Merge mainstream 'master' branch into refactoring

During merge I had to revert:
	Nikita's patch for php_splice() (it probably needs to be applyed again)
	Bob Weinand's patches related to constant expression handling (we need to review them carefully)
	I also reverted all our attempts to support sapi/phpdbg (we didn't test it anyway)

Conflicts:
	Zend/zend.h
	Zend/zend_API.c
	Zend/zend_ast.c
	Zend/zend_compile.c
	Zend/zend_compile.h
	Zend/zend_constants.c
	Zend/zend_exceptions.c
	Zend/zend_execute.c
	Zend/zend_execute.h
	Zend/zend_execute_API.c
	Zend/zend_hash.c
	Zend/zend_highlight.c
	Zend/zend_language_parser.y
	Zend/zend_language_scanner.c
	Zend/zend_language_scanner_defs.h
	Zend/zend_variables.c
	Zend/zend_vm_def.h
	Zend/zend_vm_execute.h
	ext/date/php_date.c
	ext/dom/documenttype.c
	ext/hash/hash.c
	ext/iconv/iconv.c
	ext/mbstring/tests/zend_multibyte-10.phpt
	ext/mbstring/tests/zend_multibyte-11.phpt
	ext/mbstring/tests/zend_multibyte-12.phpt
	ext/mysql/php_mysql.c
	ext/mysqli/mysqli.c
	ext/mysqlnd/mysqlnd_reverse_api.c
	ext/mysqlnd/php_mysqlnd.c
	ext/opcache/ZendAccelerator.c
	ext/opcache/zend_accelerator_util_funcs.c
	ext/opcache/zend_persist.c
	ext/opcache/zend_persist_calc.c
	ext/pcre/php_pcre.c
	ext/pdo/pdo_dbh.c
	ext/pdo/pdo_stmt.c
	ext/pdo_pgsql/pgsql_driver.c
	ext/pgsql/pgsql.c
	ext/reflection/php_reflection.c
	ext/session/session.c
	ext/spl/spl_array.c
	ext/spl/spl_observer.c
	ext/standard/array.c
	ext/standard/basic_functions.c
	ext/standard/html.c
	ext/standard/mail.c
	ext/standard/php_array.h
	ext/standard/proc_open.c
	ext/standard/streamsfuncs.c
	ext/standard/user_filters.c
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	main/php_variables.c
	sapi/phpdbg/phpdbg.c
	sapi/phpdbg/phpdbg_bp.c
	sapi/phpdbg/phpdbg_frame.c
	sapi/phpdbg/phpdbg_help.c
	sapi/phpdbg/phpdbg_list.c
	sapi/phpdbg/phpdbg_print.c
	sapi/phpdbg/phpdbg_prompt.c

1 files changed, 23 insertions, 12 deletions

diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c
index ec16f8bbb8..3e577bc28a 100644
--- a/ext/session/mod_files.c
+++ b/ext/session/mod_files.c
@@ -50,6 +50,12 @@
 
 #define FILE_PREFIX "sess_"
 
+#ifdef PHP_WIN32
+# ifndef O_NOFOLLOW
+#  define O_NOFOLLOW 0
+# endif
+#endif
+
 typedef struct {
 	int fd;
 	char *lastkey;
@@ -115,6 +121,7 @@ static void ps_files_close(ps_files *data)
 static void ps_files_open(ps_files *data, const char *key TSRMLS_DC)
 {
 	char buf[MAXPATHLEN];
+    struct stat sbuf;
 
 	if (data->fd < 0 || !data->lastkey || strcmp(key, data->lastkey)) {
 		if (data->lastkey) {
@@ -135,22 +142,26 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC)
 
 		data->lastkey = estrdup(key);
 
+		/* O_NOFOLLOW to prevent us from following evil symlinks */
+#ifdef O_NOFOLLOW
+		data->fd = VCWD_OPEN_MODE(buf, O_CREAT | O_RDWR | O_BINARY | O_NOFOLLOW, data->filemode);
+#else
+		/* Check to make sure that the opened file is not outside of allowable dirs. 
+		   This is not 100% safe but it's hard to do something better without O_NOFOLLOW */
+		if(PG(open_basedir) && lstat(buf, &sbuf) == 0 && S_ISLNK(sbuf.st_mode) && php_check_open_basedir(buf TSRMLS_CC)) {
+			return;
+		}
 		data->fd = VCWD_OPEN_MODE(buf, O_CREAT | O_RDWR | O_BINARY, data->filemode);
+#endif
 
 		if (data->fd != -1) {
 #ifndef PHP_WIN32
-			/* check to make sure that the opened file is not a symlink, linking to data outside of allowable dirs */
-			if (PG(open_basedir)) {
-				struct stat sbuf;
-
-				if (fstat(data->fd, &sbuf)) {
-					close(data->fd);
-					return;
-				}
-				if (S_ISLNK(sbuf.st_mode) && php_check_open_basedir(buf TSRMLS_CC)) {
-					close(data->fd);
-					return;
-				}
+			/* check that this session file was created by us or root – we
+			   don't want to end up accepting the sessions of another webapp */
+			if (fstat(data->fd, &sbuf) || (sbuf.st_uid != 0 && sbuf.st_uid != getuid() && sbuf.st_uid != geteuid())) {
+				close(data->fd);
+				data->fd = -1;
+				return;
 			}
 #endif
 			flock(data->fd, LOCK_EX);