Merge branch 'PHP-5.5' of https://git.php.net/repository/php-src into PHP-5.5

# By Felipe Pena (11) and others
# Via Felipe Pena (7) and others
* 'PHP-5.5' of https://git.php.net/repository/php-src: (22 commits)
  Fix bug #62535 - $_SESSION[$key]["cancel_upload"] doesn't work as documented
  Update NEWS
  BC fix for PR 109 merge - create_sid() method in SessionHandler
  Update NEWS:w
  Fixed bug #65136 (RecursiveDirectoryIterator segfault)
  - BFN
  - Fixed bug #64467 (Segmentation fault after imap_reopen failure) patch by: askalski at gmail dot com
  - Reclassify bug
  - BFN
  - Fixed bug #63983 (enabling FPM borks compile on FreeBSD) patch by: chibisuke at web dot de
  - Fixed bug #63409 (php-dba function test fails on big-endian machine) patch by: tianhonglouis at gmail dot com
  - Fixed test
  add new test
  Update NEWS
  Fixed bug #65015 (pg_send_query does not flush send buffer) patch submitted by: adam at vektah dot net
  - Fixed typo on condition
  - BFN
  - Fixed bug #62475 (variant_* functions causes crash when null given as an argument)
  Update NEWS
  - BFN
  ...

19 files changed, 879 insertions, 34 deletions

diff --git a/NEWS b/NEWS
index 7550fb5ed1..dca43ccf07 100644
--- a/NEWS
+++ b/NEWS
@@ -31,11 +31,16 @@ PHP                                                                        NEWS
   . Allowed PDO_OCI to compile with Oracle Database 12c client libraries.
     (Chris Jones)
 
+- Session:
+  . Added optional create_sid() argument to session_set_save_handler(),
+    SessionHandler and new SessionIdInterface. (Leigh, Arpad)
+
 - Sockets:
   . Implemented FR #63472 (Setting SO_BINDTODEVICE with socket_set_option).
     (Damjan Cvetko)
 
 - SPL:
+  . Fixed bug #65136 (RecursiveDirectoryIterator segfault). (Laruence)
   . Fixed bug #61828 (Memleak when calling Directory(Recursive)Iterator
     /Spl(Temp)FileObject ctor twice). (Laruence)
 
diff --git a/ext/com_dotnet/com_variant.c b/ext/com_dotnet/com_variant.c
index 8289322d6d..556f356b97 100644
--- a/ext/com_dotnet/com_variant.c
+++ b/ext/com_dotnet/com_variant.c
@@ -102,8 +102,9 @@ PHP_COM_DOTNET_API void php_com_variant_from_zval(VARIANT *v, zval *z, int codep
 {
 	OLECHAR *olestring;
 	php_com_dotnet_object *obj;
+	zend_uchar ztype = (z == NULL ? IS_NULL : Z_TYPE_P(z));
 	
-	switch (Z_TYPE_P(z)) {
+	switch (ztype) {
 		case IS_NULL:
 			V_VT(v) = VT_NULL;
 			break;
diff --git a/ext/curl/interface.c b/ext/curl/interface.c
index 2d54140317..4b6e5e27dc 100644
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -958,7 +958,7 @@ PHP_MINIT_FUNCTION(curl)
 	REGISTER_CURL_CONSTANT(CURLFTPMETHOD_SINGLECWD);
 #endif
 
-#if LIBCURL_VERSION_NUM >- 0x070f04 /* Available since 7.15.4 */
+#if LIBCURL_VERSION_NUM >= 0x070f04 /* Available since 7.15.4 */
 	REGISTER_CURL_CONSTANT(CURLINFO_FTP_ENTRY_PATH);
 #endif
 
diff --git a/ext/dba/tests/bug38698.phpt b/ext/dba/tests/bug38698.phpt
index 56dde85268..1d1ed674fe 100644
--- a/ext/dba/tests/bug38698.phpt
+++ b/ext/dba/tests/bug38698.phpt
@@ -8,10 +8,18 @@ Bug #38698 (Bug #38698 for some keys cdbmake creates corrupted db and cdb can't
 --FILE--
 <?php
 
+function isLittleEndian() {
+    return 0x00FF === current(unpack('v', pack('S',0x00FF)));
+}
+
 $db_file = dirname(__FILE__) .'/129php.cdb';
 
 if (($db_make=dba_open($db_file, "n", 'cdb_make'))!==FALSE) {
-	dba_insert(pack('i',129), "Booo!", $db_make);
+	if (isLittleEndian() === FALSE) {
+        dba_insert(pack('V',129), "Booo!", $db_make);
+	} else{
+		dba_insert(pack('i',129), "Booo!", $db_make);
+	}
 	dba_close($db_make);
 	// write md5 checksum of generated database file
 	var_dump(md5_file($db_file));
diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
index b154cb86b0..d697fa7911 100644
--- a/ext/imap/php_imap.c
+++ b/ext/imap/php_imap.c
@@ -1270,7 +1270,6 @@ PHP_FUNCTION(imap_reopen)
 	int mailbox_len;
 	long options = 0, retries = 0;
 	pils *imap_le_struct;
-	MAILSTREAM *imap_stream;
 	long flags=NIL;
 	long cl_flags=NIL;
 
@@ -1298,12 +1297,12 @@ PHP_FUNCTION(imap_reopen)
 		RETURN_FALSE;
 	}
 
-	imap_stream = mail_open(imap_le_struct->imap_stream, mailbox, flags);
-	if (imap_stream == NIL) {
+	imap_le_struct->imap_stream = mail_open(imap_le_struct->imap_stream, mailbox, flags);
+	if (imap_le_struct->imap_stream == NIL) {
+		zend_list_delete(Z_RESVAL_P(streamind));
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Couldn't re-open stream");
 		RETURN_FALSE;
 	}
-	imap_le_struct->imap_stream = imap_stream;
 	RETURN_TRUE;
 }
 /* }}} */
diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c
index dcc2c28692..0fa4031b37 100644
--- a/ext/pgsql/pgsql.c
+++ b/ext/pgsql/pgsql.c
@@ -4573,6 +4573,7 @@ PHP_FUNCTION(pg_send_query)
 	PGconn *pgsql;
 	PGresult *res;
 	int leftover = 0;
+	int ret;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rs",
 							  &pgsql_link, &query, &len) == FAILURE) {
@@ -4600,6 +4601,14 @@ PHP_FUNCTION(pg_send_query)
 			RETURN_FALSE;
 		}
 	}
+	/* Wait to finish sending buffer */
+	while ((ret = PQflush(pgsql))) {
+		if (ret == -1) {
+			php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Could not empty PostgreSQL send buffer");
+			break;
+		}
+		usleep(10000);
+	}
 	if (PQ_SETNONBLOCKING(pgsql, 0)) {
 		php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Cannot set connection to blocking mode");
 	}
@@ -4620,6 +4629,7 @@ PHP_FUNCTION(pg_send_query_params)
 	PGconn *pgsql;
 	PGresult *res;
 	int leftover = 0;
+	int ret;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rsa/", &pgsql_link, &query, &query_len, &pv_param_arr) == FAILURE) {
 		return;
@@ -4686,6 +4696,14 @@ PHP_FUNCTION(pg_send_query_params)
 		}
 	}
 	_php_pgsql_free_params(params, num_params);
+	/* Wait to finish sending buffer */
+	while ((ret = PQflush(pgsql))) {
+		if (ret == -1) {
+			php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Could not empty PostgreSQL send buffer");
+			break;
+		}
+		usleep(10000);
+	}
 	if (PQ_SETNONBLOCKING(pgsql, 0)) {
 		php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Cannot set connection to blocking mode");
 	}
@@ -4705,6 +4723,7 @@ PHP_FUNCTION(pg_send_prepare)
 	PGconn *pgsql;
 	PGresult *res;
 	int leftover = 0;
+	int ret;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rss", &pgsql_link, &stmtname, &stmtname_len, &query, &query_len) == FAILURE) {
 		return;
@@ -4735,6 +4754,14 @@ PHP_FUNCTION(pg_send_prepare)
 			RETURN_FALSE;
 		}
 	}
+	/* Wait to finish sending buffer */
+	while ((ret = PQflush(pgsql))) {
+		if (ret == -1) {
+			php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Could not empty postgres send buffer");
+			break;
+		}
+		usleep(10000);
+	}
 	if (PQ_SETNONBLOCKING(pgsql, 0)) {
 		php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Cannot set connection to blocking mode");
 	}
@@ -4757,6 +4784,7 @@ PHP_FUNCTION(pg_send_execute)
 	PGconn *pgsql;
 	PGresult *res;
 	int leftover = 0;
+	int ret;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rsa", &pgsql_link, &stmtname, &stmtname_len, &pv_param_arr) == FAILURE) {
 		return;
@@ -4823,6 +4851,14 @@ PHP_FUNCTION(pg_send_execute)
 		}
 	}
 	_php_pgsql_free_params(params, num_params);
+	/* Wait to finish sending buffer */
+	while ((ret = PQflush(pgsql))) {
+		if (ret == -1) {
+			php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Could not empty postgres send buffer");
+			break;
+		}
+		usleep(10000);
+	}
 	if (PQ_SETNONBLOCKING(pgsql, 0)) {
 		php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Cannot set connection to blocking mode");
 	}
diff --git a/ext/session/mod_user.c b/ext/session/mod_user.c
index 57d7bd0edc..e4261df294 100644
--- a/ext/session/mod_user.c
+++ b/ext/session/mod_user.c
@@ -23,7 +23,7 @@
 #include "mod_user.h"
 
 ps_module ps_mod_user = {
-	PS_MOD(user)
+	PS_MOD_SID(user)
 };
 
 #define SESS_ZVAL_LONG(val, a)						\
@@ -183,6 +183,39 @@ PS_GC_FUNC(user)
 	FINISH;
 }
 
+PS_CREATE_SID_FUNC(user)
+{
+	/* maintain backwards compatibility */
+	if (PSF(create_sid) != NULL) {
+		zval *args[1];
+		char *id = NULL;
+		STDVARS;
+
+		retval = ps_call_handler(PSF(create_sid), 0, NULL TSRMLS_CC);
+
+		if (retval) {
+			if (Z_TYPE_P(retval) == IS_STRING) {
+				id = estrndup(Z_STRVAL_P(retval), Z_STRLEN_P(retval));
+			}
+			zval_ptr_dtor(&retval);
+		}
+		else {
+			php_error_docref(NULL TSRMLS_CC, E_ERROR, "No session id returned by function");
+			return NULL;
+		}
+
+		if (!id) {
+			php_error_docref(NULL TSRMLS_CC, E_ERROR, "Session id must be a string");
+			return NULL;
+		}
+
+		return id;
+	}
+
+	/* function as defined by PS_MOD */
+	return php_session_create_id(mod_data, newlen TSRMLS_CC);
+}
+
 /*
  * Local variables:
  * tab-width: 4
diff --git a/ext/session/mod_user.h b/ext/session/mod_user.h
index fd149ccff4..6b2998c426 100644
--- a/ext/session/mod_user.h
+++ b/ext/session/mod_user.h
@@ -24,6 +24,6 @@
 extern ps_module ps_mod_user;
 #define ps_user_ptr &ps_mod_user
 
-PS_FUNCS(user);
+PS_FUNCS_SID(user);
 
 #endif
diff --git a/ext/session/mod_user_class.c b/ext/session/mod_user_class.c
index 1ed1e7bbd5..ea53af9ebe 100644
--- a/ext/session/mod_user_class.c
+++ b/ext/session/mod_user_class.c
@@ -141,3 +141,19 @@ PHP_METHOD(SessionHandler, gc)
 	RETVAL_BOOL(SUCCESS == PS(default_mod)->s_gc(&PS(mod_data), maxlifetime, &nrdels TSRMLS_CC));
 }
 /* }}} */
+
+/* {{{ proto char SessionHandler::create_sid()
+   Wraps the old create_sid handler */
+PHP_METHOD(SessionHandler, create_sid)
+{
+	char *id;
+
+	if (zend_parse_parameters_none() == FAILURE) {
+	    return;
+	}
+
+	id = PS(default_mod)->s_create_sid(&PS(mod_data), NULL TSRMLS_CC);
+
+	RETURN_STRING(id, 0);
+}
+/* }}} */
diff --git a/ext/session/php_session.h b/ext/session/php_session.h
index adc5e70402..1dd5b1a1a6 100644
--- a/ext/session/php_session.h
+++ b/ext/session/php_session.h
@@ -138,7 +138,7 @@ typedef struct _php_ps_globals {
 	int module_number;
 	long cache_expire;
 	union {
-		zval *names[6];
+		zval *names[7];
 		struct {
 			zval *ps_open;
 			zval *ps_close;
@@ -146,6 +146,7 @@ typedef struct _php_ps_globals {
 			zval *ps_write;
 			zval *ps_destroy;
 			zval *ps_gc;
+			zval *ps_create_sid;
 		} name;
 	} mod_user_names;
 	int mod_user_implemented;
@@ -277,11 +278,15 @@ extern zend_class_entry *php_session_class_entry;
 #define PS_IFACE_NAME "SessionHandlerInterface"
 extern zend_class_entry *php_session_iface_entry;
 
+#define PS_SID_IFACE_NAME "SessionIdInterface"
+extern zend_class_entry *php_session_id_iface_entry;
+
 extern PHP_METHOD(SessionHandler, open);
 extern PHP_METHOD(SessionHandler, close);
 extern PHP_METHOD(SessionHandler, read);
 extern PHP_METHOD(SessionHandler, write);
 extern PHP_METHOD(SessionHandler, destroy);
 extern PHP_METHOD(SessionHandler, gc);
+extern PHP_METHOD(SessionHandler, create_sid);
 
 #endif
diff --git a/ext/session/session.c b/ext/session/session.c
index 5e0565253f..39e1ce59f9 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -70,6 +70,9 @@ zend_class_entry *php_session_class_entry;
 /* SessionHandlerInterface */
 zend_class_entry *php_session_iface_entry;
 
+/* SessionIdInterface */
+zend_class_entry *php_session_id_iface_entry;
+
 /* ***********
    * Helpers *
    *********** */
@@ -1577,7 +1580,7 @@ static PHP_FUNCTION(session_module_name)
 }
 /* }}} */
 
-/* {{{ proto void session_set_save_handler(string open, string close, string read, string write, string destroy, string gc)
+/* {{{ proto void session_set_save_handler(string open, string close, string read, string write, string destroy, string gc, string create_sid)
    Sets user-level functions */
 static PHP_FUNCTION(session_set_save_handler)
 {
@@ -1589,11 +1592,7 @@ static PHP_FUNCTION(session_set_save_handler)
 		RETURN_FALSE;
 	}
 
-	if (argc != 1 && argc != 2 && argc != 6) {
-		WRONG_PARAM_COUNT;
-	}
-
-	if (argc <= 2) {
+	if (argc > 0 && argc <= 2) {
 		zval *obj = NULL, *callback = NULL;
 		zend_uint func_name_len;
 		char *func_name;
@@ -1607,11 +1606,11 @@ static PHP_FUNCTION(session_set_save_handler)
 			RETURN_FALSE;
 		}
 
-		/* Find implemented methods */
-		zend_hash_internal_pointer_reset_ex(&php_session_class_entry->function_table, &pos);
+		/* Find implemented methods - SessionHandlerInterface */
+		zend_hash_internal_pointer_reset_ex(&php_session_iface_entry->function_table, &pos);
 		i = 0;
-		while (zend_hash_get_current_data_ex(&php_session_class_entry->function_table, (void **) &default_mptr, &pos) == SUCCESS) {
-			zend_hash_get_current_key_ex(&php_session_class_entry->function_table, &func_name, &func_name_len, &func_index, 0, &pos);
+		while (zend_hash_get_current_data_ex(&php_session_iface_entry->function_table, (void **) &default_mptr, &pos) == SUCCESS) {
+			zend_hash_get_current_key_ex(&php_session_iface_entry->function_table, &func_name, &func_name_len, &func_index, 0, &pos);
 
 			if (zend_hash_find(&Z_OBJCE_P(obj)->function_table, func_name, func_name_len, (void **)&current_mptr) == SUCCESS) {
 				if (PS(mod_user_names).names[i] != NULL) {
@@ -1629,7 +1628,29 @@ static PHP_FUNCTION(session_set_save_handler)
 				RETURN_FALSE;
 			}
 
-			zend_hash_move_forward_ex(&php_session_class_entry->function_table, &pos);
+			zend_hash_move_forward_ex(&php_session_iface_entry->function_table, &pos);
+			++i;
+		}
+
+		/* Find implemented methods - SessionIdInterface (optional) */
+		zend_hash_internal_pointer_reset_ex(&php_session_id_iface_entry->function_table, &pos);
+		while (zend_hash_get_current_data_ex(&php_session_id_iface_entry->function_table, (void **) &default_mptr, &pos) == SUCCESS) {
+			zend_hash_get_current_key_ex(&php_session_id_iface_entry->function_table, &func_name, &func_name_len, &func_index, 0, &pos);
+
+			if (zend_hash_find(&Z_OBJCE_P(obj)->function_table, func_name, func_name_len, (void **)&current_mptr) == SUCCESS) {
+				if (PS(mod_user_names).names[i] != NULL) {
+					zval_ptr_dtor(&PS(mod_user_names).names[i]);
+				}
+
+				MAKE_STD_ZVAL(callback);
+				array_init_size(callback, 2);
+				Z_ADDREF_P(obj);
+				add_next_index_zval(callback, obj);
+				add_next_index_stringl(callback, func_name, func_name_len - 1, 1);
+				PS(mod_user_names).names[i] = callback;
+			}
+
+			zend_hash_move_forward_ex(&php_session_id_iface_entry->function_table, &pos);
 			++i;
 		}
 
@@ -1661,6 +1682,10 @@ static PHP_FUNCTION(session_set_save_handler)
 		RETURN_TRUE;
 	}
 
+	if (argc != 6 && argc != 7) {
+		WRONG_PARAM_COUNT;
+	}
+
 	if (zend_parse_parameters(argc TSRMLS_CC, "+", &args, &num_args) == FAILURE) {
 		return;
 	}
@@ -1668,7 +1693,8 @@ static PHP_FUNCTION(session_set_save_handler)
 	/* remove shutdown function */
 	remove_user_shutdown_function("session_shutdown", sizeof("session_shutdown") TSRMLS_CC);
 
-	for (i = 0; i < 6; i++) {
+	/* at this point argc can only be 6 or 7 */
+	for (i = 0; i < argc; i++) {
 		if (!zend_is_callable(*args[i], 0, &name TSRMLS_CC)) {
 			efree(args);
 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Argument %d is not a valid callback", i+1);
@@ -1682,7 +1708,7 @@ static PHP_FUNCTION(session_set_save_handler)
 		zend_alter_ini_entry("session.save_handler", sizeof("session.save_handler"), "user", sizeof("user")-1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
 	}
 
-	for (i = 0; i < 6; i++) {
+	for (i = 0; i < argc; i++) {
 		if (PS(mod_user_names).names[i] != NULL) {
 			zval_ptr_dtor(&PS(mod_user_names).names[i]);
 		}
@@ -1992,13 +2018,14 @@ ZEND_END_ARG_INFO()
 ZEND_BEGIN_ARG_INFO(arginfo_session_void, 0)
 ZEND_END_ARG_INFO()
 
-ZEND_BEGIN_ARG_INFO_EX(arginfo_session_set_save_handler, 0, 0, 6)
+ZEND_BEGIN_ARG_INFO_EX(arginfo_session_set_save_handler, 0, 0, 1)
 	ZEND_ARG_INFO(0, open)
 	ZEND_ARG_INFO(0, close)
 	ZEND_ARG_INFO(0, read)
 	ZEND_ARG_INFO(0, write)
 	ZEND_ARG_INFO(0, destroy)
 	ZEND_ARG_INFO(0, gc)
+	ZEND_ARG_INFO(0, create_sid)
 ZEND_END_ARG_INFO()
 
 ZEND_BEGIN_ARG_INFO_EX(arginfo_session_cache_limiter, 0, 0, 0)
@@ -2041,6 +2068,9 @@ ZEND_END_ARG_INFO()
 ZEND_BEGIN_ARG_INFO(arginfo_session_class_gc, 0)
 	ZEND_ARG_INFO(0, maxlifetime)
 ZEND_END_ARG_INFO()
+
+ZEND_BEGIN_ARG_INFO(arginfo_session_class_create_sid, 0)
+ZEND_END_ARG_INFO()
 /* }}} */
 
 /* {{{ session_functions[]
@@ -2082,6 +2112,14 @@ static const zend_function_entry php_session_iface_functions[] = {
 };
 /* }}} */
 
+/* {{{ SessionIdInterface functions[]
+*/
+static const zend_function_entry php_session_id_iface_functions[] = {
+	PHP_ABSTRACT_ME(SessionIdInterface, create_sid, arginfo_session_class_create_sid)
+	{ NULL, NULL, NULL }
+};
+/* }}} */
+
 /* {{{ SessionHandler functions[]
  */
 static const zend_function_entry php_session_class_functions[] = {
@@ -2091,6 +2129,7 @@ static const zend_function_entry php_session_class_functions[] = {
 	PHP_ME(SessionHandler, write, arginfo_session_class_write, ZEND_ACC_PUBLIC)
 	PHP_ME(SessionHandler, destroy, arginfo_session_class_destroy, ZEND_ACC_PUBLIC)
 	PHP_ME(SessionHandler, gc, arginfo_session_class_gc, ZEND_ACC_PUBLIC)
+	PHP_ME(SessionHandler, create_sid, arginfo_session_class_create_sid, ZEND_ACC_PUBLIC)
 	{ NULL, NULL, NULL }
 };
 /* }}} */
@@ -2150,7 +2189,7 @@ static PHP_RSHUTDOWN_FUNCTION(session) /* {{{ */
 	php_rshutdown_session_globals(TSRMLS_C);
 
 	/* this should NOT be done in php_rshutdown_session_globals() */
-	for (i = 0; i < 6; i++) {
+	for (i = 0; i < 7; i++) {
 		if (PS(mod_user_names).names[i] != NULL) {
 			zval_ptr_dtor(&PS(mod_user_names).names[i]);
 			PS(mod_user_names).names[i] = NULL;
@@ -2175,7 +2214,7 @@ static PHP_GINIT_FUNCTION(ps) /* {{{ */
 	ps_globals->default_mod = NULL;
 	ps_globals->mod_user_implemented = 0;
 	ps_globals->mod_user_is_open = 0;
-	for (i = 0; i < 6; i++) {
+	for (i = 0; i < 7; i++) {
 		ps_globals->mod_user_names.names[i] = NULL;
 	}
 	ps_globals->http_session_vars = NULL;
@@ -2199,15 +2238,20 @@ static PHP_MINIT_FUNCTION(session) /* {{{ */
 	php_session_rfc1867_orig_callback = php_rfc1867_callback;
 	php_rfc1867_callback = php_session_rfc1867_callback;
 
-	/* Register interface */
+	/* Register interfaces */
 	INIT_CLASS_ENTRY(ce, PS_IFACE_NAME, php_session_iface_functions);
 	php_session_iface_entry = zend_register_internal_class(&ce TSRMLS_CC);
 	php_session_iface_entry->ce_flags |= ZEND_ACC_INTERFACE;
 
+	INIT_CLASS_ENTRY(ce, PS_SID_IFACE_NAME, php_session_id_iface_functions);
+	php_session_id_iface_entry = zend_register_internal_class(&ce TSRMLS_CC);
+	php_session_id_iface_entry->ce_flags |= ZEND_ACC_INTERFACE;
+
 	/* Register base class */
 	INIT_CLASS_ENTRY(ce, PS_CLASS_NAME, php_session_class_functions);
 	php_session_class_entry = zend_register_internal_class(&ce TSRMLS_CC);
 	zend_class_implements(php_session_class_entry TSRMLS_CC, 1, php_session_iface_entry);
+	zend_class_implements(php_session_class_entry TSRMLS_CC, 1, php_session_id_iface_entry);
 
 	REGISTER_LONG_CONSTANT("PHP_SESSION_DISABLED", php_session_disabled, CONST_CS | CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("PHP_SESSION_NONE", php_session_none, CONST_CS | CONST_PERSISTENT);
@@ -2370,7 +2414,7 @@ static void php_session_rfc1867_update(php_session_rfc1867_progress *progress, i
 	php_session_initialize(TSRMLS_C);
 	PS(session_status) = php_session_active;
 	IF_SESSION_VARS() {
-		progress->cancel_upload = php_check_cancel_upload(progress TSRMLS_CC);
+		progress->cancel_upload |= php_check_cancel_upload(progress TSRMLS_CC);
 		ZEND_SET_SYMBOL_WITH_LENGTH(Z_ARRVAL_P(PS(http_session_vars)), progress->key.c, progress->key.len+1, progress->data, 2, 0);
 	}
 	php_session_flush(TSRMLS_C);
diff --git a/ext/session/tests/session_set_save_handler_class_016.phpt b/ext/session/tests/session_set_save_handler_class_016.phpt
new file mode 100644
index 0000000000..2de03c0682
--- /dev/null
+++ b/ext/session/tests/session_set_save_handler_class_016.phpt
@@ -0,0 +1,90 @@
+--TEST--
+Test session_set_save_handler() function: class with create_sid
+--INI--
+session.save_handler=files
+session.name=PHPSESSID
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--FILE--
+<?php
+
+ob_start();
+
+/* 
+ * Prototype : bool session_set_save_handler(SessionHandlerInterface $handler [, bool $register_shutdown_function = true])
+ * Description : Sets user-level session storage functions
+ * Source code : ext/session/session.c 
+ */
+
+echo "*** Testing session_set_save_handler() function: class with create_sid ***\n";
+
+class MySession2 extends SessionHandler {
+	public $path;
+
+	public function open($path, $name) {
+		if (!$path) {
+			$path = sys_get_temp_dir();
+		}
+		$this->path = $path . '/u_sess_' . $name;
+		return true;
+	}
+
+	public function close() {
+		return true;
+	}
+
+	public function read($id) {
+		return @file_get_contents($this->path . $id);
+	}
+
+	public function write($id, $data) {
+		return file_put_contents($this->path . $id, $data);
+	}
+
+	public function destroy($id) {
+		@unlink($this->path . $id);
+	}
+
+	public function gc($maxlifetime) {
+		foreach (glob($this->path . '*') as $filename) {
+			if (filemtime($filename) + $maxlifetime < time()) {
+				@unlink($filename);
+			}
+		}
+		return true;
+	}
+
+	public function create_sid() {
+		return parent::create_sid();
+	}
+}
+
+$handler = new MySession2;
+session_set_save_handler($handler);
+session_start();
+
+$_SESSION['foo'] = "hello";
+
+var_dump(session_id(), ini_get('session.save_handler'), $_SESSION);
+
+session_write_close();
+session_unset();
+
+session_start();
+var_dump($_SESSION);
+
+session_write_close();
+session_unset();
+
+--EXPECTF--
+*** Testing session_set_save_handler() function: class with create_sid ***
+string(%d) "%s"
+string(4) "user"
+array(1) {
+  ["foo"]=>
+  string(5) "hello"
+}
+array(1) {
+  ["foo"]=>
+  string(5) "hello"
+}
diff --git a/ext/session/tests/session_set_save_handler_class_017.phpt b/ext/session/tests/session_set_save_handler_class_017.phpt
new file mode 100644
index 0000000000..756dc55d03
--- /dev/null
+++ b/ext/session/tests/session_set_save_handler_class_017.phpt
@@ -0,0 +1,90 @@
+--TEST--
+Test session_set_save_handler() function: class with create_sid
+--INI--
+session.save_handler=files
+session.name=PHPSESSID
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--FILE--
+<?php
+
+ob_start();
+
+/* 
+ * Prototype : bool session_set_save_handler(SessionHandlerInterface $handler [, bool $register_shutdown_function = true])
+ * Description : Sets user-level session storage functions
+ * Source code : ext/session/session.c 
+ */
+
+echo "*** Testing session_set_save_handler() function: class with create_sid ***\n";
+
+class MySession2 extends SessionHandler {
+	public $path;
+
+	public function open($path, $name) {
+		if (!$path) {
+			$path = sys_get_temp_dir();
+		}
+		$this->path = $path . '/u_sess_' . $name;
+		return true;
+	}
+
+	public function close() {
+		return true;
+	}
+
+	public function read($id) {
+		return @file_get_contents($this->path . $id);
+	}
+
+	public function write($id, $data) {
+		return file_put_contents($this->path . $id, $data);
+	}
+
+	public function destroy($id) {
+		@unlink($this->path . $id);
+	}
+
+	public function gc($maxlifetime) {
+		foreach (glob($this->path . '*') as $filename) {
+			if (filemtime($filename) + $maxlifetime < time()) {
+				@unlink($filename);
+			}
+		}
+		return true;
+	}
+
+	public function create_sid() {
+		return 'my_sid';
+	}
+}
+
+$handler = new MySession2;
+session_set_save_handler($handler);
+session_start();
+
+$_SESSION['foo'] = "hello";
+
+var_dump(session_id(), ini_get('session.save_handler'), $_SESSION);
+
+session_write_close();
+session_unset();
+
+session_start();
+var_dump($_SESSION);
+
+session_write_close();
+session_unset();
+
+--EXPECTF--
+*** Testing session_set_save_handler() function: class with create_sid ***
+string(%d) "my_sid"
+string(4) "user"
+array(1) {
+  ["foo"]=>
+  string(5) "hello"
+}
+array(1) {
+  ["foo"]=>
+  string(5) "hello"
+}
diff --git a/ext/session/tests/session_set_save_handler_iface_003.phpt b/ext/session/tests/session_set_save_handler_iface_003.phpt
new file mode 100644
index 0000000000..bd757dce63
--- /dev/null
+++ b/ext/session/tests/session_set_save_handler_iface_003.phpt
@@ -0,0 +1,90 @@
+--TEST--
+Test session_set_save_handler() function: id interface
+--INI--
+session.save_handler=files
+session.name=PHPSESSID
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--FILE--
+<?php
+
+ob_start();
+
+/* 
+ * Prototype : bool session_set_save_handler(SessionHandlerInterface $handler [, bool $register_shutdown_function = true])
+ * Description : Sets user-level session storage functions
+ * Source code : ext/session/session.c 
+ */
+
+echo "*** Testing session_set_save_handler() function: id interface ***\n";
+
+class MySession2 implements SessionHandlerInterface, SessionIdInterface {
+	public $path;
+
+	public function open($path, $name) {
+		if (!$path) {
+			$path = sys_get_temp_dir();
+		}
+		$this->path = $path . '/u_sess_' . $name;
+		return true;
+	}
+
+	public function close() {
+		return true;
+	}
+
+	public function read($id) {
+		return @file_get_contents($this->path . $id);
+	}
+
+	public function write($id, $data) {
+		return file_put_contents($this->path . $id, $data);
+	}
+
+	public function destroy($id) {
+		@unlink($this->path . $id);
+	}
+
+	public function gc($maxlifetime) {
+		foreach (glob($this->path . '*') as $filename) {
+			if (filemtime($filename) + $maxlifetime < time()) {
+				@unlink($filename);
+			}
+		}
+		return true;
+	}
+
+	public function create_sid() {
+		return 'my_sid';
+	}
+}
+
+$handler = new MySession2;
+session_set_save_handler($handler);
+session_start();
+
+$_SESSION['foo'] = "hello";
+
+var_dump(session_id(), ini_get('session.save_handler'), $_SESSION);
+
+session_write_close();
+session_unset();
+
+session_start();
+var_dump($_SESSION);
+
+session_write_close();
+session_unset();
+
+--EXPECTF--
+*** Testing session_set_save_handler() function: id interface ***
+string(%d) "my_sid"
+string(4) "user"
+array(1) {
+  ["foo"]=>
+  string(5) "hello"
+}
+array(1) {
+  ["foo"]=>
+  string(5) "hello"
+}
diff --git a/ext/session/tests/session_set_save_handler_sid_001.phpt b/ext/session/tests/session_set_save_handler_sid_001.phpt
new file mode 100644
index 0000000000..0dc4fc11cf
--- /dev/null
+++ b/ext/session/tests/session_set_save_handler_sid_001.phpt
@@ -0,0 +1,85 @@
+--TEST--
+Test session_set_save_handler() function: create_sid
+--INI--
+session.save_handler=files
+session.name=PHPSESSID
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--FILE--
+<?php
+
+ob_start();
+
+echo "*** Testing session_set_save_handler() function: create_sid ***\n";
+
+class MySession2 {
+	public $path;
+
+	public function open($path, $name) {
+		if (!$path) {
+			$path = sys_get_temp_dir();
+		}
+		$this->path = $path . '/u_sess_' . $name;
+		return true;
+	}
+
+	public function close() {
+		return true;
+	}
+
+	public function read($id) {
+		return @file_get_contents($this->path . $id);
+	}
+
+	public function write($id, $data) {
+		return file_put_contents($this->path . $id, $data);
+	}
+
+	public function destroy($id) {
+		@unlink($this->path . $id);
+	}
+
+	public function gc($maxlifetime) {
+		foreach (glob($this->path . '*') as $filename) {
+			if (filemtime($filename) + $maxlifetime < time()) {
+				@unlink($filename);
+			}
+		}
+		return true;
+	}
+
+	public function create_sid() {
+		return 'my_sid';
+	}
+}
+
+$handler = new MySession2;
+session_set_save_handler(array($handler, 'open'), array($handler, 'close'),
+	array($handler, 'read'), array($handler, 'write'), array($handler, 'destroy'), array($handler, 'gc'), array($handler, 'create_sid'));
+session_start();
+
+$_SESSION['foo'] = "hello";
+
+var_dump(session_id(), ini_get('session.save_handler'), $_SESSION);
+
+session_write_close();
+session_unset();
+
+session_start();
+var_dump($_SESSION);
+
+session_write_close();
+session_unset();
+
+--EXPECTF--
+*** Testing session_set_save_handler() function: create_sid ***
+string(%d) "my_sid"
+string(4) "user"
+array(1) {
+  ["foo"]=>
+  string(5) "hello"
+}
+array(1) {
+  ["foo"]=>
+  string(5) "hello"
+}
diff --git a/ext/session/tests/session_set_save_handler_sid_002.phpt b/ext/session/tests/session_set_save_handler_sid_002.phpt
new file mode 100644
index 0000000000..f9a72aebca
--- /dev/null
+++ b/ext/session/tests/session_set_save_handler_sid_002.phpt
@@ -0,0 +1,77 @@
+--TEST--
+Test session_set_save_handler() function: create_sid
+--INI--
+session.save_handler=files
+session.name=PHPSESSID
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--FILE--
+<?php
+
+ob_start();
+
+echo "*** Testing session_set_save_handler() function: create_sid ***\n";
+
+class MySession2 {
+	public $path;
+
+	public function open($path, $name) {
+		if (!$path) {
+			$path = sys_get_temp_dir();
+		}
+		$this->path = $path . '/u_sess_' . $name;
+		return true;
+	}
+
+	public function close() {
+		return true;
+	}
+
+	public function read($id) {
+		return @file_get_contents($this->path . $id);
+	}
+
+	public function write($id, $data) {
+		return file_put_contents($this->path . $id, $data);
+	}
+
+	public function destroy($id) {
+		@unlink($this->path . $id);
+	}
+
+	public function gc($maxlifetime) {
+		foreach (glob($this->path . '*') as $filename) {
+			if (filemtime($filename) + $maxlifetime < time()) {
+				@unlink($filename);
+			}
+		}
+		return true;
+	}
+
+	public function create_sid() {
+		return null;
+	}
+}
+
+$handler = new MySession2;
+session_set_save_handler(array($handler, 'open'), array($handler, 'close'),
+	array($handler, 'read'), array($handler, 'write'), array($handler, 'destroy'), array($handler, 'gc'), array($handler, 'create_sid'));
+session_start();
+
+$_SESSION['foo'] = "hello";
+
+var_dump(session_id(), ini_get('session.save_handler'), $_SESSION);
+
+session_write_close();
+session_unset();
+
+session_start();
+var_dump($_SESSION);
+
+session_write_close();
+session_unset();
+
+--EXPECTF--
+*** Testing session_set_save_handler() function: create_sid ***
+
+Fatal error: session_start(): Session id must be a string in %s on line %d
diff --git a/ext/spl/spl_directory.c b/ext/spl/spl_directory.c
index 0b884b38a3..1a417d0f58 100644
--- a/ext/spl/spl_directory.c
+++ b/ext/spl/spl_directory.c
@@ -1510,7 +1510,7 @@ SPL_METHOD(RecursiveDirectoryIterator, hasChildren)
    Returns an iterator for the current entry if it is a directory */
 SPL_METHOD(RecursiveDirectoryIterator, getChildren)
 {
-	zval zpath, zflags;
+	zval *zpath, *zflags;
 	spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC);
 	spl_filesystem_object *subdir;
 	char slash = SPL_HAS_FLAG(intern->flags, SPL_FILE_DIR_UNIXPATHS) ? '/' : DEFAULT_SLASH;
@@ -1524,11 +1524,13 @@ SPL_METHOD(RecursiveDirectoryIterator, getChildren)
 	if (SPL_HAS_FLAG(intern->flags, SPL_FILE_DIR_CURRENT_AS_PATHNAME)) {
 		RETURN_STRINGL(intern->file_name, intern->file_name_len, 1);
 	} else {
-		INIT_PZVAL(&zflags);
-		INIT_PZVAL(&zpath);
-		ZVAL_LONG(&zflags, intern->flags);
-		ZVAL_STRINGL(&zpath, intern->file_name, intern->file_name_len, 0);
-		spl_instantiate_arg_ex2(Z_OBJCE_P(getThis()), &return_value, 0, &zpath, &zflags TSRMLS_CC);
+		MAKE_STD_ZVAL(zflags);
+		MAKE_STD_ZVAL(zpath);
+		ZVAL_LONG(zflags, intern->flags);
+		ZVAL_STRINGL(zpath, intern->file_name, intern->file_name_len, 1);
+		spl_instantiate_arg_ex2(Z_OBJCE_P(getThis()), &return_value, 0, zpath, zflags TSRMLS_CC);
+		zval_ptr_dtor(&zpath);
+		zval_ptr_dtor(&zflags);
 		
 		subdir = (spl_filesystem_object*)zend_object_store_get_object(return_value TSRMLS_CC);
 		if (subdir) {
diff --git a/ext/standard/tests/array/array_walk_closure.phpt b/ext/standard/tests/array/array_walk_closure.phpt
new file mode 100644
index 0000000000..4e22bb8946
--- /dev/null
+++ b/ext/standard/tests/array/array_walk_closure.phpt
@@ -0,0 +1,251 @@
+--TEST--
+array_walk() closure tests
+--FILE--
+<?php
+
+var_dump(array_walk());
+
+$ar = false;
+var_dump(array_walk($ar, $ar));
+
+$ar = NULL;
+var_dump(array_walk($ar, $ar));
+
+$ar = ["one" => 1, "two"=>2, "three" => 3];
+var_dump(array_walk($ar, function(){ var_dump(func_get_args());}));
+
+echo "\nclosure with array\n";
+$ar = ["one" => 1, "two"=>2, "three" => 3];
+$user_data = ["sum" => 42];
+$func = function($value, $key, &$udata) {
+	var_dump($udata);
+	$udata["sum"] += $value;
+};
+
+var_dump(array_walk($ar, $func, $user_data));
+echo "End result:";
+var_dump($user_data["sum"]);
+
+echo "\nclosure with use\n";
+$ar = ["one" => 1, "two"=>2, "three" => 3];
+$user_data = ["sum" => 42];
+$func = function($value, $key) use (&$user_data) {
+	var_dump($user_data);
+	$user_data["sum"] += $value;
+};
+
+var_dump(array_walk($ar, $func, $user_data));
+echo "End result:";
+var_dump($user_data["sum"]);
+
+
+echo "\nclosure with object\n";
+$ar = ["one" => 1, "two"=>2, "three" => 3];
+$user_data = (object)["sum" => 42];
+$func = function($value, $key, &$udata) {
+	var_dump($udata);
+	$udata->sum += $value;
+};
+
+var_dump(array_walk($ar, $func, $user_data));
+echo "End result:";
+var_dump($user_data->sum);
+
+
+
+echo "\nfunction with object\n";
+function sum_it_up_object($value, $key, $udata)
+{
+	var_dump($udata);
+	$udata->sum += $value;
+}
+
+$ar = ["one" => 1, "two"=>2, "three" => 3];
+$user_data = (object)["sum" => 42];
+
+var_dump(array_walk($ar, "sum_it_up_object", $user_data));
+echo "End result:";
+var_dump($user_data->sum);
+
+
+echo "\nfunction with array\n";
+function sum_it_up_array($value, $key, $udata)
+{
+	var_dump($udata);
+	$udata['sum'] += $value;
+}
+
+$ar = ["one" => 1, "two"=>2, "three" => 3];
+$user_data = ["sum" => 42];
+
+var_dump(array_walk($ar, "sum_it_up_array", $user_data));
+echo "End result:";
+var_dump($user_data['sum']);
+
+echo "\nclosure and exception\n";
+$ar = ["one" => 1, "two"=>2, "three" => 3];
+try {
+	var_dump(array_walk($ar, function($v, $k) { if ($v == 2) throw new Exception; } ));
+} catch (Exception $e) {
+	var_dump($e->getTrace());
+}
+
+
+echo "Done\n";
+?>
+--EXPECTF--	
+Warning: array_walk() expects at least 2 parameters, 0 given in %s on line %d
+NULL
+
+Warning: array_walk() expects parameter 1 to be array, boolean given in %s on line %d
+NULL
+
+Warning: array_walk() expects parameter 1 to be array, null given in %s on line %d
+NULL
+array(2) {
+  [0]=>
+  int(1)
+  [1]=>
+  string(3) "one"
+}
+array(2) {
+  [0]=>
+  int(2)
+  [1]=>
+  string(3) "two"
+}
+array(2) {
+  [0]=>
+  int(3)
+  [1]=>
+  string(5) "three"
+}
+bool(true)
+
+closure with array
+array(1) {
+  ["sum"]=>
+  int(42)
+}
+array(1) {
+  ["sum"]=>
+  int(43)
+}
+array(1) {
+  ["sum"]=>
+  int(45)
+}
+bool(true)
+End result:int(42)
+
+closure with use
+array(1) {
+  ["sum"]=>
+  int(42)
+}
+array(1) {
+  ["sum"]=>
+  int(43)
+}
+array(1) {
+  ["sum"]=>
+  int(45)
+}
+bool(true)
+End result:int(48)
+
+closure with object
+object(stdClass)#1 (1) {
+  ["sum"]=>
+  int(42)
+}
+object(stdClass)#1 (1) {
+  ["sum"]=>
+  int(43)
+}
+object(stdClass)#1 (1) {
+  ["sum"]=>
+  int(45)
+}
+bool(true)
+End result:int(48)
+
+function with object
+object(stdClass)#2 (1) {
+  ["sum"]=>
+  int(42)
+}
+object(stdClass)#2 (1) {
+  ["sum"]=>
+  int(43)
+}
+object(stdClass)#2 (1) {
+  ["sum"]=>
+  int(45)
+}
+bool(true)
+End result:int(48)
+
+function with array
+array(1) {
+  ["sum"]=>
+  int(42)
+}
+array(1) {
+  ["sum"]=>
+  int(42)
+}
+array(1) {
+  ["sum"]=>
+  int(42)
+}
+bool(true)
+End result:int(42)
+
+closure and exception
+array(2) {
+  [0]=>
+  array(2) {
+    ["function"]=>
+    string(9) "{closure}"
+    ["args"]=>
+    array(2) {
+      [0]=>
+      int(2)
+      [1]=>
+      string(3) "two"
+    }
+  }
+  [1]=>
+  array(4) {
+    ["file"]=>
+    string(%d) "%s"
+    ["line"]=>
+    int(%d)
+    ["function"]=>
+    string(10) "array_walk"
+    ["args"]=>
+    array(2) {
+      [0]=>
+      &array(3) {
+        ["one"]=>
+        int(1)
+        ["two"]=>
+        int(2)
+        ["three"]=>
+        int(3)
+      }
+      [1]=>
+      object(Closure)#2 (1) {
+        ["parameter"]=>
+        array(2) {
+          ["$v"]=>
+          string(10) "<required>"
+          ["$k"]=>
+          string(10) "<required>"
+        }
+      }
+    }
+  }
+}
+Done
diff --git a/sapi/fpm/fpm/fpm_sockets.c b/sapi/fpm/fpm/fpm_sockets.c
index f959cf36d8..145b2550c3 100644
--- a/sapi/fpm/fpm/fpm_sockets.c
+++ b/sapi/fpm/fpm/fpm_sockets.c
@@ -405,7 +405,19 @@ int fpm_socket_get_listening_queue(int sock, unsigned *cur_lq, unsigned *max_lq)
 		zlog(ZLOG_SYSERROR, "failed to retrieve TCP_INFO for socket");
 		return -1;
 	}
+#if defined(__FreeBSD__)
+	if (info.__tcpi_sacked == 0) {
+		return -1;
+	}
+
+	if (cur_lq) {
+		*cur_lq = info.__tcpi_unacked;
+	}
 
+	if (max_lq) {
+		*max_lq = info.__tcpi_sacked;
+	}
+#else
 	/* kernel >= 2.6.24 return non-zero here, that means operation is supported */
 	if (info.tcpi_sacked == 0) {
 		return -1;
@@ -418,6 +430,7 @@ int fpm_socket_get_listening_queue(int sock, unsigned *cur_lq, unsigned *max_lq)
 	if (max_lq) {
 		*max_lq = info.tcpi_sacked;
 	}
+#endif
 
 	return 0;
 }