MAX_SERIALIZERS; i++) {
985 if (ps_serializers[i].name == NULL) {
986 ps_serializers[i].name = name;
987 ps_serializers[i].encode = encode;
988 ps_serializers[i].decode = decode;
989 ps_serializers[i + 1].name = NULL;
990 ret = SUCCESS;
991 break;
992 }
993 }
994 return ret;
995 }
996 /* }}} */
997
998 /* *******************
999 * Storage Modules *
1000 ******************* */
1001
1002 #define MAX_MODULES 32
1003 #define PREDEFINED_MODULES 2
1004
1005 static ps_module *ps_modules[MAX_MODULES + 1] = {
1006 ps_files_ptr,
1007 ps_user_ptr
1008 };
1009
1010 PHPAPI int php_session_register_module(ps_module *ptr) /* {{{ */
1011 {
1012 int ret = FAILURE;
1013 int i;
1014
1015 for (i = 0; i < MAX_MODULES; i++) {
1016 if (!ps_modules[i]) {
1017 ps_modules[i] = ptr;
1018 ret = SUCCESS;
1019 break;
1020 }
1021 }
1022 return ret;
1023 }
1024 /* }}} */
1025
1026 /* Dummy PS module function */
1027 PHPAPI int php_session_validate_sid(PS_VALIDATE_SID_ARGS) {
1028 return SUCCESS;
1029 }
1030
1031 /* Dummy PS module function */
1032 PHPAPI int php_session_update_timestamp(PS_UPDATE_TIMESTAMP_ARGS) {
1033 return SUCCESS;
1034 }
1035
1036
1037 /* ******************
1038 * Cache Limiters *
1039 ****************** */
1040
1041 typedef struct {
1042 char *name;
1043 void (*func)(void);
1044 } php_session_cache_limiter_t;
1045
1046 #define CACHE_LIMITER(name) _php_cache_limiter_##name
1047 #define CACHE_LIMITER_FUNC(name) static void CACHE_LIMITER(name)(void)
1048 #define CACHE_LIMITER_ENTRY(name) { #name, CACHE_LIMITER(name) },
1049 #define ADD_HEADER(a) sapi_add_header(a, strlen(a), 1);
1050 #define MAX_STR 512
1051
1052 static char *month_names[] = {
1053 "Jan", "Feb", "Mar", "Apr", "May", "Jun",
1054 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
1055 };
1056
1057 static char *week_days[] = {
1058 "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun"
1059 };
1060
1061 static inline void strcpy_gmt(char *ubuf, time_t *when) /* {{{ */
1062 {
1063 char buf[MAX_STR];
1064 struct tm tm, *res;
1065 int n;
1066
1067 res = php_gmtime_r(when, &tm);
1068
1069 if (!res) {
1070 ubuf[0] = '\0';
1071 return;
1072 }
1073
1074 n = slprintf(buf, sizeof(buf), "%s, %02d %s %d %02d:%02d:%02d GMT", /* SAFE */
1075 week_days[tm.tm_wday], tm.tm_mday,
1076 month_names[tm.tm_mon], tm.tm_year + 1900,
1077 tm.tm_hour, tm.tm_min,
1078 tm.tm_sec);
1079 memcpy(ubuf, buf, n);
1080 ubuf[n] = '\0';
1081 }
1082 /* }}} */
1083
1084 static inline void last_modified(void) /* {{{ */
1085 {
1086 const char *path;
1087 zend_stat_t sb;
1088 char buf[MAX_STR + 1];
1089
1090 path = SG(request_info).path_translated;
1091 if (path) {
1092 if (VCWD_STAT(path, &sb) == -1) {
1093 return;
1094 }
1095
1096 #define LAST_MODIFIED "Last-Modified: "
1097 memcpy(buf, LAST_MODIFIED, sizeof(LAST_MODIFIED) - 1);
1098 strcpy_gmt(buf + sizeof(LAST_MODIFIED) - 1, &sb.st_mtime);
1099 ADD_HEADER(buf);
1100 }
1101 }
1102 /* }}} */
1103
1104 #define EXPIRES "Expires: "
1105 CACHE_LIMITER_FUNC(public) /* {{{ */
1106 {
1107 char buf[MAX_STR + 1];
1108 struct timeval tv;
1109 time_t now;
1110
1111 gettimeofday(&tv, NULL);
1112 now = tv.tv_sec + PS(cache_expire) * 60;
1113 memcpy(buf, EXPIRES, sizeof(EXPIRES) - 1);
1114 strcpy_gmt(buf + sizeof(EXPIRES) - 1, &now);
1115 ADD_HEADER(buf);
1116
1117 snprintf(buf, sizeof(buf) , "Cache-Control: public, max-age=" ZEND_LONG_FMT, PS(cache_expire) * 60); /* SAFE */
1118 ADD_HEADER(buf);
1119
1120 last_modified();
1121 }
1122 /* }}} */
1123
1124 CACHE_LIMITER_FUNC(private_no_expire) /* {{{ */
1125 {
1126 char buf[MAX_STR + 1];
1127
1128 snprintf(buf, sizeof(buf), "Cache-Control: private, max-age=" ZEND_LONG_FMT, PS(cache_expire) * 60); /* SAFE */
1129 ADD_HEADER(buf);
1130
1131 last_modified();
1132 }
1133 /* }}} */
1134
1135 CACHE_LIMITER_FUNC(private) /* {{{ */
1136 {
1137 ADD_HEADER("Expires: Thu, 19 Nov 1981 08:52:00 GMT");
1138 CACHE_LIMITER(private_no_expire)();
1139 }
1140 /* }}} */
1141
1142 CACHE_LIMITER_FUNC(nocache) /* {{{ */
1143 {
1144 ADD_HEADER("Expires: Thu, 19 Nov 1981 08:52:00 GMT");
1145
1146 /* For HTTP/1.1 conforming clients */
1147 ADD_HEADER("Cache-Control: no-store, no-cache, must-revalidate");
1148
1149 /* For HTTP/1.0 conforming clients */
1150 ADD_HEADER("Pragma: no-cache");
1151 }
1152 /* }}} */
1153
1154 static php_session_cache_limiter_t php_session_cache_limiters[] = {
1155 CACHE_LIMITER_ENTRY(public)
1156 CACHE_LIMITER_ENTRY(private)
1157 CACHE_LIMITER_ENTRY(private_no_expire)
1158 CACHE_LIMITER_ENTRY(nocache)
1159 {0}
1160 };
1161
1162 static int php_session_cache_limiter(void) /* {{{ */
1163 {
1164 php_session_cache_limiter_t *lim;
1165
1166 if (PS(cache_limiter)[0] == '\0') return 0;
1167 if (PS(session_status) != php_session_active) return -1;
1168
1169 if (SG(headers_sent)) {
1170 const char *output_start_filename = php_output_get_start_filename();
1171 int output_start_lineno = php_output_get_start_lineno();
1172
1173 php_session_abort();
1174 if (output_start_filename) {
1175 php_error_docref(NULL, E_WARNING, "Cannot send session cache limiter - headers already sent (output started at %s:%d)", output_start_filename, output_start_lineno);
1176 } else {
1177 php_error_docref(NULL, E_WARNING, "Cannot send session cache limiter - headers already sent");
1178 }
1179 return -2;
1180 }
1181
1182 for (lim = php_session_cache_limiters; lim->name; lim++) {
1183 if (!strcasecmp(lim->name, PS(cache_limiter))) {
1184 lim->func();
1185 return 0;
1186 }
1187 }
1188
1189 return -1;
1190 }
1191 /* }}} */
1192
1193 /* *********************
1194 * Cookie Management *
1195 ********************* */
1196
1197 /*
1198 * Remove already sent session ID cookie.
1199 * It must be directly removed from SG(sapi_header) because sapi_add_header_ex()
1200 * removes all of matching cookie. i.e. It deletes all of Set-Cookie headers.
1201 */
1202 static void php_session_remove_cookie(void) {
1203 sapi_header_struct *header;
1204 zend_llist *l = &SG(sapi_headers).headers;
1205 zend_llist_element *next;
1206 zend_llist_element *current;
1207 char *session_cookie;
1208 zend_string *e_session_name;
1209 size_t session_cookie_len;
1210 size_t len = sizeof("Set-Cookie")-1;
1211
1212 e_session_name = php_url_encode(PS(session_name), strlen(PS(session_name)));
1213 spprintf(&session_cookie, 0, "Set-Cookie: %s=", ZSTR_VAL(e_session_name));
1214 zend_string_free(e_session_name);
1215
1216 session_cookie_len = strlen(session_cookie);
1217 current = l->head;
1218 while (current) {
1219 header = (sapi_header_struct *)(current->data);
1220 next = current->next;
1221 if (header->header_len > len && header->header[len] == ':'
1222 && !strncmp(header->header, session_cookie, session_cookie_len)) {
1223 if (current->prev) {
1224 current->prev->next = next;
1225 } else {
1226 l->head = next;
1227 }
1228 if (next) {
1229 next->prev = current->prev;
1230 } else {
1231 l->tail = current->prev;
1232 }
1233 sapi_free_header(header);
1234 efree(current);
1235 --l->count;
1236 }
1237 current = next;
1238 }
1239 efree(session_cookie);
1240 }
1241
1242 static void php_session_send_cookie(void) /* {{{ */
1243 {
1244 smart_str ncookie = {0};
1245 zend_string *date_fmt = NULL;
1246 zend_string *e_session_name, *e_id;
1247
1248 if (SG(headers_sent)) {
1249 const char *output_start_filename = php_output_get_start_filename();
1250 int output_start_lineno = php_output_get_start_lineno();
1251
1252 if (output_start_filename) {
1253 php_error_docref(NULL, E_WARNING, "Cannot send session cookie - headers already sent by (output started at %s:%d)", output_start_filename, output_start_lineno);
1254 } else {
1255 php_error_docref(NULL, E_WARNING, "Cannot send session cookie - headers already sent");
1256 }
1257 return;
1258 }
1259
1260 /* URL encode session_name and id because they might be user supplied */
1261 e_session_name = php_url_encode(PS(session_name), strlen(PS(session_name)));
1262 e_id = php_url_encode(ZSTR_VAL(PS(id)), ZSTR_LEN(PS(id)));
1263
1264 smart_str_appendl(&ncookie, "Set-Cookie: ", sizeof("Set-Cookie: ")-1);
1265 smart_str_appendl(&ncookie, ZSTR_VAL(e_session_name), ZSTR_LEN(e_session_name));
1266 smart_str_appendc(&ncookie, '=');
1267 smart_str_appendl(&ncookie, ZSTR_VAL(e_id), ZSTR_LEN(e_id));
1268
1269 zend_string_release(e_session_name);
1270 zend_string_release(e_id);
1271
1272 if (PS(cookie_lifetime) > 0) {
1273 struct timeval tv;
1274 time_t t;
1275
1276 gettimeofday(&tv, NULL);
1277 t = tv.tv_sec + PS(cookie_lifetime);
1278
1279 if (t > 0) {
1280 date_fmt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s T")-1, t, 0);
1281 smart_str_appends(&ncookie, COOKIE_EXPIRES);
1282 smart_str_appendl(&ncookie, ZSTR_VAL(date_fmt), ZSTR_LEN(date_fmt));
1283 zend_string_release(date_fmt);
1284
1285 smart_str_appends(&ncookie, COOKIE_MAX_AGE);
1286 smart_str_append_long(&ncookie, PS(cookie_lifetime));
1287 }
1288 }
1289
1290 if (PS(cookie_path)[0]) {
1291 smart_str_appends(&ncookie, COOKIE_PATH);
1292 smart_str_appends(&ncookie, PS(cookie_path));
1293 }
1294
1295 if (PS(cookie_domain)[0]) {
1296 smart_str_appends(&ncookie, COOKIE_DOMAIN);
1297 smart_str_appends(&ncookie, PS(cookie_domain));
1298 }
1299
1300 if (PS(cookie_secure)) {
1301 smart_str_appends(&ncookie, COOKIE_SECURE);
1302 }
1303
1304 if (PS(cookie_httponly)) {
1305 smart_str_appends(&ncookie, COOKIE_HTTPONLY);
1306 }
1307
1308 smart_str_0(&ncookie);
1309
1310 php_session_remove_cookie(); /* remove already sent session ID cookie */
1311 /* 'replace' must be 0 here, else a previous Set-Cookie
1312 header, probably sent with setcookie() will be replaced! */
1313 sapi_add_header_ex(estrndup(ZSTR_VAL(ncookie.s), ZSTR_LEN(ncookie.s)), ZSTR_LEN(ncookie.s), 0, 0);
1314 smart_str_free(&ncookie);
1315 }
1316 /* }}} */
1317
1318 PHPAPI ps_module *_php_find_ps_module(char *name) /* {{{ */
1319 {
1320 ps_module *ret = NULL;
1321 ps_module **mod;
1322 int i;
1323
1324 for (i = 0, mod = ps_modules; i < MAX_MODULES; i++, mod++) {
1325 if (*mod && !strcasecmp(name, (*mod)->s_name)) {
1326 ret = *mod;
1327 break;
1328 }
1329 }
1330 return ret;
1331 }
1332 /* }}} */
1333
1334 PHPAPI const ps_serializer *_php_find_ps_serializer(char *name) /* {{{ */
1335 {
1336 const ps_serializer *ret = NULL;
1337 const ps_serializer *mod;
1338
1339 for (mod = ps_serializers; mod->name; mod++) {
1340 if (!strcasecmp(name, mod->name)) {
1341 ret = mod;
1342 break;
1343 }
1344 }
1345 return ret;
1346 }
1347 /* }}} */
1348
1349 static void ppid2sid(zval *ppid) {
1350 ZVAL_DEREF(ppid);
1351 if (Z_TYPE_P(ppid) == IS_STRING) {
1352 PS(id) = zend_string_init(Z_STRVAL_P(ppid), Z_STRLEN_P(ppid), 0);
1353 PS(send_cookie) = 0;
1354 } else {
1355 PS(id) = NULL;
1356 PS(send_cookie) = 1;
1357 }
1358 }
1359
1360 PHPAPI void php_session_reset_id(void) /* {{{ */
1361 {
1362 int module_number = PS(module_number);
1363 zval *sid, *data, *ppid;
1364 zend_bool apply_trans_sid;
1365
1366 if (!PS(id)) {
1367 php_error_docref(NULL, E_WARNING, "Cannot set session ID - session ID is not initialized");
1368 return;
1369 }
1370
1371 if (PS(use_cookies) && PS(send_cookie)) {
1372 php_session_send_cookie();
1373 PS(send_cookie) = 0;
1374 }
1375
1376 /* If the SID constant exists, destroy it. */
1377 /* We must not delete any items in EG(zend_contants) */
1378 /* zend_hash_str_del(EG(zend_constants), "sid", sizeof("sid") - 1); */
1379 sid = zend_get_constant_str("SID", sizeof("SID") - 1);
1380
1381 if (PS(define_sid)) {
1382 smart_str var = {0};
1383
1384 smart_str_appends(&var, PS(session_name));
1385 smart_str_appendc(&var, '=');
1386 smart_str_appends(&var, ZSTR_VAL(PS(id)));
1387 smart_str_0(&var);
1388 if (sid) {
1389 zend_string_release(Z_STR_P(sid));
1390 ZVAL_NEW_STR(sid, var.s);
1391 } else {
1392 REGISTER_STRINGL_CONSTANT("SID", ZSTR_VAL(var.s), ZSTR_LEN(var.s), 0);
1393 smart_str_free(&var);
1394 }
1395 } else {
1396 if (sid) {
1397 zend_string_release(Z_STR_P(sid));
1398 ZVAL_EMPTY_STRING(sid);
1399 } else {
1400 REGISTER_STRINGL_CONSTANT("SID", "", 0, 0);
1401 }
1402 }
1403
1404 /* Apply trans sid if sid cookie is not set */
1405 apply_trans_sid = 0;
1406 if (APPLY_TRANS_SID) {
1407 apply_trans_sid = 1;
1408 if (PS(use_cookies) &&
1409 (data = zend_hash_str_find(&EG(symbol_table), "_COOKIE", sizeof("_COOKIE") - 1))) {
1410 ZVAL_DEREF(data);
1411 if (Z_TYPE_P(data) == IS_ARRAY &&
1412 (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), strlen(PS(session_name))))) {
1413 ZVAL_DEREF(ppid);
1414 apply_trans_sid = 0;
1415 }
1416 }
1417 }
1418 if (apply_trans_sid) {
1419 zend_string *sname;
1420 sname = zend_string_init(PS(session_name), strlen(PS(session_name)), 0);
1421 php_url_scanner_reset_session_var(sname, 1); /* This may fail when session name has changed */
1422 zend_string_release(sname);
1423 php_url_scanner_add_session_var(PS(session_name), strlen(PS(session_name)), ZSTR_VAL(PS(id)), ZSTR_LEN(PS(id)), 1);
1424 }
1425 }
1426 /* }}} */
1427
1428 PHPAPI void php_session_start(void) /* {{{ */
1429 {
1430 zval *ppid;
1431 zval *data;
1432 char *p, *value;
1433 size_t lensess;
1434
1435 switch (PS(session_status)) {
1436 case php_session_active:
1437 php_error(E_NOTICE, "A session had already been started - ignoring session_start()");
1438 return;
1439 break;
1440
1441 case php_session_disabled:
1442 value = zend_ini_string("session.save_handler", sizeof("session.save_handler") - 1, 0);
1443 if (!PS(mod) && value) {
1444 PS(mod) = _php_find_ps_module(value);
1445 if (!PS(mod)) {
1446 php_error_docref(NULL, E_WARNING, "Cannot find save handler '%s' - session startup failed", value);
1447 return;
1448 }
1449 }
1450 value = zend_ini_string("session.serialize_handler", sizeof("session.serialize_handler") - 1, 0);
1451 if (!PS(serializer) && value) {
1452 PS(serializer) = _php_find_ps_serializer(value);
1453 if (!PS(serializer)) {
1454 php_error_docref(NULL, E_WARNING, "Cannot find serialization handler '%s' - session startup failed", value);
1455 return;
1456 }
1457 }
1458 PS(session_status) = php_session_none;
1459 /* fallthrough */
1460
1461 default:
1462 case php_session_none:
1463 /* Setup internal flags */
1464 PS(define_sid) = !PS(use_only_cookies); /* SID constant is defined when non-cookie ID is used */
1465 PS(send_cookie) = PS(use_cookies) || PS(use_only_cookies);
1466 }
1467
1468 lensess = strlen(PS(session_name));
1469
1470 /*
1471 * Cookies are preferred, because initially cookie and get
1472 * variables will be available.
1473 * URL/POST session ID may be used when use_only_cookies=Off.
1474 * session.use_strice_mode=On prevents session adoption.
1475 * Session based file upload progress uses non-cookie ID.
1476 */
1477
1478 if (!PS(id)) {
1479 if (PS(use_cookies) && (data = zend_hash_str_find(&EG(symbol_table), "_COOKIE", sizeof("_COOKIE") - 1))) {
1480 ZVAL_DEREF(data);
1481 if (Z_TYPE_P(data) == IS_ARRAY && (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), lensess))) {
1482 ppid2sid(ppid);
1483 PS(send_cookie) = 0;
1484 PS(define_sid) = 0;
1485 }
1486 }
1487 /* Initilize session ID from non cookie values */
1488 if (!PS(use_only_cookies)) {
1489 if (!PS(id) && (data = zend_hash_str_find(&EG(symbol_table), "_GET", sizeof("_GET") - 1))) {
1490 ZVAL_DEREF(data);
1491 if (Z_TYPE_P(data) == IS_ARRAY && (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), lensess))) {
1492 ppid2sid(ppid);
1493 }
1494 }
1495 if (!PS(id) && (data = zend_hash_str_find(&EG(symbol_table), "_POST", sizeof("_POST") - 1))) {
1496 ZVAL_DEREF(data);
1497 if (Z_TYPE_P(data) == IS_ARRAY && (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), lensess))) {
1498 ppid2sid(ppid);
1499 }
1500 }
1501 /* Check the REQUEST_URI symbol for a string of the form
1502 * '<session-name>=<session-id>' to allow URLs of the form
1503 * http://yoursite/<session-name>=<session-id>/script.php */
1504 if (!PS(id) && zend_is_auto_global_str("_SERVER", sizeof("_SERVER") - 1) == SUCCESS &&
1505 (data = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), "REQUEST_URI", sizeof("REQUEST_URI") - 1)) &&
1506 Z_TYPE_P(data) == IS_STRING &&
1507 (p = strstr(Z_STRVAL_P(data), PS(session_name))) &&
1508 p[lensess] == '='
1509 ) {
1510 char *q;
1511 p += lensess + 1;
1512 if ((q = strpbrk(p, "/?\\"))) {
1513 PS(id) = zend_string_init(p, q - p, 0);
1514 }
1515 }
1516 /* Check whether the current request was referred to by
1517 * an external site which invalidates the previously found id. */
1518 if (PS(id) && PS(extern_referer_chk)[0] != '\0' &&
1519 !Z_ISUNDEF(PG(http_globals)[TRACK_VARS_SERVER]) &&
1520 (data = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), "HTTP_REFERER", sizeof("HTTP_REFERER") - 1)) &&
1521 Z_TYPE_P(data) == IS_STRING &&
1522 Z_STRLEN_P(data) != 0 &&
1523 strstr(Z_STRVAL_P(data), PS(extern_referer_chk)) == NULL
1524 ) {
1525 zend_string_release(PS(id));
1526 PS(id) = NULL;
1527 }
1528 }
1529 }
1530
1531 /* Finally check session id for dangerous characters
1532 * Security note: session id may be embedded in HTML pages.*/
1533 if (PS(id) && strpbrk(ZSTR_VAL(PS(id)), "\r\n\t <>'\"\\")) {
1534 zend_string_release(PS(id));
1535 PS(id) = NULL;
1536 }
1537
1538 php_session_initialize();
1539 php_session_cache_limiter();
1540 }
1541 /* }}} */
1542
1543 static void php_session_flush(int write) /* {{{ */
1544 {
1545 if (PS(session_status) == php_session_active) {
1546 php_session_save_current_state(write);
1547 PS(session_status) = php_session_none;
1548 }
1549 }
1550 /* }}} */
1551
1552 static void php_session_abort(void) /* {{{ */
1553 {
1554 if (PS(session_status) == php_session_active) {
1555 if (PS(mod_data) || PS(mod_user_implemented)) {
1556 PS(mod)->s_close(&PS(mod_data));
1557 }
1558 PS(session_status) = php_session_none;
1559 }
1560 }
1561 /* }}} */
1562
1563 static void php_session_reset(void) /* {{{ */
1564 {
1565 if (PS(session_status) == php_session_active) {
1566 php_session_initialize();
1567 }
1568 }
1569 /* }}} */
1570
1571
1572 /* This API is not used by any PHP modules including session currently.
1573 session_adapt_url() may be used to set Session ID to target url without
1574 starting "URL-Rewriter" output handler. */
1575 PHPAPI void session_adapt_url(const char *url, size_t urllen, char **new, size_t *newlen) /* {{{ */
1576 {
1577 if (APPLY_TRANS_SID && (PS(session_status) == php_session_active)) {
1578 *new = php_url_scanner_adapt_single_url(url, urllen, PS(session_name), ZSTR_VAL(PS(id)), newlen, 1);
1579 }
1580 }
1581 /* }}} */
1582
1583 /* ********************************
1584 * Userspace exported functions *
1585 ******************************** */
1586
1587 /* {{{ proto void session_set_cookie_params(int lifetime [, string path [, string domain [, bool secure[, bool httponly]]]])
1588 Set session cookie parameters */
1589 static PHP_FUNCTION(session_set_cookie_params)
1590 {
1591 zval *lifetime;
1592 zend_string *path = NULL, *domain = NULL;
1593 int argc = ZEND_NUM_ARGS();
1594 zend_bool secure = 0, httponly = 0;
1595 zend_string *ini_name;
1596
1597 if (!PS(use_cookies) ||
1598 zend_parse_parameters(argc, "z|SSbb", &lifetime, &path, &domain, &secure, &httponly) == FAILURE) {
1599 return;
1600 }
1601
1602 convert_to_string_ex(lifetime);
1603
1604 ini_name = zend_string_init("session.cookie_lifetime", sizeof("session.cookie_lifetime") - 1, 0);
1605 zend_alter_ini_entry(ini_name, Z_STR_P(lifetime), PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
1606 zend_string_release(ini_name);
1607
1608 if (path) {
1609 ini_name = zend_string_init("session.cookie_path", sizeof("session.cookie_path") - 1, 0);
1610 zend_alter_ini_entry(ini_name, path, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
1611 zend_string_release(ini_name);
1612 }
1613 if (domain) {
1614 ini_name = zend_string_init("session.cookie_domain", sizeof("session.cookie_domain") - 1, 0);
1615 zend_alter_ini_entry(ini_name, domain, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
1616 zend_string_release(ini_name);
1617 }
1618
1619 if (argc > 3) {
1620 ini_name = zend_string_init("session.cookie_secure", sizeof("session.cookie_secure") - 1, 0);
1621 zend_alter_ini_entry_chars(ini_name, secure ? "1" : "0", 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
1622 zend_string_release(ini_name);
1623 }
1624 if (argc > 4) {
1625 ini_name = zend_string_init("session.cookie_httponly", sizeof("session.cookie_httponly") - 1, 0);
1626 zend_alter_ini_entry_chars(ini_name, httponly ? "1" : "0", 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
1627 zend_string_release(ini_name);
1628 }
1629 }
1630 /* }}} */
1631
1632 /* {{{ proto array session_get_cookie_params(void)
1633 Return the session cookie parameters */
1634 static PHP_FUNCTION(session_get_cookie_params)
1635 {
1636 if (zend_parse_parameters_none() == FAILURE) {
1637 return;
1638 }
1639
1640 array_init(return_value);
1641
1642 add_assoc_long(return_value, "lifetime", PS(cookie_lifetime));
1643 add_assoc_string(return_value, "path", PS(cookie_path));
1644 add_assoc_string(return_value, "domain", PS(cookie_domain));
1645 add_assoc_bool(return_value, "secure", PS(cookie_secure));
1646 add_assoc_bool(return_value, "httponly", PS(cookie_httponly));
1647 }
1648 /* }}} */
1649
1650 /* {{{ proto string session_name([string newname])
1651 Return the current session name. If newname is given, the session name is replaced with newname */
1652 static PHP_FUNCTION(session_name)
1653 {
1654 zend_string *name = NULL;
1655 zend_string *ini_name;
1656
1657 if (zend_parse_parameters(ZEND_NUM_ARGS(), "|S", &name) == FAILURE) {
1658 return;
1659 }
1660
1661 RETVAL_STRING(PS(session_name));
1662
1663 if (name) {
1664 ini_name = zend_string_init("session.name", sizeof("session.name") - 1, 0);
1665 zend_alter_ini_entry(ini_name, name, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
1666 zend_string_release(ini_name);
1667 }
1668 }
1669 /* }}} */
1670
1671 /* {{{ proto string session_module_name([string newname])
1672 Return the current module name used for accessing session data. If newname is given, the module name is replaced with newname */
1673 static PHP_FUNCTION(session_module_name)
1674 {
1675 zend_string *name = NULL;
1676 zend_string *ini_name;
1677
1678 if (zend_parse_parameters(ZEND_NUM_ARGS(), "|S", &name) == FAILURE) {
1679 return;
1680 }
1681
1682 /* Set return_value to current module name */
1683 if (PS(mod) && PS(mod)->s_name) {
1684 RETVAL_STRING(PS(mod)->s_name);
1685 } else {
1686 RETVAL_EMPTY_STRING();
1687 }
1688
1689 if (name) {
1690 if (!_php_find_ps_module(ZSTR_VAL(name))) {
1691 php_error_docref(NULL, E_WARNING, "Cannot find named PHP session module (%s)", ZSTR_VAL(name));
1692
1693 zval_dtor(return_value);
1694 RETURN_FALSE;
1695 }
1696 if (PS(mod_data) || PS(mod_user_implemented)) {
1697 PS(mod)->s_close(&PS(mod_data));
1698 }
1699 PS(mod_data) = NULL;
1700
1701 ini_name = zend_string_init("session.save_handler", sizeof("session.save_handler") - 1, 0);
1702 zend_alter_ini_entry(ini_name, name, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
1703 zend_string_release(ini_name);
1704 }
1705 }
1706 /* }}} */
1707
1708 /* {{{ proto void session_set_save_handler(string open, string close, string read, string write, string destroy, string gc, string create_sid)
1709 Sets user-level functions */
1710 static PHP_FUNCTION(session_set_save_handler)
1711 {
1712 zval *args = NULL;
1713 int i, num_args, argc = ZEND_NUM_ARGS();
1714 zend_string *name;
1715 zend_string *ini_name, *ini_val;
1716
1717 if (PS(session_status) != php_session_none) {
1718 RETURN_FALSE;
1719 }
1720
1721 if (argc > 0 && argc <= 2) {
1722 zval *obj = NULL;
1723 zend_string *func_name;
1724 zend_function *current_mptr;
1725 zend_bool register_shutdown = 1;
1726
1727 if (zend_parse_parameters(ZEND_NUM_ARGS(), "O|b", &obj, php_session_iface_entry, ®ister_shutdown) == FAILURE) {
1728 RETURN_FALSE;
1729 }
1730
1731 /* For compatibility reason, implemeted interface is not checked */
1732 /* Find implemented methods - SessionHandlerInterface */
1733 i = 0;
1734 ZEND_HASH_FOREACH_STR_KEY(&php_session_iface_entry->function_table, func_name) {
1735 if ((current_mptr = zend_hash_find_ptr(&Z_OBJCE_P(obj)->function_table, func_name))) {
1736 if (!Z_ISUNDEF(PS(mod_user_names).names[i])) {
1737 zval_ptr_dtor(&PS(mod_user_names).names[i]);
1738 }
1739
1740 array_init_size(&PS(mod_user_names).names[i], 2);
1741 Z_ADDREF_P(obj);
1742 add_next_index_zval(&PS(mod_user_names).names[i], obj);
1743 add_next_index_str(&PS(mod_user_names).names[i], zend_string_copy(func_name));
1744 } else {
1745 php_error_docref(NULL, E_ERROR, "Session handler's function table is corrupt");
1746 RETURN_FALSE;
1747 }
1748
1749 ++i;
1750 } ZEND_HASH_FOREACH_END();
1751
1752 /* Find implemented methods - SessionIdInterface (optional) */
1753 ZEND_HASH_FOREACH_STR_KEY(&php_session_id_iface_entry->function_table, func_name) {
1754 if ((current_mptr = zend_hash_find_ptr(&Z_OBJCE_P(obj)->function_table, func_name))) {
1755 if (!Z_ISUNDEF(PS(mod_user_names).names[i])) {
1756 zval_ptr_dtor(&PS(mod_user_names).names[i]);
1757 }
1758 array_init_size(&PS(mod_user_names).names[i], 2);
1759 Z_ADDREF_P(obj);
1760 add_next_index_zval(&PS(mod_user_names).names[i], obj);
1761 add_next_index_str(&PS(mod_user_names).names[i], zend_string_copy(func_name));
1762 } else {
1763 if (!Z_ISUNDEF(PS(mod_user_names).names[i])) {
1764 zval_ptr_dtor(&PS(mod_user_names).names[i]);
1765 ZVAL_UNDEF(&PS(mod_user_names).names[i]);
1766 }
1767 }
1768
1769 ++i;
1770 } ZEND_HASH_FOREACH_END();
1771
1772 /* Find implemented methods - SessionUpdateTimestampInterface (optional) */
1773 ZEND_HASH_FOREACH_STR_KEY(&php_session_update_timestamp_iface_entry->function_table, func_name) {
1774 if ((current_mptr = zend_hash_find_ptr(&Z_OBJCE_P(obj)->function_table, func_name))) {
1775 if (!Z_ISUNDEF(PS(mod_user_names).names[i])) {
1776 zval_ptr_dtor(&PS(mod_user_names).names[i]);
1777 }
1778 array_init_size(&PS(mod_user_names).names[i], 2);
1779 Z_ADDREF_P(obj);
1780 add_next_index_zval(&PS(mod_user_names).names[i], obj);
1781 add_next_index_str(&PS(mod_user_names).names[i], zend_string_copy(func_name));
1782 } else {
1783 if (!Z_ISUNDEF(PS(mod_user_names).names[i])) {
1784 zval_ptr_dtor(&PS(mod_user_names).names[i]);
1785 ZVAL_UNDEF(&PS(mod_user_names).names[i]);
1786 }
1787 }
1788 ++i;
1789 } ZEND_HASH_FOREACH_END();
1790
1791 if (register_shutdown) {
1792 /* create shutdown function */
1793 php_shutdown_function_entry shutdown_function_entry;
1794 shutdown_function_entry.arg_count = 1;
1795 shutdown_function_entry.arguments = (zval *) safe_emalloc(sizeof(zval), 1, 0);
1796
1797 ZVAL_STRING(&shutdown_function_entry.arguments[0], "session_register_shutdown");
1798
1799 /* add shutdown function, removing the old one if it exists */
1800 if (!register_user_shutdown_function("session_shutdown", sizeof("session_shutdown") - 1, &shutdown_function_entry)) {
1801 zval_ptr_dtor(&shutdown_function_entry.arguments[0]);
1802 efree(shutdown_function_entry.arguments);
1803 php_error_docref(NULL, E_WARNING, "Unable to register session shutdown function");
1804 RETURN_FALSE;
1805 }
1806 } else {
1807 /* remove shutdown function */
1808 remove_user_shutdown_function("session_shutdown", sizeof("session_shutdown") - 1);
1809 }
1810
1811 if (PS(mod) && PS(session_status) != php_session_active && PS(mod) != &ps_mod_user) {
1812 ini_name = zend_string_init("session.save_handler", sizeof("session.save_handler") - 1, 0);
1813 ini_val = zend_string_init("user", sizeof("user") - 1, 0);
1814 zend_alter_ini_entry(ini_name, ini_val, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
1815 zend_string_release(ini_val);
1816 zend_string_release(ini_name);
1817 }
1818
1819 RETURN_TRUE;
1820 }
1821
1822 /* Set procedural save handler functions */
1823 if (argc < 6 || PS_NUM_APIS < argc) {
1824 WRONG_PARAM_COUNT;
1825 }
1826
1827 if (zend_parse_parameters(argc, "+", &args, &num_args) == FAILURE) {
1828 return;
1829 }
1830
1831 /* remove shutdown function */
1832 remove_user_shutdown_function("session_shutdown", sizeof("session_shutdown") - 1);
1833
1834 /* At this point argc can only be between 6 and PS_NUM_APIS */
1835 for (i = 0; i < argc; i++) {
1836 if (!zend_is_callable(&args[i], 0, &name)) {
1837 php_error_docref(NULL, E_WARNING, "Argument %d is not a valid callback", i+1);
1838 zend_string_release(name);
1839 RETURN_FALSE;
1840 }
1841 zend_string_release(name);
1842 }
1843
1844 if (PS(mod) && PS(mod) != &ps_mod_user) {
1845 ini_name = zend_string_init("session.save_handler", sizeof("session.save_handler") - 1, 0);
1846 ini_val = zend_string_init("user", sizeof("user") - 1, 0);
1847 zend_alter_ini_entry(ini_name, ini_val, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
1848 zend_string_release(ini_val);
1849 zend_string_release(ini_name);
1850 }
1851
1852 for (i = 0; i < argc; i++) {
1853 if (!Z_ISUNDEF(PS(mod_user_names).names[i])) {
1854 zval_ptr_dtor(&PS(mod_user_names).names[i]);
1855 }
1856 ZVAL_COPY(&PS(mod_user_names).names[i], &args[i]);
1857 }
1858
1859 RETURN_TRUE;
1860 }
1861 /* }}} */
1862
1863 /* {{{ proto string session_save_path([string newname])
1864 Return the current save path passed to module_name. If newname is given, the save path is replaced with newname */
1865 static PHP_FUNCTION(session_save_path)
1866 {
1867 zend_string *name = NULL;
1868 zend_string *ini_name;
1869
1870 if (zend_parse_parameters(ZEND_NUM_ARGS(), "|S", &name) == FAILURE) {
1871 return;
1872 }
1873
1874 RETVAL_STRING(PS(save_path));
1875
1876 if (name) {
1877 if (memchr(ZSTR_VAL(name), '\0', ZSTR_LEN(name)) != NULL) {
1878 php_error_docref(NULL, E_WARNING, "The save_path cannot contain NULL characters");
1879 zval_dtor(return_value);
1880 RETURN_FALSE;
1881 }
1882 ini_name = zend_string_init("session.save_path", sizeof("session.save_path") - 1, 0);
1883 zend_alter_ini_entry(ini_name, name, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
1884 zend_string_release(ini_name);
1885 }
1886 }
1887 /* }}} */
1888
1889 /* {{{ proto string session_id([string newid])
1890 Return the current session id. If newid is given, the session id is replaced with newid */
1891 static PHP_FUNCTION(session_id)
1892 {
1893 zend_string *name = NULL;
1894 int argc = ZEND_NUM_ARGS();
1895
1896 if (zend_parse_parameters(argc, "|S", &name) == FAILURE) {
1897 return;
1898 }
1899
1900 if (PS(id)) {
1901 /* keep compatibility for "\0" characters ???
1902 * see: ext/session/tests/session_id_error3.phpt */
1903 size_t len = strlen(ZSTR_VAL(PS(id)));
1904 if (UNEXPECTED(len != ZSTR_LEN(PS(id)))) {
1905 RETVAL_NEW_STR(zend_string_init(ZSTR_VAL(PS(id)), len, 0));
1906 } else {
1907 RETVAL_STR_COPY(PS(id));
1908 }
1909 } else {
1910 RETVAL_EMPTY_STRING();
1911 }
1912
1913 if (name) {
1914 if (PS(id)) {
1915 zend_string_release(PS(id));
1916 }
1917 PS(id) = zend_string_copy(name);
1918 }
1919 }
1920 /* }}} */
1921
1922 /* {{{ proto bool session_regenerate_id([bool delete_old_session])
1923 Update the current session id with a newly generated one. If delete_old_session is set to true, remove the old session. */
1924 static PHP_FUNCTION(session_regenerate_id)
1925 {
1926 zend_bool del_ses = 0;
1927 zend_string *data;
1928
1929 if (zend_parse_parameters(ZEND_NUM_ARGS(), "|b", &del_ses) == FAILURE) {
1930 return;
1931 }
1932
1933 if (PS(session_status) != php_session_active) {
1934 php_error_docref(NULL, E_WARNING, "Cannot regenerate session id - session is not active");
1935 RETURN_FALSE;
1936 }
1937
1938 if (SG(headers_sent) && PS(use_cookies)) {
1939 php_error_docref(NULL, E_WARNING, "Cannot regenerate session id - headers already sent");
1940 RETURN_FALSE;
1941 }
1942
1943 /* Process old session data */
1944 if (del_ses) {
1945 if (PS(mod)->s_destroy(&PS(mod_data), PS(id)) == FAILURE) {
1946 PS(mod)->s_close(&PS(mod_data));
1947 PS(session_status) = php_session_none;
1948 php_error_docref(NULL, E_WARNING, "Session object destruction failed. ID: %s (path: %s)", PS(mod)->s_name, PS(save_path));
1949 RETURN_FALSE;
1950 }
1951 } else {
1952 int ret;
1953 data = php_session_encode();
1954 if (data) {
1955 ret = PS(mod)->s_write(&PS(mod_data), PS(id), data, PS(gc_maxlifetime));
1956 zend_string_release(data);
1957 } else {
1958 ret = PS(mod)->s_write(&PS(mod_data), PS(id), ZSTR_EMPTY_ALLOC(), PS(gc_maxlifetime));
1959 }
1960 if (ret == FAILURE) {
1961 PS(mod)->s_close(&PS(mod_data));
1962 PS(session_status) = php_session_none;
1963 php_error_docref(NULL, E_WARNING, "Session write failed. ID: %s (path: %s)", PS(mod)->s_name, PS(save_path));
1964 RETURN_FALSE;
1965 }
1966 }
1967 PS(mod)->s_close(&PS(mod_data));
1968
1969 /* New session data */
1970 if (PS(session_vars)) {
1971 zend_string_release(PS(session_vars));
1972 PS(session_vars) = NULL;
1973 }
1974 zend_string_release(PS(id));
1975 PS(id) = NULL;
1976
1977 if (PS(mod)->s_open(&PS(mod_data), PS(save_path), PS(session_name)) == FAILURE) {
1978 PS(session_status) = php_session_none;
1979 zend_throw_error(NULL, "Failed to open session: %s (path: %s)", PS(mod)->s_name, PS(save_path));
1980 RETURN_FALSE;
1981 }
1982
1983 PS(id) = PS(mod)->s_create_sid(&PS(mod_data));
1984 if (!PS(id)) {
1985 PS(session_status) = php_session_none;
1986 zend_throw_error(NULL, "Failed to create new session ID: %s (path: %s)", PS(mod)->s_name, PS(save_path));
1987 RETURN_FALSE;
1988 }
1989 if (PS(use_strict_mode) && PS(mod)->s_validate_sid &&
1990 PS(mod)->s_validate_sid(&PS(mod_data), PS(id)) == FAILURE) {
1991 zend_string_release(PS(id));
1992 PS(id) = PS(mod)->s_create_sid(&PS(mod_data));
1993 if (!PS(id)) {
1994 PS(mod)->s_close(&PS(mod_data));
1995 PS(session_status) = php_session_none;
1996 zend_throw_error(NULL, "Failed to create session ID by collision: %s (path: %s)", PS(mod)->s_name, PS(save_path));
1997 RETURN_FALSE;
1998 }
1999 }
2000 /* Read is required to make new session data at this point. */
2001 if (PS(mod)->s_read(&PS(mod_data), PS(id), &data, PS(gc_maxlifetime)) == FAILURE) {
2002 PS(mod)->s_close(&PS(mod_data));
2003 PS(session_status) = php_session_none;
2004 zend_throw_error(NULL, "Failed to create(read) session ID: %s (path: %s)", PS(mod)->s_name, PS(save_path));
2005 RETURN_FALSE;
2006 }
2007 if (data) {
2008 zend_string_release(data);
2009 }
2010
2011 if (PS(use_cookies)) {
2012 PS(send_cookie) = 1;
2013 }
2014 php_session_reset_id();
2015
2016 RETURN_TRUE;
2017 }
2018 /* }}} */
2019
2020 /* {{{ proto void session_create_id([string prefix])
2021 Generate new session ID. Intended for user save handlers. */
2022 /* This is not used yet */
2023 static PHP_FUNCTION(session_create_id)
2024 {
2025 zend_string *prefix = NULL, *new_id;
2026 smart_str id = {0};
2027
2028 if (zend_parse_parameters(ZEND_NUM_ARGS(), "|S", &prefix) == FAILURE) {
2029 return;
2030 }
2031
2032 if (prefix && ZSTR_LEN(prefix)) {
2033 if (php_session_valid_key(ZSTR_VAL(prefix)) == FAILURE) {
2034 /* E_ERROR raised for security reason. */
2035 php_error_docref(NULL, E_WARNING, "Prefix cannot contain special characters. Only aphanumeric, ',', '-' are allowed");
2036 RETURN_FALSE;
2037 } else {
2038 smart_str_append(&id, prefix);
2039 }
2040 }
2041
2042 if (!PS(in_save_handler) && PS(session_status) == php_session_active) {
2043 int limit = 3;
2044 while (limit--) {
2045 new_id = PS(mod)->s_create_sid(&PS(mod_data));
2046 if (!PS(mod)->s_validate_sid) {
2047 break;
2048 } else {
2049 /* Detect collision and retry */
2050 if (PS(mod)->s_validate_sid(&PS(mod_data), new_id) == FAILURE) {
2051 zend_string_release(new_id);
2052 continue;
2053 }
2054 break;
2055 }
2056 }
2057 } else {
2058 new_id = php_session_create_id(NULL);
2059 }
2060
2061 if (new_id) {
2062 smart_str_append(&id, new_id);
2063 zend_string_release(new_id);
2064 } else {
2065 smart_str_free(&id);
2066 php_error_docref(NULL, E_WARNING, "Failed to create new ID");
2067 RETURN_FALSE;
2068 }
2069 smart_str_0(&id);
2070 RETVAL_NEW_STR(id.s);
2071 }
2072 /* }}} */
2073
2074 /* {{{ proto string session_cache_limiter([string new_cache_limiter])
2075 Return the current cache limiter. If new_cache_limited is given, the current cache_limiter is replaced with new_cache_limiter */
2076 static PHP_FUNCTION(session_cache_limiter)
2077 {
2078 zend_string *limiter = NULL;
2079 zend_string *ini_name;
2080
2081 if (zend_parse_parameters(ZEND_NUM_ARGS(), "|S", &limiter) == FAILURE) {
2082 return;
2083 }
2084
2085 RETVAL_STRING(PS(cache_limiter));
2086
2087 if (limiter) {
2088 ini_name = zend_string_init("session.cache_limiter", sizeof("session.cache_limiter") - 1, 0);
2089 zend_alter_ini_entry(ini_name, limiter, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
2090 zend_string_release(ini_name);
2091 }
2092 }
2093 /* }}} */
2094
2095 /* {{{ proto int session_cache_expire([int new_cache_expire])
2096 Return the current cache expire. If new_cache_expire is given, the current cache_expire is replaced with new_cache_expire */
2097 static PHP_FUNCTION(session_cache_expire)
2098 {
2099 zval *expires = NULL;
2100 zend_string *ini_name;
2101
2102 if (zend_parse_parameters(ZEND_NUM_ARGS(), "|z", &expires) == FAILURE) {
2103 return;
2104 }
2105
2106 RETVAL_LONG(PS(cache_expire));
2107
2108 if (expires) {
2109 convert_to_string_ex(expires);
2110 ini_name = zend_string_init("session.cache_expire", sizeof("session.cache_expire") - 1, 0);
2111 zend_alter_ini_entry(ini_name, Z_STR_P(expires), ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME);
2112 zend_string_release(ini_name);
2113 }
2114 }
2115 /* }}} */
2116
2117 /* {{{ proto string session_encode(void)
2118 Serializes the current setup and returns the serialized representation */
2119 static PHP_FUNCTION(session_encode)
2120 {
2121 zend_string *enc;
2122
2123 if (zend_parse_parameters_none() == FAILURE) {
2124 return;
2125 }
2126
2127 enc = php_session_encode();
2128 if (enc == NULL) {
2129 RETURN_FALSE;
2130 }
2131
2132 RETURN_STR(enc);
2133 }
2134 /* }}} */
2135
2136 /* {{{ proto bool session_decode(string data)
2137 Deserializes data and reinitializes the variables */
2138 static PHP_FUNCTION(session_decode)
2139 {
2140 zend_string *str = NULL;
2141
2142 if (PS(session_status) != php_session_active) {
2143 php_error_docref(NULL, E_WARNING, "Session is not active. You cannot decode session data");
2144 RETURN_FALSE;
2145 }
2146
2147 if (zend_parse_parameters(ZEND_NUM_ARGS(), "S", &str) == FAILURE) {
2148 return;
2149 }
2150
2151 if (php_session_decode(str) == FAILURE) {
2152 RETURN_FALSE;
2153 }
2154 RETURN_TRUE;
2155 }
2156 /* }}} */
2157
2158 static int php_session_start_set_ini(zend_string *varname, zend_string *new_value) {
2159 int ret;
2160 smart_str buf ={0};
2161 smart_str_appends(&buf, "session");
2162 smart_str_appendc(&buf, '.');
2163 smart_str_append(&buf, varname);
2164 smart_str_0(&buf);
2165 ret = zend_alter_ini_entry_ex(buf.s, new_value, PHP_INI_USER, PHP_INI_STAGE_RUNTIME, 0);
2166 smart_str_free(&buf);
2167 return ret;
2168 }
2169
2170 /* {{{ proto bool session_start([array options])
2171 + Begin session */
2172 static PHP_FUNCTION(session_start)
2173 {
2174 zval *options = NULL;
2175 zval *value;
2176 zend_ulong num_idx;
2177 zend_string *str_idx;
2178 zend_long read_and_close = 0;
2179
2180 if (zend_parse_parameters(ZEND_NUM_ARGS(), "|a", &options) == FAILURE) {
2181 RETURN_FALSE;
2182 }
2183
2184 /* set options */
2185 if (options) {
2186 ZEND_HASH_FOREACH_KEY_VAL(Z_ARRVAL_P(options), num_idx, str_idx, value) {
2187 if (str_idx) {
2188 switch(Z_TYPE_P(value)) {
2189 case IS_STRING:
2190 case IS_TRUE:
2191 case IS_FALSE:
2192 case IS_LONG:
2193 if (zend_string_equals_literal(str_idx, "read_and_close")) {
2194 read_and_close = zval_get_long(value);
2195 } else {
2196 zend_string *val = zval_get_string(value);
2197 if (php_session_start_set_ini(str_idx, val) == FAILURE) {
2198 php_error_docref(NULL, E_WARNING, "Setting option '%s' failed", ZSTR_VAL(str_idx));
2199 }
2200 zend_string_release(val);
2201 }
2202 break;
2203 default:
2204 php_error_docref(NULL, E_WARNING, "Option(%s) value must be string, boolean or long", ZSTR_VAL(str_idx));
2205 break;
2206 }
2207 }
2208 (void) num_idx;
2209 } ZEND_HASH_FOREACH_END();
2210 }
2211
2212 php_session_start();
2213
2214 if (PS(session_status) != php_session_active) {
2215 RETURN_FALSE;
2216 }
2217
2218 if (read_and_close) {
2219 php_session_flush(0);
2220 }
2221
2222 RETURN_TRUE;
2223 }
2224 /* }}} */
2225
2226 /* {{{ proto bool session_destroy(void)
2227 Destroy the current session and all data associated with it */
2228 static PHP_FUNCTION(session_destroy)
2229 {
2230 if (zend_parse_parameters_none() == FAILURE) {
2231 return;
2232 }
2233
2234 RETURN_BOOL(php_session_destroy() == SUCCESS);
2235 }
2236 /* }}} */
2237
2238 /* {{{ proto void session_unset(void)
2239 Unset all registered variables */
2240 static PHP_FUNCTION(session_unset)
2241 {
2242 if (PS(session_status) != php_session_active) {
2243 RETURN_FALSE;
2244 }
2245
2246 IF_SESSION_VARS() {
2247 zval *sess_var = Z_REFVAL(PS(http_session_vars));
2248 SEPARATE_ARRAY(sess_var);
2249
2250 /* Clean $_SESSION. */
2251 zend_hash_clean(Z_ARRVAL_P(sess_var));
2252 }
2253 }
2254 /* }}} */
2255
2256 /* {{{ proto int session_gc(void)
2257 Perform GC and return number of deleted sessions */
2258 static PHP_FUNCTION(session_gc)
2259 {
2260 zend_long num;
2261
2262 if (zend_parse_parameters_none() == FAILURE) {
2263 return;
2264 }
2265
2266 if (PS(session_status) != php_session_active) {
2267 php_error_docref(NULL, E_WARNING, "Session is not active");
2268 RETURN_FALSE;
2269 }
2270
2271 num = php_session_gc(1);
2272 if (num < 0) {
2273 RETURN_FALSE;
2274 }
2275
2276 RETURN_LONG(num);
2277 }
2278 /* }}} */
2279
2280
2281 /* {{{ proto void session_write_close(void)
2282 Write session data and end session */
2283 static PHP_FUNCTION(session_write_close)
2284 {
2285 php_session_flush(1);
2286 }
2287 /* }}} */
2288
2289 /* {{{ proto void session_abort(void)
2290 Abort session and end session. Session data will not be written */
2291 static PHP_FUNCTION(session_abort)
2292 {
2293 php_session_abort();
2294 }
2295 /* }}} */
2296
2297 /* {{{ proto void session_reset(void)
2298 Reset session data from saved session data */
2299 static PHP_FUNCTION(session_reset)
2300 {
2301 php_session_reset();
2302 }
2303 /* }}} */
2304
2305 /* {{{ proto int session_status(void)
2306 Returns the current session status */
2307 static PHP_FUNCTION(session_status)
2308 {
2309 if (zend_parse_parameters_none() == FAILURE) {
2310 return;
2311 }
2312
2313 RETURN_LONG(PS(session_status));
2314 }
2315 /* }}} */
2316
2317 /* {{{ proto void session_register_shutdown(void)
2318 Registers session_write_close() as a shutdown function */
2319 static PHP_FUNCTION(session_register_shutdown)
2320 {
2321 php_shutdown_function_entry shutdown_function_entry;
2322
2323 /* This function is registered itself as a shutdown function by
2324 * session_set_save_handler($obj). The reason we now register another
2325 * shutdown function is in case the user registered their own shutdown
2326 * function after calling session_set_save_handler(), which expects
2327 * the session still to be available.
2328 */
2329
2330 shutdown_function_entry.arg_count = 1;
2331 shutdown_function_entry.arguments = (zval *) safe_emalloc(sizeof(zval), 1, 0);
2332
2333 ZVAL_STRING(&shutdown_function_entry.arguments[0], "session_write_close");
2334
2335 if (!append_user_shutdown_function(shutdown_function_entry)) {
2336 zval_ptr_dtor(&shutdown_function_entry.arguments[0]);
2337 efree(shutdown_function_entry.arguments);
2338
2339 /* Unable to register shutdown function, presumably because of lack
2340 * of memory, so flush the session now. It would be done in rshutdown
2341 * anyway but the handler will have had it's dtor called by then.
2342 * If the user does have a later shutdown function which needs the
2343 * session then tough luck.
2344 */
2345 php_session_flush(1);
2346 php_error_docref(NULL, E_WARNING, "Unable to register session flush function");
2347 }
2348 }
2349 /* }}} */
2350
2351 /* {{{ arginfo */
2352 ZEND_BEGIN_ARG_INFO_EX(arginfo_session_name, 0, 0, 0)
2353 ZEND_ARG_INFO(0, name)
2354 ZEND_END_ARG_INFO()
2355
2356 ZEND_BEGIN_ARG_INFO_EX(arginfo_session_module_name, 0, 0, 0)
2357 ZEND_ARG_INFO(0, module)
2358 ZEND_END_ARG_INFO()
2359
2360 ZEND_BEGIN_ARG_INFO_EX(arginfo_session_save_path, 0, 0, 0)
2361 ZEND_ARG_INFO(0, path)
2362 ZEND_END_ARG_INFO()
2363
2364 ZEND_BEGIN_ARG_INFO_EX(arginfo_session_id, 0, 0, 0)
2365 ZEND_ARG_INFO(0, id)
2366 ZEND_END_ARG_INFO()
2367
2368 ZEND_BEGIN_ARG_INFO_EX(arginfo_session_create_id, 0, 0, 0)
2369 ZEND_ARG_INFO(0, prefix)
2370 ZEND_END_ARG_INFO()
2371
2372 ZEND_BEGIN_ARG_INFO_EX(arginfo_session_regenerate_id, 0, 0, 0)
2373 ZEND_ARG_INFO(0, delete_old_session)
2374 ZEND_END_ARG_INFO()
2375
2376 ZEND_BEGIN_ARG_INFO_EX(arginfo_session_decode, 0, 0, 1)
2377 ZEND_ARG_INFO(0, data)
2378 ZEND_END_ARG_INFO()
2379
2380 ZEND_BEGIN_ARG_INFO(arginfo_session_void, 0)
2381 ZEND_END_ARG_INFO()
2382
2383 ZEND_BEGIN_ARG_INFO_EX(arginfo_session_set_save_handler, 0, 0, 1)
2384 ZEND_ARG_INFO(0, open)
2385 ZEND_ARG_INFO(0, close)
2386 ZEND_ARG_INFO(0, read)
2387 ZEND_ARG_INFO(0, write)
2388 ZEND_ARG_INFO(0, destroy)
2389 ZEND_ARG_INFO(0, gc)
2390 ZEND_ARG_INFO(0, create_sid)
2391 ZEND_ARG_INFO(0, validate_sid)
2392 ZEND_ARG_INFO(0, update_timestamp)
2393 ZEND_END_ARG_INFO()
2394
2395 ZEND_BEGIN_ARG_INFO_EX(arginfo_session_cache_limiter, 0, 0, 0)
2396 ZEND_ARG_INFO(0, cache_limiter)
2397 ZEND_END_ARG_INFO()
2398
2399 ZEND_BEGIN_ARG_INFO_EX(arginfo_session_cache_expire, 0, 0, 0)
2400 ZEND_ARG_INFO(0, new_cache_expire)
2401 ZEND_END_ARG_INFO()
2402
2403 ZEND_BEGIN_ARG_INFO_EX(arginfo_session_set_cookie_params, 0, 0, 1)
2404 ZEND_ARG_INFO(0, lifetime)
2405 ZEND_ARG_INFO(0, path)
2406 ZEND_ARG_INFO(0, domain)
2407 ZEND_ARG_INFO(0, secure)
2408 ZEND_ARG_INFO(0, httponly)
2409 ZEND_END_ARG_INFO()
2410
2411 ZEND_BEGIN_ARG_INFO(arginfo_session_class_open, 0)
2412 ZEND_ARG_INFO(0, save_path)
2413 ZEND_ARG_INFO(0, session_name)
2414 ZEND_END_ARG_INFO()
2415
2416 ZEND_BEGIN_ARG_INFO(arginfo_session_class_close, 0)
2417 ZEND_END_ARG_INFO()
2418
2419 ZEND_BEGIN_ARG_INFO(arginfo_session_class_read, 0)
2420 ZEND_ARG_INFO(0, key)
2421 ZEND_END_ARG_INFO()
2422
2423 ZEND_BEGIN_ARG_INFO(arginfo_session_class_write, 0)
2424 ZEND_ARG_INFO(0, key)
2425 ZEND_ARG_INFO(0, val)
2426 ZEND_END_ARG_INFO()
2427
2428 ZEND_BEGIN_ARG_INFO(arginfo_session_class_destroy, 0)
2429 ZEND_ARG_INFO(0, key)
2430 ZEND_END_ARG_INFO()
2431
2432 ZEND_BEGIN_ARG_INFO(arginfo_session_class_gc, 0)
2433 ZEND_ARG_INFO(0, maxlifetime)
2434 ZEND_END_ARG_INFO()
2435
2436 ZEND_BEGIN_ARG_INFO(arginfo_session_class_create_sid, 0)
2437 ZEND_END_ARG_INFO()
2438
2439 ZEND_BEGIN_ARG_INFO(arginfo_session_class_validateId, 0)
2440 ZEND_ARG_INFO(0, key)
2441 ZEND_END_ARG_INFO()
2442
2443 ZEND_BEGIN_ARG_INFO(arginfo_session_class_updateTimestamp, 0)
2444 ZEND_ARG_INFO(0, key)
2445 ZEND_ARG_INFO(0, val)
2446 ZEND_END_ARG_INFO()
2447
2448 ZEND_BEGIN_ARG_INFO_EX(arginfo_session_start, 0, 0, 0)
2449 ZEND_ARG_INFO(0, options) /* array */
2450 ZEND_END_ARG_INFO()
2451 /* }}} */
2452
2453 /* {{{ session_functions[]
2454 */
2455 static const zend_function_entry session_functions[] = {
2456 PHP_FE(session_name, arginfo_session_name)
2457 PHP_FE(session_module_name, arginfo_session_module_name)
2458 PHP_FE(session_save_path, arginfo_session_save_path)
2459 PHP_FE(session_id, arginfo_session_id)
2460 PHP_FE(session_create_id, arginfo_session_create_id)
2461 PHP_FE(session_regenerate_id, arginfo_session_regenerate_id)
2462 PHP_FE(session_decode, arginfo_session_decode)
2463 PHP_FE(session_encode, arginfo_session_void)
2464 PHP_FE(session_start, arginfo_session_start)
2465 PHP_FE(session_destroy, arginfo_session_void)
2466 PHP_FE(session_unset, arginfo_session_void)
2467 PHP_FE(session_gc, arginfo_session_void)
2468 PHP_FE(session_set_save_handler, arginfo_session_set_save_handler)
2469 PHP_FE(session_cache_limiter, arginfo_session_cache_limiter)
2470 PHP_FE(session_cache_expire, arginfo_session_cache_expire)
2471 PHP_FE(session_set_cookie_params, arginfo_session_set_cookie_params)
2472 PHP_FE(session_get_cookie_params, arginfo_session_void)
2473 PHP_FE(session_write_close, arginfo_session_void)
2474 PHP_FE(session_abort, arginfo_session_void)
2475 PHP_FE(session_reset, arginfo_session_void)
2476 PHP_FE(session_status, arginfo_session_void)
2477 PHP_FE(session_register_shutdown, arginfo_session_void)
2478 PHP_FALIAS(session_commit, session_write_close, arginfo_session_void)
2479 PHP_FE_END
2480 };
2481 /* }}} */
2482
2483 /* {{{ SessionHandlerInterface functions[]
2484 */
2485 static const zend_function_entry php_session_iface_functions[] = {
2486 PHP_ABSTRACT_ME(SessionHandlerInterface, open, arginfo_session_class_open)
2487 PHP_ABSTRACT_ME(SessionHandlerInterface, close, arginfo_session_class_close)
2488 PHP_ABSTRACT_ME(SessionHandlerInterface, read, arginfo_session_class_read)
2489 PHP_ABSTRACT_ME(SessionHandlerInterface, write, arginfo_session_class_write)
2490 PHP_ABSTRACT_ME(SessionHandlerInterface, destroy, arginfo_session_class_destroy)
2491 PHP_ABSTRACT_ME(SessionHandlerInterface, gc, arginfo_session_class_gc)
2492 PHP_FE_END
2493 };
2494 /* }}} */
2495
2496 /* {{{ SessionIdInterface functions[]
2497 */
2498 static const zend_function_entry php_session_id_iface_functions[] = {
2499 PHP_ABSTRACT_ME(SessionIdInterface, create_sid, arginfo_session_class_create_sid)
2500 PHP_FE_END
2501 };
2502 /* }}} */
2503
2504 /* {{{ SessionUpdateTimestampHandler functions[]
2505 */
2506 static const zend_function_entry php_session_update_timestamp_iface_functions[] = {
2507 PHP_ABSTRACT_ME(SessionUpdateTimestampHandlerInterface, validateId, arginfo_session_class_validateId)
2508 PHP_ABSTRACT_ME(SessionUpdateTimestampHandlerInterface, updateTimestamp, arginfo_session_class_updateTimestamp)
2509 PHP_FE_END
2510 };
2511 /* }}} */
2512
2513 /* {{{ SessionHandler functions[]
2514 */
2515 static const zend_function_entry php_session_class_functions[] = {
2516 PHP_ME(SessionHandler, open, arginfo_session_class_open, ZEND_ACC_PUBLIC)
2517 PHP_ME(SessionHandler, close, arginfo_session_class_close, ZEND_ACC_PUBLIC)
2518 PHP_ME(SessionHandler, read, arginfo_session_class_read, ZEND_ACC_PUBLIC)
2519 PHP_ME(SessionHandler, write, arginfo_session_class_write, ZEND_ACC_PUBLIC)
2520 PHP_ME(SessionHandler, destroy, arginfo_session_class_destroy, ZEND_ACC_PUBLIC)
2521 PHP_ME(SessionHandler, gc, arginfo_session_class_gc, ZEND_ACC_PUBLIC)
2522 PHP_ME(SessionHandler, create_sid, arginfo_session_class_create_sid, ZEND_ACC_PUBLIC)
2523 PHP_FE_END
2524 };
2525 /* }}} */
2526
2527 /* ********************************
2528 * Module Setup and Destruction *
2529 ******************************** */
2530
2531 static int php_rinit_session(zend_bool auto_start) /* {{{ */
2532 {
2533 php_rinit_session_globals();
2534
2535 if (PS(mod) == NULL) {
2536 char *value;
2537
2538 value = zend_ini_string("session.save_handler", sizeof("session.save_handler") - 1, 0);
2539 if (value) {
2540 PS(mod) = _php_find_ps_module(value);
2541 }
2542 }
2543
2544 if (PS(serializer) == NULL) {
2545 char *value;
2546
2547 value = zend_ini_string("session.serialize_handler", sizeof("session.serialize_handler") - 1, 0);
2548 if (value) {
2549 PS(serializer) = _php_find_ps_serializer(value);
2550 }
2551 }
2552
2553 if (PS(mod) == NULL || PS(serializer) == NULL) {
2554 /* current status is unusable */
2555 PS(session_status) = php_session_disabled;
2556 return SUCCESS;
2557 }
2558
2559 if (auto_start) {
2560 php_session_start();
2561 }
2562
2563 return SUCCESS;
2564 } /* }}} */
2565
2566 static PHP_RINIT_FUNCTION(session) /* {{{ */
2567 {
2568 return php_rinit_session(PS(auto_start));
2569 }
2570 /* }}} */
2571
2572 static PHP_RSHUTDOWN_FUNCTION(session) /* {{{ */
2573 {
2574 int i;
2575
2576 if (PS(session_status) == php_session_active) {
2577 zend_try {
2578 php_session_flush(1);
2579 } zend_end_try();
2580 }
2581 php_rshutdown_session_globals();
2582
2583 /* this should NOT be done in php_rshutdown_session_globals() */
2584 for (i = 0; i < PS_NUM_APIS; i++) {
2585 if (!Z_ISUNDEF(PS(mod_user_names).names[i])) {
2586 zval_ptr_dtor(&PS(mod_user_names).names[i]);
2587 ZVAL_UNDEF(&PS(mod_user_names).names[i]);
2588 }
2589 }
2590
2591 return SUCCESS;
2592 }
2593 /* }}} */
2594
2595 static PHP_GINIT_FUNCTION(ps) /* {{{ */
2596 {
2597 int i;
2598
2599 #if defined(COMPILE_DL_SESSION) && defined(ZTS)
2600 ZEND_TSRMLS_CACHE_UPDATE();
2601 #endif
2602
2603 ps_globals->save_path = NULL;
2604 ps_globals->session_name = NULL;
2605 ps_globals->id = NULL;
2606 ps_globals->mod = NULL;
2607 ps_globals->serializer = NULL;
2608 ps_globals->mod_data = NULL;
2609 ps_globals->session_status = php_session_none;
2610 ps_globals->default_mod = NULL;
2611 ps_globals->mod_user_implemented = 0;
2612 ps_globals->mod_user_is_open = 0;
2613 ps_globals->session_vars = NULL;
2614 for (i = 0; i < PS_NUM_APIS; i++) {
2615 ZVAL_UNDEF(&ps_globals->mod_user_names.names[i]);
2616 }
2617 ZVAL_UNDEF(&ps_globals->http_session_vars);
2618 }
2619 /* }}} */
2620
2621 static PHP_MINIT_FUNCTION(session) /* {{{ */
2622 {
2623 zend_class_entry ce;
2624
2625 zend_register_auto_global(zend_string_init("_SESSION", sizeof("_SESSION") - 1, 1), 0, NULL);
2626
2627 my_module_number = module_number;
2628 PS(module_number) = module_number;
2629
2630 PS(session_status) = php_session_none;
2631 REGISTER_INI_ENTRIES();
2632
2633 #ifdef HAVE_LIBMM
2634 PHP_MINIT(ps_mm) (INIT_FUNC_ARGS_PASSTHRU);
2635 #endif
2636 php_session_rfc1867_orig_callback = php_rfc1867_callback;
2637 php_rfc1867_callback = php_session_rfc1867_callback;
2638
2639 /* Register interfaces */
2640 INIT_CLASS_ENTRY(ce, PS_IFACE_NAME, php_session_iface_functions);
2641 php_session_iface_entry = zend_register_internal_class(&ce);
2642 php_session_iface_entry->ce_flags |= ZEND_ACC_INTERFACE;
2643
2644 INIT_CLASS_ENTRY(ce, PS_SID_IFACE_NAME, php_session_id_iface_functions);
2645 php_session_id_iface_entry = zend_register_internal_class(&ce);
2646 php_session_id_iface_entry->ce_flags |= ZEND_ACC_INTERFACE;
2647
2648 INIT_CLASS_ENTRY(ce, PS_UPDATE_TIMESTAMP_IFACE_NAME, php_session_update_timestamp_iface_functions);
2649 php_session_update_timestamp_iface_entry = zend_register_internal_class(&ce);
2650 php_session_update_timestamp_iface_entry->ce_flags |= ZEND_ACC_INTERFACE;
2651
2652 /* Register base class */
2653 INIT_CLASS_ENTRY(ce, PS_CLASS_NAME, php_session_class_functions);
2654 php_session_class_entry = zend_register_internal_class(&ce);
2655 zend_class_implements(php_session_class_entry, 1, php_session_iface_entry);
2656 zend_class_implements(php_session_class_entry, 1, php_session_id_iface_entry);
2657
2658 REGISTER_LONG_CONSTANT("PHP_SESSION_DISABLED", php_session_disabled, CONST_CS | CONST_PERSISTENT);
2659 REGISTER_LONG_CONSTANT("PHP_SESSION_NONE", php_session_none, CONST_CS | CONST_PERSISTENT);
2660 REGISTER_LONG_CONSTANT("PHP_SESSION_ACTIVE", php_session_active, CONST_CS | CONST_PERSISTENT);
2661
2662 return SUCCESS;
2663 }
2664 /* }}} */
2665
2666 static PHP_MSHUTDOWN_FUNCTION(session) /* {{{ */
2667 {
2668 UNREGISTER_INI_ENTRIES();
2669
2670 #ifdef HAVE_LIBMM
2671 PHP_MSHUTDOWN(ps_mm) (SHUTDOWN_FUNC_ARGS_PASSTHRU);
2672 #endif
2673
2674 /* reset rfc1867 callbacks */
2675 php_session_rfc1867_orig_callback = NULL;
2676 if (php_rfc1867_callback == php_session_rfc1867_callback) {
2677 php_rfc1867_callback = NULL;
2678 }
2679
2680 ps_serializers[PREDEFINED_SERIALIZERS].name = NULL;
2681 memset(&ps_modules[PREDEFINED_MODULES], 0, (MAX_MODULES-PREDEFINED_MODULES)*sizeof(ps_module *));
2682
2683 return SUCCESS;
2684 }
2685 /* }}} */
2686
2687 static PHP_MINFO_FUNCTION(session) /* {{{ */
2688 {
2689 ps_module **mod;
2690 ps_serializer *ser;
2691 smart_str save_handlers = {0};
2692 smart_str ser_handlers = {0};
2693 int i;
2694
2695 /* Get save handlers */
2696 for (i = 0, mod = ps_modules; i < MAX_MODULES; i++, mod++) {
2697 if (*mod && (*mod)->s_name) {
2698 smart_str_appends(&save_handlers, (*mod)->s_name);
2699 smart_str_appendc(&save_handlers, ' ');
2700 }
2701 }
2702
2703 /* Get serializer handlers */
2704 for (i = 0, ser = ps_serializers; i < MAX_SERIALIZERS; i++, ser++) {
2705 if (ser && ser->name) {
2706 smart_str_appends(&ser_handlers, ser->name);
2707 smart_str_appendc(&ser_handlers, ' ');
2708 }
2709 }
2710
2711 php_info_print_table_start();
2712 php_info_print_table_row(2, "Session Support", "enabled" );
2713
2714 if (save_handlers.s) {
2715 smart_str_0(&save_handlers);
2716 php_info_print_table_row(2, "Registered save handlers", ZSTR_VAL(save_handlers.s));
2717 smart_str_free(&save_handlers);
2718 } else {
2719 php_info_print_table_row(2, "Registered save handlers", "none");
2720 }
2721
2722 if (ser_handlers.s) {
2723 smart_str_0(&ser_handlers);
2724 php_info_print_table_row(2, "Registered serializer handlers", ZSTR_VAL(ser_handlers.s));
2725 smart_str_free(&ser_handlers);
2726 } else {
2727 php_info_print_table_row(2, "Registered serializer handlers", "none");
2728 }
2729
2730 php_info_print_table_end();
2731
2732 DISPLAY_INI_ENTRIES();
2733 }
2734 /* }}} */
2735
2736 static const zend_module_dep session_deps[] = { /* {{{ */
2737 ZEND_MOD_OPTIONAL("hash")
2738 ZEND_MOD_REQUIRED("spl")
2739 ZEND_MOD_END
2740 };
2741 /* }}} */
2742
2743 /* ************************
2744 * Upload hook handling *
2745 ************************ */
2746
2747 static zend_bool early_find_sid_in(zval *dest, int where, php_session_rfc1867_progress *progress) /* {{{ */
2748 {
2749 zval *ppid;
2750
2751 if (Z_ISUNDEF(PG(http_globals)[where])) {
2752 return 0;
2753 }
2754
2755 if ((ppid = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[where]), PS(session_name), progress->sname_len))
2756 && Z_TYPE_P(ppid) == IS_STRING) {
2757 zval_dtor(dest);
2758 ZVAL_DEREF(ppid);
2759 ZVAL_COPY(dest, ppid);
2760 return 1;
2761 }
2762
2763 return 0;
2764 } /* }}} */
2765
2766 static void php_session_rfc1867_early_find_sid(php_session_rfc1867_progress *progress) /* {{{ */
2767 {
2768
2769 if (PS(use_cookies)) {
2770 sapi_module.treat_data(PARSE_COOKIE, NULL, NULL);
2771 if (early_find_sid_in(&progress->sid, TRACK_VARS_COOKIE, progress)) {
2772 progress->apply_trans_sid = 0;
2773 return;
2774 }
2775 }
2776 if (PS(use_only_cookies)) {
2777 return;
2778 }
2779 sapi_module.treat_data(PARSE_GET, NULL, NULL);
2780 early_find_sid_in(&progress->sid, TRACK_VARS_GET, progress);
2781 } /* }}} */
2782
2783 static zend_bool php_check_cancel_upload(php_session_rfc1867_progress *progress) /* {{{ */
2784 {
2785 zval *progress_ary, *cancel_upload;
2786
2787 if ((progress_ary = zend_symtable_find(Z_ARRVAL_P(Z_REFVAL(PS(http_session_vars))), progress->key.s)) == NULL) {
2788 return 0;
2789 }
2790 if (Z_TYPE_P(progress_ary) != IS_ARRAY) {
2791 return 0;
2792 }
2793 if ((cancel_upload = zend_hash_str_find(Z_ARRVAL_P(progress_ary), "cancel_upload", sizeof("cancel_upload") - 1)) == NULL) {
2794 return 0;
2795 }
2796 return Z_TYPE_P(cancel_upload) == IS_TRUE;
2797 } /* }}} */
2798
2799 static void php_session_rfc1867_update(php_session_rfc1867_progress *progress, int force_update) /* {{{ */
2800 {
2801 if (!force_update) {
2802 if (Z_LVAL_P(progress->post_bytes_processed) < progress->next_update) {
2803 return;
2804 }
2805 #ifdef HAVE_GETTIMEOFDAY
2806 if (PS(rfc1867_min_freq) > 0.0) {
2807 struct timeval tv = {0};
2808 double dtv;
2809 gettimeofday(&tv, NULL);
2810 dtv = (double) tv.tv_sec + tv.tv_usec / 1000000.0;
2811 if (dtv < progress->next_update_time) {
2812 return;
2813 }
2814 progress->next_update_time = dtv + PS(rfc1867_min_freq);
2815 }
2816 #endif
2817 progress->next_update = Z_LVAL_P(progress->post_bytes_processed) + progress->update_step;
2818 }
2819
2820 php_session_initialize();
2821 PS(session_status) = php_session_active;
2822 IF_SESSION_VARS() {
2823 zval *sess_var = Z_REFVAL(PS(http_session_vars));
2824 SEPARATE_ARRAY(sess_var);
2825
2826 progress->cancel_upload |= php_check_cancel_upload(progress);
2827 Z_TRY_ADDREF(progress->data);
2828 zend_hash_update(Z_ARRVAL_P(sess_var), progress->key.s, &progress->data);
2829 }
2830 php_session_flush(1);
2831 } /* }}} */
2832
2833 static void php_session_rfc1867_cleanup(php_session_rfc1867_progress *progress) /* {{{ */
2834 {
2835 php_session_initialize();
2836 PS(session_status) = php_session_active;
2837 IF_SESSION_VARS() {
2838 zval *sess_var = Z_REFVAL(PS(http_session_vars));
2839 SEPARATE_ARRAY(sess_var);
2840 zend_hash_del(Z_ARRVAL_P(sess_var), progress->key.s);
2841 }
2842 php_session_flush(1);
2843 } /* }}} */
2844
2845 static int php_session_rfc1867_callback(unsigned int event, void *event_data, void **extra) /* {{{ */
2846 {
2847 php_session_rfc1867_progress *progress;
2848 int retval = SUCCESS;
2849
2850 if (php_session_rfc1867_orig_callback) {
2851 retval = php_session_rfc1867_orig_callback(event, event_data, extra);
2852 }
2853 if (!PS(rfc1867_enabled)) {
2854 return retval;
2855 }
2856
2857 progress = PS(rfc1867_progress);
2858
2859 switch(event) {
2860 case MULTIPART_EVENT_START: {
2861 multipart_event_start *data = (multipart_event_start *) event_data;
2862 progress = ecalloc(1, sizeof(php_session_rfc1867_progress));
2863 progress->content_length = data->content_length;
2864 progress->sname_len = strlen(PS(session_name));
2865 PS(rfc1867_progress) = progress;
2866 }
2867 break;
2868 case MULTIPART_EVENT_FORMDATA: {
2869 multipart_event_formdata *data = (multipart_event_formdata *) event_data;
2870 size_t value_len;
2871
2872 if (Z_TYPE(progress->sid) && progress->key.s) {
2873 break;
2874 }
2875
2876 /* orig callback may have modified *data->newlength */
2877 if (data->newlength) {
2878 value_len = *data->newlength;
2879 } else {
2880 value_len = data->length;
2881 }
2882
2883 if (data->name && data->value && value_len) {
2884 size_t name_len = strlen(data->name);
2885
2886 if (name_len == progress->sname_len && memcmp(data->name, PS(session_name), name_len) == 0) {
2887 zval_dtor(&progress->sid);
2888 ZVAL_STRINGL(&progress->sid, (*data->value), value_len);
2889 } else if (name_len == strlen(PS(rfc1867_name)) && memcmp(data->name, PS(rfc1867_name), name_len + 1) == 0) {
2890 smart_str_free(&progress->key);
2891 smart_str_appends(&progress->key, PS(rfc1867_prefix));
2892 smart_str_appendl(&progress->key, *data->value, value_len);
2893 smart_str_0(&progress->key);
2894
2895 progress->apply_trans_sid = APPLY_TRANS_SID;
2896 php_session_rfc1867_early_find_sid(progress);
2897 }
2898 }
2899 }
2900 break;
2901 case MULTIPART_EVENT_FILE_START: {
2902 multipart_event_file_start *data = (multipart_event_file_start *) event_data;
2903
2904 /* Do nothing when $_POST["PHP_SESSION_UPLOAD_PROGRESS"] is not set
2905 * or when we have no session id */
2906 if (!Z_TYPE(progress->sid) || !progress->key.s) {
2907 break;
2908 }
2909
2910 /* First FILE_START event, initializing data */
2911 if (Z_ISUNDEF(progress->data)) {
2912
2913 if (PS(rfc1867_freq) >= 0) {
2914 progress->update_step = PS(rfc1867_freq);
2915 } else if (PS(rfc1867_freq) < 0) { /* % of total size */
2916 progress->update_step = progress->content_length * -PS(rfc1867_freq) / 100;
2917 }
2918 progress->next_update = 0;
2919 progress->next_update_time = 0.0;
2920
2921 array_init(&progress->data);
2922 array_init(&progress->files);
2923
2924 add_assoc_long_ex(&progress->data, "start_time", sizeof("start_time") - 1, (zend_long)sapi_get_request_time());
2925 add_assoc_long_ex(&progress->data, "content_length", sizeof("content_length") - 1, progress->content_length);
2926 add_assoc_long_ex(&progress->data, "bytes_processed", sizeof("bytes_processed") - 1, data->post_bytes_processed);
2927 add_assoc_bool_ex(&progress->data, "done", sizeof("done") - 1, 0);
2928 add_assoc_zval_ex(&progress->data, "files", sizeof("files") - 1, &progress->files);
2929
2930 progress->post_bytes_processed = zend_hash_str_find(Z_ARRVAL(progress->data), "bytes_processed", sizeof("bytes_processed") - 1);
2931
2932 php_rinit_session(0);
2933 PS(id) = zend_string_init(Z_STRVAL(progress->sid), Z_STRLEN(progress->sid), 0);
2934 if (progress->apply_trans_sid) {
2935 /* Enable trans sid by modifying flags */
2936 PS(use_trans_sid) = 1;
2937 PS(use_only_cookies) = 0;
2938 }
2939 PS(send_cookie) = 0;
2940 }
2941
2942 array_init(&progress->current_file);
2943
2944 /* Each uploaded file has its own array. Trying to make it close to $_FILES entries. */
2945 add_assoc_string_ex(&progress->current_file, "field_name", sizeof("field_name") - 1, data->name);
2946 add_assoc_string_ex(&progress->current_file, "name", sizeof("name") - 1, *data->filename);
2947 add_assoc_null_ex(&progress->current_file, "tmp_name", sizeof("tmp_name") - 1);
2948 add_assoc_long_ex(&progress->current_file, "error", sizeof("error") - 1, 0);
2949
2950 add_assoc_bool_ex(&progress->current_file, "done", sizeof("done") - 1, 0);
2951 add_assoc_long_ex(&progress->current_file, "start_time", sizeof("start_time") - 1, (zend_long)time(NULL));
2952 add_assoc_long_ex(&progress->current_file, "bytes_processed", sizeof("bytes_processed") - 1, 0);
2953
2954 add_next_index_zval(&progress->files, &progress->current_file);
2955
2956 progress->current_file_bytes_processed = zend_hash_str_find(Z_ARRVAL(progress->current_file), "bytes_processed", sizeof("bytes_processed") - 1);
2957
2958 Z_LVAL_P(progress->current_file_bytes_processed) = data->post_bytes_processed;
2959 php_session_rfc1867_update(progress, 0);
2960 }
2961 break;
2962 case MULTIPART_EVENT_FILE_DATA: {
2963 multipart_event_file_data *data = (multipart_event_file_data *) event_data;
2964
2965 if (!Z_TYPE(progress->sid) || !progress->key.s) {
2966 break;
2967 }
2968
2969 Z_LVAL_P(progress->current_file_bytes_processed) = data->offset + data->length;
2970 Z_LVAL_P(progress->post_bytes_processed) = data->post_bytes_processed;
2971
2972 php_session_rfc1867_update(progress, 0);
2973 }
2974 break;
2975 case MULTIPART_EVENT_FILE_END: {
2976 multipart_event_file_end *data = (multipart_event_file_end *) event_data;
2977
2978 if (!Z_TYPE(progress->sid) || !progress->key.s) {
2979 break;
2980 }
2981
2982 if (data->temp_filename) {
2983 add_assoc_string_ex(&progress->current_file, "tmp_name", sizeof("tmp_name") - 1, data->temp_filename);
2984 }
2985
2986 add_assoc_long_ex(&progress->current_file, "error", sizeof("error") - 1, data->cancel_upload);
2987 add_assoc_bool_ex(&progress->current_file, "done", sizeof("done") - 1, 1);
2988
2989 Z_LVAL_P(progress->post_bytes_processed) = data->post_bytes_processed;
2990
2991 php_session_rfc1867_update(progress, 0);
2992 }
2993 break;
2994 case MULTIPART_EVENT_END: {
2995 multipart_event_end *data = (multipart_event_end *) event_data;
2996
2997 if (Z_TYPE(progress->sid) && progress->key.s) {
2998 if (PS(rfc1867_cleanup)) {
2999 php_session_rfc1867_cleanup(progress);
3000 } else {
3001 add_assoc_bool_ex(&progress->data, "done", sizeof("done") - 1, 1);
3002 Z_LVAL_P(progress->post_bytes_processed) = data->post_bytes_processed;
3003 php_session_rfc1867_update(progress, 1);
3004 }
3005 php_rshutdown_session_globals();
3006 }
3007
3008 if (!Z_ISUNDEF(progress->data)) {
3009 zval_ptr_dtor(&progress->data);
3010 }
3011 zval_ptr_dtor(&progress->sid);
3012 smart_str_free(&progress->key);
3013 efree(progress);
3014 progress = NULL;
3015 PS(rfc1867_progress) = NULL;
3016 }
3017 break;
3018 }
3019
3020 if (progress && progress->cancel_upload) {
3021 return FAILURE;
3022 }
3023 return retval;
3024
3025 } /* }}} */
3026
3027 zend_module_entry session_module_entry = {
3028 STANDARD_MODULE_HEADER_EX,
3029 NULL,
3030 session_deps,
3031 "session",
3032 session_functions,
3033 PHP_MINIT(session), PHP_MSHUTDOWN(session),
3034 PHP_RINIT(session), PHP_RSHUTDOWN(session),
3035 PHP_MINFO(session),
3036 PHP_SESSION_VERSION,
3037 PHP_MODULE_GLOBALS(ps),
3038 PHP_GINIT(ps),
3039 NULL,
3040 NULL,
3041 STANDARD_MODULE_PROPERTIES_EX
3042 };
3043
3044 #ifdef COMPILE_DL_SESSION
3045 #ifdef ZTS
3046 ZEND_TSRMLS_CACHE_DEFINE()
3047 #endif
3048 ZEND_GET_MODULE(session)
3049 #endif
3050
3051 /*
3052 * Local variables:
3053 * tab-width: 4
3054 * c-basic-offset: 4
3055 * End:
3056 * vim600: noet sw=4 ts=4 fdm=marker
3057 * vim<600: sw=4 ts=4
3058 */
3059