diff options
| author | Stanislav Malyshev <stas@php.net> | 2013-08-04 20:00:28 -0700 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2013-08-04 20:00:28 -0700 |
| commit | 6f73a0c00f0577313897e455f6fd729cfaa97f3b (patch) | |
| tree | d87d7ac5d44fe0efee9dc428a21d32b593f67a62 | |
| parent | 7d3fa7d8b6df6e1fcef1ea06db8e0ee8215c11ed (diff) | |
| parent | b80d73ce154e7f740f9ada446f45dbcdac38a64b (diff) | |
| download | php-git-6f73a0c00f0577313897e455f6fd729cfaa97f3b.tar.gz | |
Merge branch 'pr368' into PHP-5.5
* pr368:
fix crash, enable session_id and fix test
Strict session. Detect session id collision
Strict session
39 files changed, 264 insertions, 95 deletions
diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c index 053c617dec..e5733b44f4 100644 --- a/ext/session/mod_files.c +++ b/ext/session/mod_files.c @@ -61,40 +61,9 @@ typedef struct { } ps_files; ps_module ps_mod_files = { - PS_MOD(files) + PS_MOD_SID(files) }; -/* If you change the logic here, please also update the error message in - * ps_files_open() appropriately */ -static int ps_files_valid_key(const char *key) -{ - size_t len; - const char *p; - char c; - int ret = 1; - - for (p = key; (c = *p); p++) { - /* valid characters are a..z,A..Z,0..9 */ - if (!((c >= 'a' && c <= 'z') - || (c >= 'A' && c <= 'Z') - || (c >= '0' && c <= '9') - || c == ',' - || c == '-')) { - ret = 0; - break; - } - } - - len = p - key; - - /* Somewhat arbitrary length limit here, but should be way more than - anyone needs and avoids file-level warnings later on if we exceed MAX_PATH */ - if (len == 0 || len > 128) { - ret = 0; - } - - return ret; -} static char *ps_files_path_create(char *buf, size_t buflen, ps_files *data, const char *key) { @@ -155,11 +124,11 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC) ps_files_close(data); - if (!ps_files_valid_key(key)) { + if (php_session_valid_key(key) == FAILURE) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'"); - PS(invalid_session_id) = 1; return; } + if (!ps_files_path_create(buf, sizeof(buf), data, key)) { return; } @@ -253,6 +222,21 @@ static int ps_files_cleanup_dir(const char *dirname, int maxlifetime TSRMLS_DC) return (nrdels); } +static int ps_files_key_exists(ps_files *data, const char *key TSRMLS_DC) +{ + char buf[MAXPATHLEN]; + struct stat sbuf; + + if (!key || !ps_files_path_create(buf, sizeof(buf), data, key)) { + return FAILURE; + } + if (VCWD_STAT(buf, &sbuf)) { + return FAILURE; + } + return SUCCESS; +} + + #define PS_FILES_DATA ps_files *data = PS_GET_MOD_DATA() PS_OPEN_FUNC(files) @@ -342,6 +326,24 @@ PS_READ_FUNC(files) struct stat sbuf; PS_FILES_DATA; + /* If strict mode, check session id existence */ + if (PS(use_strict_mode) && + ps_files_key_exists(data, key TSRMLS_CC) == FAILURE) { + /* key points to PS(id), but cannot change here. */ + if (key) { + efree(PS(id)); + PS(id) = NULL; + } + PS(id) = PS(mod)->s_create_sid((void **)&data, NULL TSRMLS_CC); + if (!PS(id)) { + return FAILURE; + } + php_session_reset_id(TSRMLS_C); + if (PS(use_cookies)) { + PS(send_cookie) = 1; + } + } + ps_files_open(data, key TSRMLS_CC); if (data->fd < 0) { return FAILURE; @@ -454,6 +456,30 @@ PS_GC_FUNC(files) return SUCCESS; } +PS_CREATE_SID_FUNC(files) +{ + char *sid; + int maxfail = 3; + PS_FILES_DATA; + + do { + sid = php_session_create_id((void **)&data, newlen TSRMLS_CC); + /* Check collision */ + if (data && ps_files_key_exists(data, sid TSRMLS_CC) == SUCCESS) { + if (sid) { + efree(sid); + sid = NULL; + } + if (!(maxfail--)) { + return NULL; + } + } + } while(!sid); + + return sid; +} + + /* * Local variables: * tab-width: 4 diff --git a/ext/session/mod_files.h b/ext/session/mod_files.h index c97d168b1e..94cbd6d025 100644 --- a/ext/session/mod_files.h +++ b/ext/session/mod_files.h @@ -24,6 +24,6 @@ extern ps_module ps_mod_files; #define ps_files_ptr &ps_mod_files -PS_FUNCS(files); +PS_FUNCS_SID(files); #endif diff --git a/ext/session/mod_mm.c b/ext/session/mod_mm.c index e0d16d1924..69c0da7bdb 100644 --- a/ext/session/mod_mm.c +++ b/ext/session/mod_mm.c @@ -124,7 +124,7 @@ static ps_sd *ps_sd_new(ps_mm *data, const char *key) if (!sd) { TSRMLS_FETCH(); - php_error_docref(NULL TSRMLS_CC, E_WARNING, "mm_malloc failed, avail %d, err %s", mm_available(data->mm), mm_error()); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "mm_malloc failed, avail %ld, err %s", mm_available(data->mm), mm_error()); return NULL; } @@ -208,8 +208,22 @@ static ps_sd *ps_sd_lookup(ps_mm *data, const char *key, int rw) return ret; } +static int ps_mm_key_exists(ps_mm *data, const char *key TSRMLS_DC) +{ + ps_sd *sd; + + if (!key) { + return FAILURE; + } + sd = ps_sd_lookup(data, key, 0); + if (sd) { + return SUCCESS; + } + return FAILURE; +} + ps_module ps_mod_mm = { - PS_MOD(mm) + PS_MOD_SID(mm) }; #define PS_MM_DATA ps_mm *data = PS_GET_MOD_DATA() @@ -341,6 +355,24 @@ PS_READ_FUNC(mm) mm_lock(data->mm, MM_LOCK_RD); + /* If there is an ID and strict mode, verify existence */ + if (PS(use_strict_mode) + && ps_mm_key_exists(data, key TSRMLS_CC) == FAILURE) { + /* key points to PS(id), but cannot change here. */ + if (key) { + efree(PS(id)); + PS(id) = NULL; + } + PS(id) = PS(mod)->s_create_sid((void **)&data, NULL TSRMLS_CC); + if (!PS(id)) { + return FAILURE; + } + php_session_reset_id(TSRMLS_C); + if (PS(use_cookies)) { + PS(send_cookie) = 1; + } + } + sd = ps_sd_lookup(data, key, 0); if (sd) { *vallen = sd->datalen; @@ -444,6 +476,29 @@ PS_GC_FUNC(mm) return SUCCESS; } +PS_CREATE_SID_FUNC(mm) +{ + char *sid; + int maxfail = 3; + PS_MM_DATA; + + do { + sid = php_session_create_id((void **)&data, newlen TSRMLS_CC); + /* Check collision */ + if (ps_mm_key_exists(data, sid TSRMLS_CC) == SUCCESS) { + if (sid) { + efree(sid); + sid = NULL; + } + if (!(maxfail--)) { + return NULL; + } + } + } while(!sid); + + return sid; +} + #endif /* diff --git a/ext/session/php_session.h b/ext/session/php_session.h index b28c2b4c28..e8e79f0fa6 100644 --- a/ext/session/php_session.h +++ b/ext/session/php_session.h @@ -29,6 +29,9 @@ #define PHP_SESSION_API 20020330 +/* To check php_session_valid_key()/php_session_reset_id() */ +#define PHP_SESSION_STRICT 1 + #define PS_OPEN_ARGS void **mod_data, const char *save_path, const char *session_name TSRMLS_DC #define PS_CLOSE_ARGS void **mod_data TSRMLS_DC #define PS_READ_ARGS void **mod_data, const char *key, char **val, int *vallen TSRMLS_DC @@ -75,7 +78,7 @@ typedef struct ps_module_struct { #x, ps_open_##x, ps_close_##x, ps_read_##x, ps_write_##x, \ ps_delete_##x, ps_gc_##x, php_session_create_id -/* SID enabled module handler definitions */ +/* SID creation enabled module handler definitions */ #define PS_FUNCS_SID(x) \ PS_OPEN_FUNC(x); \ PS_CLOSE_FUNC(x); \ @@ -175,6 +178,8 @@ typedef struct _php_ps_globals { smart_str rfc1867_name; /* session.upload_progress.name */ long rfc1867_freq; /* session.upload_progress.freq */ double rfc1867_min_freq; /* session.upload_progress.min_freq */ + + zend_bool use_strict_mode; /* whether or not PHP accepts unknown session ids */ } php_ps_globals; typedef php_ps_globals zend_ps_globals; @@ -230,6 +235,9 @@ PHPAPI void php_session_start(TSRMLS_D); PHPAPI ps_module *_php_find_ps_module(char *name TSRMLS_DC); PHPAPI const ps_serializer *_php_find_ps_serializer(char *name TSRMLS_DC); +PHPAPI int php_session_valid_key(const char *key); +PHPAPI void php_session_reset_id(TSRMLS_D); + #define PS_ADD_VARL(name,namelen) do { \ php_add_session_var(name, namelen TSRMLS_CC); \ } while (0) diff --git a/ext/session/session.c b/ext/session/session.c index e992f31d2f..c02a10d7bf 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -86,6 +86,8 @@ zend_class_entry *php_session_id_iface_entry; return FAILURE; \ } +static void php_session_send_cookie(TSRMLS_D); + /* Dispatched by RINIT and by php_session_destroy */ static inline void php_rinit_session_globals(TSRMLS_D) /* {{{ */ { @@ -126,7 +128,7 @@ static int php_session_destroy(TSRMLS_D) /* {{{ */ return FAILURE; } - if (PS(mod)->s_destroy(&PS(mod_data), PS(id) TSRMLS_CC) == FAILURE) { + if (PS(id) && PS(mod)->s_destroy(&PS(mod_data), PS(id) TSRMLS_CC) == FAILURE) { retval = FAILURE; php_error_docref(NULL TSRMLS_CC, E_WARNING, "Session object destruction failed"); } @@ -428,17 +430,45 @@ PHPAPI char *php_session_create_id(PS_CREATE_SID_ARGS) /* {{{ */ } /* }}} */ -static void php_session_initialize(TSRMLS_D) /* {{{ */ +/* Default session id char validation function allowed by ps_modules. + * If you change the logic here, please also update the error message in + * ps_modules appropriately */ +PHPAPI int php_session_valid_key(const char *key) /* {{{ */ { - char *val; - int vallen; + size_t len; + const char *p; + char c; + int ret = SUCCESS; + + for (p = key; (c = *p); p++) { + /* valid characters are a..z,A..Z,0..9 */ + if (!((c >= 'a' && c <= 'z') + || (c >= 'A' && c <= 'Z') + || (c >= '0' && c <= '9') + || c == ',' + || c == '-')) { + ret = FAILURE; + break; + } + } - /* check session name for invalid characters */ - if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\")) { - efree(PS(id)); - PS(id) = NULL; + len = p - key; + + /* Somewhat arbitrary length limit here, but should be way more than + anyone needs and avoids file-level warnings later on if we exceed MAX_PATH */ + if (len == 0 || len > 128) { + ret = FAILURE; } + return ret; +} +/* }}} */ + +static void php_session_initialize(TSRMLS_D) /* {{{ */ +{ + char *val = NULL; + int vallen; + if (!PS(mod)) { php_error_docref(NULL TSRMLS_CC, E_ERROR, "No storage module chosen - failed to initialize session"); return; @@ -452,28 +482,38 @@ static void php_session_initialize(TSRMLS_D) /* {{{ */ /* If there is no ID, use session module to create one */ if (!PS(id)) { -new_session: PS(id) = PS(mod)->s_create_sid(&PS(mod_data), NULL TSRMLS_CC); + if (!PS(id)) { + php_error_docref(NULL TSRMLS_CC, E_ERROR, "Failed to create session ID: %s (path: %s)", PS(mod)->s_name, PS(save_path)); + return; + } if (PS(use_cookies)) { PS(send_cookie) = 1; } } + php_session_reset_id(TSRMLS_C); + PS(session_status) = php_session_active; + /* Read data */ - /* Question: if you create a SID here, should you also try to read data? - * I'm not sure, but while not doing so will remove one session operation - * it could prove usefull for those sites which wish to have "default" - * session information. */ php_session_track_init(TSRMLS_C); - PS(invalid_session_id) = 0; - if (PS(mod)->s_read(&PS(mod_data), PS(id), &val, &vallen TSRMLS_CC) == SUCCESS) { + if (PS(mod)->s_read(&PS(mod_data), PS(id), &val, &vallen TSRMLS_CC) == FAILURE) { + /* Some broken save handler implementation returns FAILURE for non-existent session ID */ + /* It's better to rase error for this, but disabled error for better compatibility */ + /* + php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Failed to read session data: %s (path: %s)", PS(mod)->s_name, PS(save_path)); + */ + } + if (val) { php_session_decode(val, vallen TSRMLS_CC); efree(val); - } else if (PS(invalid_session_id)) { /* address instances where the session read fails due to an invalid id */ - PS(invalid_session_id) = 0; - efree(PS(id)); - PS(id) = NULL; - goto new_session; + } + + if (!PS(use_cookies) && PS(send_cookie)) { + if (PS(use_trans_sid) && !PS(use_only_cookies)) { + PS(apply_trans_sid) = 1; + } + PS(send_cookie) = 0; } } /* }}} */ @@ -748,6 +788,7 @@ PHP_INI_BEGIN() STD_PHP_INI_BOOLEAN("session.cookie_httponly", "", PHP_INI_ALL, OnUpdateBool, cookie_httponly, php_ps_globals, ps_globals) STD_PHP_INI_BOOLEAN("session.use_cookies", "1", PHP_INI_ALL, OnUpdateBool, use_cookies, php_ps_globals, ps_globals) STD_PHP_INI_BOOLEAN("session.use_only_cookies", "1", PHP_INI_ALL, OnUpdateBool, use_only_cookies, php_ps_globals, ps_globals) + STD_PHP_INI_BOOLEAN("session.use_strict_mode", "0", PHP_INI_ALL, OnUpdateBool, use_strict_mode, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.referer_check", "", PHP_INI_ALL, OnUpdateString, extern_referer_chk, php_ps_globals, ps_globals) #if HAVE_DEV_URANDOM STD_PHP_INI_ENTRY("session.entropy_file", "/dev/urandom", PHP_INI_ALL, OnUpdateString, entropy_file, php_ps_globals, ps_globals) @@ -1297,10 +1338,15 @@ PHPAPI const ps_serializer *_php_find_ps_serializer(char *name TSRMLS_DC) /* {{{ convert_to_string((*ppid)); \ PS(id) = estrndup(Z_STRVAL_PP(ppid), Z_STRLEN_PP(ppid)) -static void php_session_reset_id(TSRMLS_D) /* {{{ */ +PHPAPI void php_session_reset_id(TSRMLS_D) /* {{{ */ { int module_number = PS(module_number); + if (!PS(id)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot set session ID - session ID is not initialized"); + return; + } + if (PS(use_cookies) && PS(send_cookie)) { php_session_send_cookie(TSRMLS_C); PS(send_cookie) = 0; @@ -1447,19 +1493,14 @@ PHPAPI void php_session_start(TSRMLS_D) /* {{{ */ } } - php_session_initialize(TSRMLS_C); - - if (!PS(use_cookies) && PS(send_cookie)) { - if (PS(use_trans_sid) && !PS(use_only_cookies)) { - PS(apply_trans_sid) = 1; - } - PS(send_cookie) = 0; + /* Finally check session id for dangarous characters + * Security note: session id may be embedded in HTML pages.*/ + if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\")) { + efree(PS(id)); + PS(id) = NULL; } - php_session_reset_id(TSRMLS_C); - - PS(session_status) = php_session_active; - + php_session_initialize(TSRMLS_C); php_session_cache_limiter(TSRMLS_C); if ((PS(mod_data) || PS(mod_user_implemented)) && PS(gc_probability) > 0) { @@ -1775,9 +1816,9 @@ static PHP_FUNCTION(session_save_path) static PHP_FUNCTION(session_id) { char *name = NULL; - int name_len; + int name_len, argc = ZEND_NUM_ARGS(); - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|s", &name, &name_len) == FAILURE) { + if (zend_parse_parameters(argc TSRMLS_CC, "|s", &name, &name_len) == FAILURE) { return; } @@ -1822,11 +1863,13 @@ static PHP_FUNCTION(session_regenerate_id) } PS(id) = PS(mod)->s_create_sid(&PS(mod_data), NULL TSRMLS_CC); - - PS(send_cookie) = 1; - php_session_reset_id(TSRMLS_C); - - RETURN_TRUE; + if (PS(id)) { + PS(send_cookie) = 1; + php_session_reset_id(TSRMLS_C); + RETURN_TRUE; + } else { + PS(id) = STR_EMPTY_ALLOC(); + } } RETURN_FALSE; } diff --git a/ext/session/tests/003.phpt b/ext/session/tests/003.phpt index 03c3b95766..8725f06a69 100644 --- a/ext/session/tests/003.phpt +++ b/ext/session/tests/003.phpt @@ -4,6 +4,7 @@ session object deserialization <?php include('skipif.inc'); ?> --INI-- session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.serialize_handler=php session.save_handler=files diff --git a/ext/session/tests/004.phpt b/ext/session/tests/004.phpt index aeb2c8b363..4547c65574 100644 --- a/ext/session/tests/004.phpt +++ b/ext/session/tests/004.phpt @@ -4,6 +4,7 @@ session_set_save_handler test <?php include('skipif.inc'); ?> --INI-- session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.name=PHPSESSID session.serialize_handler=php diff --git a/ext/session/tests/005.phpt b/ext/session/tests/005.phpt index a970e6b71d..796d9c377e 100644 --- a/ext/session/tests/005.phpt +++ b/ext/session/tests/005.phpt @@ -4,6 +4,7 @@ custom save handler, multiple session_start()s, complex data structure test. <?php include('skipif.inc'); ?> --INI-- session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.name=PHPSESSID session.serialize_handler=php diff --git a/ext/session/tests/006.phpt b/ext/session/tests/006.phpt index 03fca10381..dba6894c7e 100644 --- a/ext/session/tests/006.phpt +++ b/ext/session/tests/006.phpt @@ -4,6 +4,7 @@ correct instantiation of references between variables in sessions <?php include('skipif.inc'); ?> --INI-- session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.serialize_handler=php session.save_handler=files diff --git a/ext/session/tests/009.phpt b/ext/session/tests/009.phpt index d73bc238c9..6d8d11c331 100644 --- a/ext/session/tests/009.phpt +++ b/ext/session/tests/009.phpt @@ -4,6 +4,7 @@ unset($_SESSION["name"]); test <?php include('skipif.inc'); ?> --INI-- session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.serialize_handler=php session.save_handler=files diff --git a/ext/session/tests/012.phpt b/ext/session/tests/012.phpt index 8708011273..c555d2ca1e 100644 --- a/ext/session/tests/012.phpt +++ b/ext/session/tests/012.phpt @@ -4,6 +4,7 @@ registering $_SESSION should not segfault <?php include('skipif.inc'); ?> --INI-- session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.serialize_handler=php session.save_handler=files diff --git a/ext/session/tests/013.phpt b/ext/session/tests/013.phpt index 8d0f284b17..32909eb58c 100644 --- a/ext/session/tests/013.phpt +++ b/ext/session/tests/013.phpt @@ -4,6 +4,7 @@ redefining SID should not cause warnings <?php include('skipif.inc'); ?> --INI-- session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.serialize_handler=php session.save_handler=files diff --git a/ext/session/tests/014.phpt b/ext/session/tests/014.phpt index 73bc28ea66..cbf22b142d 100644 --- a/ext/session/tests/014.phpt +++ b/ext/session/tests/014.phpt @@ -5,6 +5,7 @@ a script should not be able to modify session.use_trans_sid --INI-- session.use_trans_sid=0 session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.name=PHPSESSID session.serialize_handler=php diff --git a/ext/session/tests/015.phpt b/ext/session/tests/015.phpt index 7d7b737340..527b86bc1d 100644 --- a/ext/session/tests/015.phpt +++ b/ext/session/tests/015.phpt @@ -6,6 +6,7 @@ use_trans_sid should not affect SID session.use_trans_sid=1 session.use_cookies=0 session.use_only_cookies=0 +session.use_strict_mode=0 session.cache_limiter= arg_separator.output=& session.name=PHPSESSID diff --git a/ext/session/tests/016.phpt b/ext/session/tests/016.phpt index 83703294a3..0e368e2f82 100644 --- a/ext/session/tests/016.phpt +++ b/ext/session/tests/016.phpt @@ -16,10 +16,11 @@ session.serialize_handler=php <?php error_reporting(E_ALL); -@session_start(); +session_start(); $HTTP_SESSION_VARS["test"] = 1; -@session_write_close(); +session_write_close(); print "I live\n"; ?> ---EXPECT-- +--EXPECTF-- +Warning: session_write_close(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (123;:/really\completely:::/invalid;;,23123;213) in %s on line %d I live diff --git a/ext/session/tests/018.phpt b/ext/session/tests/018.phpt index def1f419ce..5ec132b34f 100644 --- a/ext/session/tests/018.phpt +++ b/ext/session/tests/018.phpt @@ -5,6 +5,7 @@ rewriter correctly handles attribute names which contain dashes --INI-- session.use_cookies=0 session.use_only_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.use_trans_sid=1 session.name=PHPSESSID diff --git a/ext/session/tests/019.phpt b/ext/session/tests/019.phpt index 3ee8ccd420..0f06add5a1 100644 --- a/ext/session/tests/019.phpt +++ b/ext/session/tests/019.phpt @@ -4,6 +4,7 @@ serializing references test case using globals <?php include('skipif.inc'); ?> --INI-- session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.serialize_handler=php session.save_handler=files diff --git a/ext/session/tests/020.phpt b/ext/session/tests/020.phpt index 0141129820..267e52191c 100644 --- a/ext/session/tests/020.phpt +++ b/ext/session/tests/020.phpt @@ -5,6 +5,7 @@ rewriter uses arg_separator.output for modifying URLs --INI-- session.use_cookies=0 session.use_only_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.use_trans_sid=1 arg_separator.output="&" diff --git a/ext/session/tests/021.phpt b/ext/session/tests/021.phpt index 1ad3c5d5f7..e199972899 100644 --- a/ext/session/tests/021.phpt +++ b/ext/session/tests/021.phpt @@ -5,6 +5,7 @@ rewriter handles form and fieldset tags correctly --INI-- session.use_cookies=0 session.use_only_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.use_trans_sid=1 url_rewriter.tags="a=href,area=href,frame=src,input=src,form=,fieldset=" diff --git a/ext/session/tests/023.phpt b/ext/session/tests/023.phpt index 42b1e5b1be..592b4a8c3b 100644 --- a/ext/session/tests/023.phpt +++ b/ext/session/tests/023.phpt @@ -4,6 +4,7 @@ session object deserialization <?php include('skipif.inc'); ?> --INI-- session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.serialize_handler=php session.save_handler=files diff --git a/ext/session/tests/024.phpt b/ext/session/tests/024.phpt index 2ad26067a5..2b273e2b2e 100644 --- a/ext/session/tests/024.phpt +++ b/ext/session/tests/024.phpt @@ -4,6 +4,7 @@ session_set_save_handler test <?php include('skipif.inc'); ?> --INI-- session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.name=PHPSESSID session.serialize_handler=php diff --git a/ext/session/tests/025.phpt b/ext/session/tests/025.phpt index 4fd095f817..a9ad8fb649 100644 --- a/ext/session/tests/025.phpt +++ b/ext/session/tests/025.phpt @@ -4,6 +4,7 @@ custom save handler, multiple session_start()s, complex data structure test. <?php include('skipif.inc'); ?> --INI-- session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.name=PHPSESSID session.serialize_handler=php diff --git a/ext/session/tests/026.phpt b/ext/session/tests/026.phpt index 06c135d046..44f0ae0ec0 100644 --- a/ext/session/tests/026.phpt +++ b/ext/session/tests/026.phpt @@ -4,6 +4,7 @@ correct instantiation of references between variables in sessions <?php include('skipif.inc'); ?> --INI-- session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.serialize_handler=php session.save_handler=files diff --git a/ext/session/tests/027.phpt b/ext/session/tests/027.phpt index 600a992f7f..63828522fb 100644 --- a/ext/session/tests/027.phpt +++ b/ext/session/tests/027.phpt @@ -4,6 +4,7 @@ unset($_SESSION["name"]); should work <?php include('skipif.inc'); ?> --INI-- session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.serialize_handler=php session.save_handler=files diff --git a/ext/session/tests/030.phpt b/ext/session/tests/030.phpt index 8d0f284b17..32909eb58c 100644 --- a/ext/session/tests/030.phpt +++ b/ext/session/tests/030.phpt @@ -4,6 +4,7 @@ redefining SID should not cause warnings <?php include('skipif.inc'); ?> --INI-- session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.serialize_handler=php session.save_handler=files diff --git a/ext/session/tests/bug41600.phpt b/ext/session/tests/bug41600.phpt index 690347ac8d..79d5e12841 100644 --- a/ext/session/tests/bug41600.phpt +++ b/ext/session/tests/bug41600.phpt @@ -5,6 +5,7 @@ Bug #41600 (url rewriter tags doesn't work with namespaced tags) --INI-- session.use_cookies=0 session.use_only_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.use_trans_sid=1 arg_separator.output="&" diff --git a/ext/session/tests/bug60634.phpt b/ext/session/tests/bug60634.phpt index 2ec0c26c13..e2dfd15b37 100644 --- a/ext/session/tests/bug60634.phpt +++ b/ext/session/tests/bug60634.phpt @@ -1,7 +1,5 @@ --TEST-- Bug #60634 (Segmentation fault when trying to die() in SessionHandler::write()) ---XFAIL-- -Long term low priority bug, working on it --INI-- session.save_path= session.name=PHPSESSID @@ -44,3 +42,4 @@ echo "um, hi\n"; ?> --EXPECTF-- write: goodbye cruel world +close: goodbye cruel world diff --git a/ext/session/tests/bug60634_error_1.phpt b/ext/session/tests/bug60634_error_1.phpt index 3b6e394eed..e41592f18d 100644 --- a/ext/session/tests/bug60634_error_1.phpt +++ b/ext/session/tests/bug60634_error_1.phpt @@ -1,7 +1,5 @@ --TEST-- Bug #60634 (Segmentation fault when trying to die() in SessionHandler::write()) - fatal error in write during exec ---XFAIL-- -Long term low priority bug, working on it --INI-- session.save_path= session.name=PHPSESSID @@ -47,3 +45,4 @@ echo "um, hi\n"; write: goodbye cruel world Fatal error: Call to undefined function undefined_function() in %s on line %d +close: goodbye cruel world diff --git a/ext/session/tests/bug60634_error_2.phpt b/ext/session/tests/bug60634_error_2.phpt index 265fb303f7..7c50948ba8 100644 --- a/ext/session/tests/bug60634_error_2.phpt +++ b/ext/session/tests/bug60634_error_2.phpt @@ -1,7 +1,5 @@ --TEST-- Bug #60634 (Segmentation fault when trying to die() in SessionHandler::write()) - exception in write during exec ---XFAIL-- -Long term low priority bug, working on it --INI-- session.save_path= session.name=PHPSESSID @@ -47,3 +45,8 @@ echo "um, hi\n"; write: goodbye cruel world Fatal error: Uncaught exception 'Exception' in %s +Stack trace: +#0 [internal function]: write('%s', '') +#1 %s(%d): session_write_close() +#2 {main} + thrown in %s on line %d diff --git a/ext/session/tests/bug60634_error_3.phpt b/ext/session/tests/bug60634_error_3.phpt index b2004d68bc..4a508a4d8f 100644 --- a/ext/session/tests/bug60634_error_3.phpt +++ b/ext/session/tests/bug60634_error_3.phpt @@ -1,7 +1,5 @@ --TEST-- Bug #60634 (Segmentation fault when trying to die() in SessionHandler::write()) - fatal error in write after exec ---XFAIL-- -Long term low priority bug, working on it --INI-- session.save_path= session.name=PHPSESSID @@ -46,3 +44,4 @@ session_start(); write: goodbye cruel world Fatal error: Call to undefined function undefined_function() in %s on line %d +close: goodbye cruel world diff --git a/ext/session/tests/bug60634_error_4.phpt b/ext/session/tests/bug60634_error_4.phpt index 60bc0dcf54..f21d077b54 100644 --- a/ext/session/tests/bug60634_error_4.phpt +++ b/ext/session/tests/bug60634_error_4.phpt @@ -1,7 +1,5 @@ --TEST-- Bug #60634 (Segmentation fault when trying to die() in SessionHandler::write()) - exception in write after exec ---XFAIL-- -Long term low priority bug, working on it --INI-- session.save_path= session.name=PHPSESSID @@ -46,3 +44,8 @@ session_start(); write: goodbye cruel world Fatal error: Uncaught exception 'Exception' in %s +Stack trace: +#0 [internal function]: write('%s', '') +#1 {main} + thrown in %s on line %d +close: goodbye cruel world diff --git a/ext/session/tests/rfc1867_sid_invalid.phpt b/ext/session/tests/rfc1867_sid_invalid.phpt index b28a2e341b..4dd8f1f979 100644 --- a/ext/session/tests/rfc1867_sid_invalid.phpt +++ b/ext/session/tests/rfc1867_sid_invalid.phpt @@ -46,6 +46,16 @@ session_destroy(); ?> --EXPECTF-- Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0 + +Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0 + +Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct () in Unknown on line 0 + +Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0 + +Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0 + +Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct () in Unknown on line 0 string(%d) "%s" bool(true) array(2) { diff --git a/ext/session/tests/session_commit_variation4.phpt b/ext/session/tests/session_commit_variation4.phpt index 57f42539d2..69854a6cf9 100644 --- a/ext/session/tests/session_commit_variation4.phpt +++ b/ext/session/tests/session_commit_variation4.phpt @@ -2,6 +2,8 @@ Test session_commit() function : variation --SKIPIF-- <?php include('skipif.inc'); ?> +--INI-- +session.use_strict_mode=0 --FILE-- <?php diff --git a/ext/session/tests/session_save_path_variation2.phpt b/ext/session/tests/session_save_path_variation2.phpt index 6b08480312..dff070100c 100644 --- a/ext/session/tests/session_save_path_variation2.phpt +++ b/ext/session/tests/session_save_path_variation2.phpt @@ -32,7 +32,7 @@ ob_end_flush(); *** Testing session_save_path() : variation *** string(5) "/blah" -Warning: session_start(): open(%s, O_RDWR) failed: No such file or directory (2) in %s on line %d +Warning: session_start(): open(/blah/%s, O_RDWR) failed: No such file or directory (2) in %s on line %d bool(true) string(5) "/blah" bool(true) diff --git a/ext/session/tests/session_save_path_variation5.phpt b/ext/session/tests/session_save_path_variation5.phpt index 5407b5e15a..c015dcc95c 100644 --- a/ext/session/tests/session_save_path_variation5.phpt +++ b/ext/session/tests/session_save_path_variation5.phpt @@ -9,7 +9,6 @@ if(substr(PHP_OS, 0, 3) == "WIN") session.save_handler=files session.save_path= session.name=PHPSESSID -open_basedir=. --FILE-- <?php @@ -25,7 +24,7 @@ $directory = dirname(__FILE__); $sessions = ($directory."/sessions"); chdir($directory); - +ini_set('open_basedir', '.'); // Delete the existing directory if (file_exists($sessions) === TRUE) { @rmdir($sessions); diff --git a/ext/session/tests/session_set_save_handler_error2.phpt b/ext/session/tests/session_set_save_handler_error2.phpt index 03ba3b04d0..1f2a8b9e6a 100644 --- a/ext/session/tests/session_set_save_handler_error2.phpt +++ b/ext/session/tests/session_set_save_handler_error2.phpt @@ -2,6 +2,8 @@ Test session_set_save_handler() function : error functionality --SKIPIF-- <?php include('skipif.inc'); ?> +--INI-- +error_reporting=0 --FILE-- <?php diff --git a/ext/session/tests/session_set_save_handler_error3.phpt b/ext/session/tests/session_set_save_handler_error3.phpt index 446ef7b75b..cb07b0d8de 100644 --- a/ext/session/tests/session_set_save_handler_error3.phpt +++ b/ext/session/tests/session_set_save_handler_error3.phpt @@ -40,4 +40,3 @@ Stack trace: #1 %s(%d): session_start() #2 {main} thrown in %s on line %d - diff --git a/ext/session/tests/session_set_save_handler_error4.phpt b/ext/session/tests/session_set_save_handler_error4.phpt index 4debde5b0f..d286f07d99 100644 --- a/ext/session/tests/session_set_save_handler_error4.phpt +++ b/ext/session/tests/session_set_save_handler_error4.phpt @@ -39,4 +39,3 @@ Warning: session_set_save_handler(): Argument 4 is not a valid callback in %s on Warning: session_set_save_handler(): Argument 5 is not a valid callback in %s on line %d Warning: session_set_save_handler(): Argument 6 is not a valid callback in %s on line %d - diff --git a/ext/session/tests/session_write_close_variation4.phpt b/ext/session/tests/session_write_close_variation4.phpt index 249c1555c0..9076dcf4a4 100644 --- a/ext/session/tests/session_write_close_variation4.phpt +++ b/ext/session/tests/session_write_close_variation4.phpt @@ -2,6 +2,8 @@ Test session_write_close() function : variation --SKIPIF-- <?php include('skipif.inc'); ?> +--INI-- +session.use_strict_mode=0 --FILE-- <?php |