Strict session

author: Yasuo Ohgaki <yohgaki@php.net> 2013-06-25 19:47:04 +0900
committer: Stanislav Malyshev <stas@php.net> 2013-08-04 16:36:45 -0700
commit: 25e8fcc88fa20dc9d4c47184471003f436927cde (patch)
tree: ac295c6a34592e66a408a323fc1773c5f88d5099 /ext/session
parent: c793a6569013f9ab46f2cd7331cc1a04aa42cbed (diff)
download: php-git-25e8fcc88fa20dc9d4c47184471003f436927cde.tar.gz
38 files changed, 240 insertions, 93 deletions
diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c
index 053c617dec..e9dc25a4b8 100644
--- a/ext/session/mod_files.c
+++ b/ext/session/mod_files.c
@@ -61,40 +61,9 @@ typedef struct {
 } ps_files;
 
 ps_module ps_mod_files = {
-	PS_MOD(files)
+	PS_MOD_SID(files)
 };
 
-/* If you change the logic here, please also update the error message in
- * ps_files_open() appropriately */
-static int ps_files_valid_key(const char *key)
-{
-	size_t len;
-	const char *p;
-	char c;
-	int ret = 1;
-
-	for (p = key; (c = *p); p++) {
-		/* valid characters are a..z,A..Z,0..9 */
-		if (!((c >= 'a' && c <= 'z')
-				|| (c >= 'A' && c <= 'Z')
-				|| (c >= '0' && c <= '9')
-				|| c == ','
-				|| c == '-')) {
-			ret = 0;
-			break;
-		}
-	}
-
-	len = p - key;
-
-	/* Somewhat arbitrary length limit here, but should be way more than
-	   anyone needs and avoids file-level warnings later on if we exceed MAX_PATH */
-	if (len == 0 || len > 128) {
-		ret = 0;
-	}
-
-	return ret;
-}
 
 static char *ps_files_path_create(char *buf, size_t buflen, ps_files *data, const char *key)
 {
@@ -155,11 +124,11 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC)
 
 		ps_files_close(data);
 
-		if (!ps_files_valid_key(key)) {
+		if (php_session_valid_key(key) == FAILURE) {
 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'");
-			PS(invalid_session_id) = 1;
 			return;
 		}
+
 		if (!ps_files_path_create(buf, sizeof(buf), data, key)) {
 			return;
 		}
@@ -253,6 +222,21 @@ static int ps_files_cleanup_dir(const char *dirname, int maxlifetime TSRMLS_DC)
 	return (nrdels);
 }
 
+static int ps_files_key_exists(ps_files *data, const char *key TSRMLS_DC)
+{
+	char buf[MAXPATHLEN];
+	struct stat sbuf;
+
+	if (!key || !ps_files_path_create(buf, sizeof(buf), data, key)) {
+		return FAILURE;
+	}
+	if (VCWD_STAT(buf, &sbuf)) {
+		return FAILURE;
+	}
+	return SUCCESS;
+}
+
+
 #define PS_FILES_DATA ps_files *data = PS_GET_MOD_DATA()
 
 PS_OPEN_FUNC(files)
@@ -342,6 +326,24 @@ PS_READ_FUNC(files)
 	struct stat sbuf;
 	PS_FILES_DATA;
 
+	/* If strict mode, check session id existence */
+	if (PS(use_strict_mode) &&
+		ps_files_key_exists(data, key TSRMLS_CC) == FAILURE) {
+		/* key points to PS(id), but cannot change here. */
+		if (key) {
+			efree(PS(id));
+			PS(id) = NULL;
+		}
+		PS(id) = PS(mod)->s_create_sid((void **)&data, NULL TSRMLS_CC);
+		if (!PS(id)) {
+			return FAILURE;
+		}
+		php_session_reset_id(TSRMLS_C);
+		if (PS(use_cookies)) {
+			PS(send_cookie) = 1;
+		}
+	}
+
 	ps_files_open(data, key TSRMLS_CC);
 	if (data->fd < 0) {
 		return FAILURE;
@@ -454,6 +456,17 @@ PS_GC_FUNC(files)
 	return SUCCESS;
 }
 
+PS_CREATE_SID_FUNC(files)
+{
+	char *sid;
+	PS_FILES_DATA;
+
+	sid = php_session_create_id((void **)&data, newlen TSRMLS_CC);
+
+	return sid;
+}
+
+
 /*
  * Local variables:
  * tab-width: 4
diff --git a/ext/session/mod_files.h b/ext/session/mod_files.h
index c97d168b1e..94cbd6d025 100644
--- a/ext/session/mod_files.h
+++ b/ext/session/mod_files.h
@@ -24,6 +24,6 @@
 extern ps_module ps_mod_files;
 #define ps_files_ptr &ps_mod_files
 
-PS_FUNCS(files);
+PS_FUNCS_SID(files);
 
 #endif
diff --git a/ext/session/mod_mm.c b/ext/session/mod_mm.c
index e0d16d1924..7ca90833a6 100644
--- a/ext/session/mod_mm.c
+++ b/ext/session/mod_mm.c
@@ -124,7 +124,7 @@ static ps_sd *ps_sd_new(ps_mm *data, const char *key)
 	if (!sd) {
 		TSRMLS_FETCH();
 
-		php_error_docref(NULL TSRMLS_CC, E_WARNING, "mm_malloc failed, avail %d, err %s", mm_available(data->mm), mm_error());
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "mm_malloc failed, avail %ld, err %s", mm_available(data->mm), mm_error());
 		return NULL;
 	}
 
@@ -208,8 +208,22 @@ static ps_sd *ps_sd_lookup(ps_mm *data, const char *key, int rw)
 	return ret;
 }
 
+static int ps_mm_key_exists(ps_mm *data, const char *key TSRMLS_DC)
+{
+	ps_sd *sd;
+
+	if (!key) {
+		return FAILURE;
+	}
+	sd = ps_sd_lookup(data, key, 0);
+	if (sd) {
+		return SUCCESS;
+	}
+	return FAILURE;
+}
+
 ps_module ps_mod_mm = {
-	PS_MOD(mm)
+	PS_MOD_SID(mm)
 };
 
 #define PS_MM_DATA ps_mm *data = PS_GET_MOD_DATA()
@@ -341,6 +355,24 @@ PS_READ_FUNC(mm)
 
 	mm_lock(data->mm, MM_LOCK_RD);
 
+	/* If there is an ID and strict mode, verify existence */
+	if (PS(use_strict_mode)
+		&& ps_mm_key_exists(data, key TSRMLS_CC) == FAILURE) {
+		/* key points to PS(id), but cannot change here. */
+		if (key) {
+			efree(PS(id));
+			PS(id) = NULL;
+		}
+		PS(id) = PS(mod)->s_create_sid((void **)&data, NULL TSRMLS_CC);
+		if (!PS(id)) {
+			return FAILURE;
+		}
+		php_session_reset_id(TSRMLS_C);
+		if (PS(use_cookies)) {
+			PS(send_cookie) = 1;
+		}
+	}
+
 	sd = ps_sd_lookup(data, key, 0);
 	if (sd) {
 		*vallen = sd->datalen;
@@ -444,6 +476,16 @@ PS_GC_FUNC(mm)
 	return SUCCESS;
 }
 
+PS_CREATE_SID_FUNC(mm)
+{
+	char *sid;
+	PS_MM_DATA;
+
+	sid = php_session_create_id((void **)&data, newlen TSRMLS_CC);
+
+	return sid;
+}
+
 #endif
 
 /*
diff --git a/ext/session/php_session.h b/ext/session/php_session.h
index b28c2b4c28..e8e79f0fa6 100644
--- a/ext/session/php_session.h
+++ b/ext/session/php_session.h
@@ -29,6 +29,9 @@
 
 #define PHP_SESSION_API 20020330
 
+/* To check php_session_valid_key()/php_session_reset_id() */
+#define PHP_SESSION_STRICT 1
+
 #define PS_OPEN_ARGS void **mod_data, const char *save_path, const char *session_name TSRMLS_DC
 #define PS_CLOSE_ARGS void **mod_data TSRMLS_DC
 #define PS_READ_ARGS void **mod_data, const char *key, char **val, int *vallen TSRMLS_DC
@@ -75,7 +78,7 @@ typedef struct ps_module_struct {
 	#x, ps_open_##x, ps_close_##x, ps_read_##x, ps_write_##x, \
 	 ps_delete_##x, ps_gc_##x, php_session_create_id
 
-/* SID enabled module handler definitions */
+/* SID creation enabled module handler definitions */
 #define PS_FUNCS_SID(x) \
 	PS_OPEN_FUNC(x); \
 	PS_CLOSE_FUNC(x); \
@@ -175,6 +178,8 @@ typedef struct _php_ps_globals {
 	smart_str rfc1867_name;    /* session.upload_progress.name */
 	long rfc1867_freq;         /* session.upload_progress.freq */
 	double rfc1867_min_freq;   /* session.upload_progress.min_freq */
+
+	zend_bool use_strict_mode; /* whether or not PHP accepts unknown session ids */
 } php_ps_globals;
 
 typedef php_ps_globals zend_ps_globals;
@@ -230,6 +235,9 @@ PHPAPI void php_session_start(TSRMLS_D);
 PHPAPI ps_module *_php_find_ps_module(char *name TSRMLS_DC);
 PHPAPI const ps_serializer *_php_find_ps_serializer(char *name TSRMLS_DC);
 
+PHPAPI int php_session_valid_key(const char *key);
+PHPAPI void php_session_reset_id(TSRMLS_D);
+
 #define PS_ADD_VARL(name,namelen) do {										\
 	php_add_session_var(name, namelen TSRMLS_CC);							\
 } while (0)
diff --git a/ext/session/session.c b/ext/session/session.c
index e992f31d2f..d90b5c6b84 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -86,6 +86,8 @@ zend_class_entry *php_session_id_iface_entry;
 		return FAILURE;	\
 	}
 
+static void php_session_send_cookie(TSRMLS_D);
+
 /* Dispatched by RINIT and by php_session_destroy */
 static inline void php_rinit_session_globals(TSRMLS_D) /* {{{ */
 {
@@ -126,7 +128,7 @@ static int php_session_destroy(TSRMLS_D) /* {{{ */
 		return FAILURE;
 	}
 
-	if (PS(mod)->s_destroy(&PS(mod_data), PS(id) TSRMLS_CC) == FAILURE) {
+	if (PS(id) && PS(mod)->s_destroy(&PS(mod_data), PS(id) TSRMLS_CC) == FAILURE) {
 		retval = FAILURE;
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Session object destruction failed");
 	}
@@ -428,17 +430,45 @@ PHPAPI char *php_session_create_id(PS_CREATE_SID_ARGS) /* {{{ */
 }
 /* }}} */
 
-static void php_session_initialize(TSRMLS_D) /* {{{ */
+/* Default session id char validation function allowed by ps_modules.
+ * If you change the logic here, please also update the error message in
+ * ps_modules appropriately */
+PHPAPI int php_session_valid_key(const char *key) /* {{{ */
 {
-	char *val;
-	int vallen;
+	size_t len;
+	const char *p;
+	char c;
+	int ret = SUCCESS;
+
+	for (p = key; (c = *p); p++) {
+		/* valid characters are a..z,A..Z,0..9 */
+		if (!((c >= 'a' && c <= 'z')
+				|| (c >= 'A' && c <= 'Z')
+				|| (c >= '0' && c <= '9')
+				|| c == ','
+				|| c == '-')) {
+			ret = FAILURE;
+			break;
+		}
+	}
 
-	/* check session name for invalid characters */
-	if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\")) {
-		efree(PS(id));
-		PS(id) = NULL;
+	len = p - key;
+
+	/* Somewhat arbitrary length limit here, but should be way more than
+	   anyone needs and avoids file-level warnings later on if we exceed MAX_PATH */
+	if (len == 0 || len > 128) {
+		ret = FAILURE;
 	}
 
+	return ret;
+}
+/* }}} */
+
+static void php_session_initialize(TSRMLS_D) /* {{{ */
+{
+	char *val = NULL;
+	int vallen;
+
 	if (!PS(mod)) {
 		php_error_docref(NULL TSRMLS_CC, E_ERROR, "No storage module chosen - failed to initialize session");
 		return;
@@ -452,28 +482,38 @@ static void php_session_initialize(TSRMLS_D) /* {{{ */
 
 	/* If there is no ID, use session module to create one */
 	if (!PS(id)) {
-new_session:
 		PS(id) = PS(mod)->s_create_sid(&PS(mod_data), NULL TSRMLS_CC);
+		if (!PS(id)) {
+			php_error_docref(NULL TSRMLS_CC, E_ERROR, "Failed to create session ID: %s (path: %s)", PS(mod)->s_name, PS(save_path));
+			return;
+		}
 		if (PS(use_cookies)) {
 			PS(send_cookie) = 1;
 		}
 	}
 
+	php_session_reset_id(TSRMLS_C);
+	PS(session_status) = php_session_active;
+
 	/* Read data */
-	/* Question: if you create a SID here, should you also try to read data?
-	 * I'm not sure, but while not doing so will remove one session operation
-	 * it could prove usefull for those sites which wish to have "default"
-	 * session information. */
 	php_session_track_init(TSRMLS_C);
-	PS(invalid_session_id) = 0;
-	if (PS(mod)->s_read(&PS(mod_data), PS(id), &val, &vallen TSRMLS_CC) == SUCCESS) {
+	if (PS(mod)->s_read(&PS(mod_data), PS(id), &val, &vallen TSRMLS_CC) == FAILURE) {
+		/* Some broken save handler implementation returns FAILURE for non-existent session ID */
+		/* It's better to rase error for this, but disabled error for better compatibility */
+		/*
+		php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Failed to read session data: %s (path: %s)", PS(mod)->s_name, PS(save_path));
+		*/
+	}
+	if (val) {
 		php_session_decode(val, vallen TSRMLS_CC);
 		efree(val);
-	} else if (PS(invalid_session_id)) { /* address instances where the session read fails due to an invalid id */
-		PS(invalid_session_id) = 0;
-		efree(PS(id));
-		PS(id) = NULL;
-		goto new_session;
+	}
+
+	if (!PS(use_cookies) && PS(send_cookie)) {
+		if (PS(use_trans_sid) && !PS(use_only_cookies)) {
+			PS(apply_trans_sid) = 1;
+		}
+		PS(send_cookie) = 0;
 	}
 }
 /* }}} */
@@ -748,6 +788,7 @@ PHP_INI_BEGIN()
 	STD_PHP_INI_BOOLEAN("session.cookie_httponly",  "",          PHP_INI_ALL, OnUpdateBool,   cookie_httponly,    php_ps_globals,    ps_globals)
 	STD_PHP_INI_BOOLEAN("session.use_cookies",      "1",         PHP_INI_ALL, OnUpdateBool,   use_cookies,        php_ps_globals,    ps_globals)
 	STD_PHP_INI_BOOLEAN("session.use_only_cookies", "1",         PHP_INI_ALL, OnUpdateBool,   use_only_cookies,   php_ps_globals,    ps_globals)
+	STD_PHP_INI_BOOLEAN("session.use_strict_mode",  "0",         PHP_INI_ALL, OnUpdateBool,   use_strict_mode,    php_ps_globals,    ps_globals)
 	STD_PHP_INI_ENTRY("session.referer_check",      "",          PHP_INI_ALL, OnUpdateString, extern_referer_chk, php_ps_globals,    ps_globals)
 #if HAVE_DEV_URANDOM
 	STD_PHP_INI_ENTRY("session.entropy_file",       "/dev/urandom",          PHP_INI_ALL, OnUpdateString, entropy_file,       php_ps_globals,    ps_globals)
@@ -1297,10 +1338,15 @@ PHPAPI const ps_serializer *_php_find_ps_serializer(char *name TSRMLS_DC) /* {{{
 		convert_to_string((*ppid)); \
 		PS(id) = estrndup(Z_STRVAL_PP(ppid), Z_STRLEN_PP(ppid))
 
-static void php_session_reset_id(TSRMLS_D) /* {{{ */
+PHPAPI void php_session_reset_id(TSRMLS_D) /* {{{ */
 {
 	int module_number = PS(module_number);
 
+	if (!PS(id)) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot set session ID - session ID is not initialized");
+		return;
+	}
+
 	if (PS(use_cookies) && PS(send_cookie)) {
 		php_session_send_cookie(TSRMLS_C);
 		PS(send_cookie) = 0;
@@ -1447,19 +1493,14 @@ PHPAPI void php_session_start(TSRMLS_D) /* {{{ */
 		}
 	}
 
-	php_session_initialize(TSRMLS_C);
-
-	if (!PS(use_cookies) && PS(send_cookie)) {
-		if (PS(use_trans_sid) && !PS(use_only_cookies)) {
-			PS(apply_trans_sid) = 1;
-		}
-		PS(send_cookie) = 0;
+	/* Finally check session id for dangarous characters
+	 * Security note: session id may be embedded in HTML pages.*/
+	if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\")) {
+		efree(PS(id));
+		PS(id) = NULL;
 	}
 
-	php_session_reset_id(TSRMLS_C);
-
-	PS(session_status) = php_session_active;
-
+	php_session_initialize(TSRMLS_C);
 	php_session_cache_limiter(TSRMLS_C);
 
 	if ((PS(mod_data) || PS(mod_user_implemented)) && PS(gc_probability) > 0) {
@@ -1775,9 +1816,9 @@ static PHP_FUNCTION(session_save_path)
 static PHP_FUNCTION(session_id)
 {
 	char *name = NULL;
-	int name_len;
+	int name_len, argc = ZEND_NUM_ARGS();
 
-	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|s", &name, &name_len) == FAILURE) {
+	if (zend_parse_parameters(argc TSRMLS_CC, "|s", &name, &name_len) == FAILURE) {
 		return;
 	}
 
@@ -1788,6 +1829,9 @@ static PHP_FUNCTION(session_id)
 	}
 
 	if (name) {
+		if (PS(use_strict_mode) && argc) {
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Set session ID while session.use_strict_mode is enabled");
+		}
 		if (PS(id)) {
 			efree(PS(id));
 		}
@@ -1822,11 +1866,13 @@ static PHP_FUNCTION(session_regenerate_id)
 		}
 
 		PS(id) = PS(mod)->s_create_sid(&PS(mod_data), NULL TSRMLS_CC);
-
-		PS(send_cookie) = 1;
-		php_session_reset_id(TSRMLS_C);
-
-		RETURN_TRUE;
+		if (PS(id)) {
+			PS(send_cookie) = 1;
+			php_session_reset_id(TSRMLS_C);
+			RETURN_TRUE;
+		} else {
+			PS(id) = STR_EMPTY_ALLOC();
+		}
 	}
 	RETURN_FALSE;
 }
diff --git a/ext/session/tests/003.phpt b/ext/session/tests/003.phpt
index 03c3b95766..8725f06a69 100644
--- a/ext/session/tests/003.phpt
+++ b/ext/session/tests/003.phpt
@@ -4,6 +4,7 @@ session object deserialization
 <?php include('skipif.inc'); ?>
 --INI--
 session.use_cookies=0
+session.use_strict_mode=0
 session.cache_limiter=
 session.serialize_handler=php
 session.save_handler=files
diff --git a/ext/session/tests/004.phpt b/ext/session/tests/004.phpt
index aeb2c8b363..4547c65574 100644
--- a/ext/session/tests/004.phpt
+++ b/ext/session/tests/004.phpt
@@ -4,6 +4,7 @@ session_set_save_handler test
 <?php include('skipif.inc'); ?>
 --INI--
 session.use_cookies=0
+session.use_strict_mode=0
 session.cache_limiter=
 session.name=PHPSESSID
 session.serialize_handler=php
diff --git a/ext/session/tests/005.phpt b/ext/session/tests/005.phpt
index a970e6b71d..796d9c377e 100644
--- a/ext/session/tests/005.phpt
+++ b/ext/session/tests/005.phpt
@@ -4,6 +4,7 @@ custom save handler, multiple session_start()s, complex data structure test.
 <?php include('skipif.inc'); ?>
 --INI--
 session.use_cookies=0
+session.use_strict_mode=0
 session.cache_limiter=
 session.name=PHPSESSID
 session.serialize_handler=php
diff --git a/ext/session/tests/006.phpt b/ext/session/tests/006.phpt
index 03fca10381..dba6894c7e 100644
--- a/ext/session/tests/006.phpt
+++ b/ext/session/tests/006.phpt
@@ -4,6 +4,7 @@ correct instantiation of references between variables in sessions
 <?php include('skipif.inc'); ?>
 --INI--
 session.use_cookies=0
+session.use_strict_mode=0
 session.cache_limiter=
 session.serialize_handler=php
 session.save_handler=files
diff --git a/ext/session/tests/009.phpt b/ext/session/tests/009.phpt
index d73bc238c9..6d8d11c331 100644
--- a/ext/session/tests/009.phpt
+++ b/ext/session/tests/009.phpt
@@ -4,6 +4,7 @@ unset($_SESSION["name"]); test
 <?php include('skipif.inc'); ?>
 --INI--
 session.use_cookies=0
+session.use_strict_mode=0
 session.cache_limiter=
 session.serialize_handler=php
 session.save_handler=files
diff --git a/ext/session/tests/012.phpt b/ext/session/tests/012.phpt
index 8708011273..c555d2ca1e 100644
--- a/ext/session/tests/012.phpt
+++ b/ext/session/tests/012.phpt
@@ -4,6 +4,7 @@ registering $_SESSION should not segfault
 <?php include('skipif.inc'); ?>
 --INI--
 session.use_cookies=0
+session.use_strict_mode=0
 session.cache_limiter=
 session.serialize_handler=php
 session.save_handler=files
diff --git a/ext/session/tests/013.phpt b/ext/session/tests/013.phpt
index 8d0f284b17..32909eb58c 100644
--- a/ext/session/tests/013.phpt
+++ b/ext/session/tests/013.phpt
@@ -4,6 +4,7 @@ redefining SID should not cause warnings
 <?php include('skipif.inc'); ?>
 --INI--
 session.use_cookies=0
+session.use_strict_mode=0
 session.cache_limiter=
 session.serialize_handler=php
 session.save_handler=files
diff --git a/ext/session/tests/014.phpt b/ext/session/tests/014.phpt
index 73bc28ea66..cbf22b142d 100644
--- a/ext/session/tests/014.phpt
+++ b/ext/session/tests/014.phpt
@@ -5,6 +5,7 @@ a script should not be able to modify session.use_trans_sid
 --INI--
 session.use_trans_sid=0
 session.use_cookies=0
+session.use_strict_mode=0
 session.cache_limiter=
 session.name=PHPSESSID
 session.serialize_handler=php
diff --git a/ext/session/tests/015.phpt b/ext/session/tests/015.phpt
index 7d7b737340..527b86bc1d 100644
--- a/ext/session/tests/015.phpt
+++ b/ext/session/tests/015.phpt
@@ -6,6 +6,7 @@ use_trans_sid should not affect SID
 session.use_trans_sid=1
 session.use_cookies=0
 session.use_only_cookies=0
+session.use_strict_mode=0
 session.cache_limiter=
 arg_separator.output=&
 session.name=PHPSESSID
diff --git a/ext/session/tests/016.phpt b/ext/session/tests/016.phpt
index 83703294a3..0e368e2f82 100644
--- a/ext/session/tests/016.phpt
+++ b/ext/session/tests/016.phpt
@@ -16,10 +16,11 @@ session.serialize_handler=php
 <?php
 error_reporting(E_ALL);
 
-@session_start();
+session_start();
 $HTTP_SESSION_VARS["test"] = 1;
-@session_write_close();
+session_write_close();
 print "I live\n";
 ?>
---EXPECT--
+--EXPECTF--
+Warning: session_write_close(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (123;:/really\completely:::/invalid;;,23123;213) in %s on line %d
 I live
diff --git a/ext/session/tests/018.phpt b/ext/session/tests/018.phpt
index def1f419ce..5ec132b34f 100644
--- a/ext/session/tests/018.phpt
+++ b/ext/session/tests/018.phpt
@@ -5,6 +5,7 @@ rewriter correctly handles attribute names which contain dashes
 --INI--
 session.use_cookies=0
 session.use_only_cookies=0
+session.use_strict_mode=0
 session.cache_limiter=
 session.use_trans_sid=1
 session.name=PHPSESSID
diff --git a/ext/session/tests/019.phpt b/ext/session/tests/019.phpt
index 3ee8ccd420..0f06add5a1 100644
--- a/ext/session/tests/019.phpt
+++ b/ext/session/tests/019.phpt
@@ -4,6 +4,7 @@ serializing references test case using globals
 <?php include('skipif.inc'); ?>
 --INI--
 session.use_cookies=0
+session.use_strict_mode=0
 session.cache_limiter=
 session.serialize_handler=php
 session.save_handler=files
diff --git a/ext/session/tests/020.phpt b/ext/session/tests/020.phpt
index 0141129820..267e52191c 100644
--- a/ext/session/tests/020.phpt
+++ b/ext/session/tests/020.phpt
@@ -5,6 +5,7 @@ rewriter uses arg_separator.output for modifying URLs
 --INI--
 session.use_cookies=0
 session.use_only_cookies=0
+session.use_strict_mode=0
 session.cache_limiter=
 session.use_trans_sid=1
 arg_separator.output="&amp;"
diff --git a/ext/session/tests/021.phpt b/ext/session/tests/021.phpt
index 1ad3c5d5f7..e199972899 100644
--- a/ext/session/tests/021.phpt
+++ b/ext/session/tests/021.phpt
@@ -5,6 +5,7 @@ rewriter handles form and fieldset tags correctly
 --INI--
 session.use_cookies=0
 session.use_only_cookies=0
+session.use_strict_mode=0
 session.cache_limiter=
 session.use_trans_sid=1
 url_rewriter.tags="a=href,area=href,frame=src,input=src,form=,fieldset="
diff --git a/ext/session/tests/023.phpt b/ext/session/tests/023.phpt
index 42b1e5b1be..592b4a8c3b 100644
--- a/ext/session/tests/023.phpt
+++ b/ext/session/tests/023.phpt
@@ -4,6 +4,7 @@ session object deserialization
 <?php include('skipif.inc'); ?>
 --INI--
 session.use_cookies=0
+session.use_strict_mode=0
 session.cache_limiter=
 session.serialize_handler=php
 session.save_handler=files
diff --git a/ext/session/tests/024.phpt b/ext/session/tests/024.phpt
index 2ad26067a5..2b273e2b2e 100644
--- a/ext/session/tests/024.phpt
+++ b/ext/session/tests/024.phpt
@@ -4,6 +4,7 @@ session_set_save_handler test
 <?php include('skipif.inc'); ?>
 --INI--
 session.use_cookies=0
+session.use_strict_mode=0
 session.cache_limiter=
 session.name=PHPSESSID
 session.serialize_handler=php
diff --git a/ext/session/tests/025.phpt b/ext/session/tests/025.phpt
index 4fd095f817..a9ad8fb649 100644
--- a/ext/session/tests/025.phpt
+++ b/ext/session/tests/025.phpt
@@ -4,6 +4,7 @@ custom save handler, multiple session_start()s, complex data structure test.
 <?php include('skipif.inc'); ?>
 --INI--
 session.use_cookies=0
+session.use_strict_mode=0
 session.cache_limiter=
 session.name=PHPSESSID
 session.serialize_handler=php
diff --git a/ext/session/tests/026.phpt b/ext/session/tests/026.phpt
index 06c135d046..44f0ae0ec0 100644
--- a/ext/session/tests/026.phpt
+++ b/ext/session/tests/026.phpt
@@ -4,6 +4,7 @@ correct instantiation of references between variables in sessions
 <?php include('skipif.inc'); ?>
 --INI--
 session.use_cookies=0
+session.use_strict_mode=0
 session.cache_limiter=
 session.serialize_handler=php
 session.save_handler=files
diff --git a/ext/session/tests/027.phpt b/ext/session/tests/027.phpt
index 600a992f7f..63828522fb 100644
--- a/ext/session/tests/027.phpt
+++ b/ext/session/tests/027.phpt
@@ -4,6 +4,7 @@ unset($_SESSION["name"]); should work
 <?php include('skipif.inc'); ?>
 --INI--
 session.use_cookies=0
+session.use_strict_mode=0
 session.cache_limiter=
 session.serialize_handler=php
 session.save_handler=files
diff --git a/ext/session/tests/030.phpt b/ext/session/tests/030.phpt
index 8d0f284b17..32909eb58c 100644
--- a/ext/session/tests/030.phpt
+++ b/ext/session/tests/030.phpt
@@ -4,6 +4,7 @@ redefining SID should not cause warnings
 <?php include('skipif.inc'); ?>
 --INI--
 session.use_cookies=0
+session.use_strict_mode=0
 session.cache_limiter=
 session.serialize_handler=php
 session.save_handler=files
diff --git a/ext/session/tests/bug41600.phpt b/ext/session/tests/bug41600.phpt
index 690347ac8d..79d5e12841 100644
--- a/ext/session/tests/bug41600.phpt
+++ b/ext/session/tests/bug41600.phpt
@@ -5,6 +5,7 @@ Bug #41600 (url rewriter tags doesn't work with namespaced tags)
 --INI--
 session.use_cookies=0
 session.use_only_cookies=0
+session.use_strict_mode=0
 session.cache_limiter=
 session.use_trans_sid=1
 arg_separator.output="&amp;"
diff --git a/ext/session/tests/bug60634.phpt b/ext/session/tests/bug60634.phpt
index 2ec0c26c13..e2dfd15b37 100644
--- a/ext/session/tests/bug60634.phpt
+++ b/ext/session/tests/bug60634.phpt
@@ -1,7 +1,5 @@
 --TEST--
 Bug #60634 (Segmentation fault when trying to die() in SessionHandler::write())
---XFAIL--
-Long term low priority bug, working on it
 --INI--
 session.save_path=
 session.name=PHPSESSID
@@ -44,3 +42,4 @@ echo "um, hi\n";
 ?>
 --EXPECTF--
 write: goodbye cruel world
+close: goodbye cruel world
diff --git a/ext/session/tests/bug60634_error_1.phpt b/ext/session/tests/bug60634_error_1.phpt
index 3b6e394eed..e41592f18d 100644
--- a/ext/session/tests/bug60634_error_1.phpt
+++ b/ext/session/tests/bug60634_error_1.phpt
@@ -1,7 +1,5 @@
 --TEST--
 Bug #60634 (Segmentation fault when trying to die() in SessionHandler::write()) - fatal error in write during exec
---XFAIL--
-Long term low priority bug, working on it
 --INI--
 session.save_path=
 session.name=PHPSESSID
@@ -47,3 +45,4 @@ echo "um, hi\n";
 write: goodbye cruel world
 
 Fatal error: Call to undefined function undefined_function() in %s on line %d
+close: goodbye cruel world
diff --git a/ext/session/tests/bug60634_error_2.phpt b/ext/session/tests/bug60634_error_2.phpt
index 265fb303f7..7c50948ba8 100644
--- a/ext/session/tests/bug60634_error_2.phpt
+++ b/ext/session/tests/bug60634_error_2.phpt
@@ -1,7 +1,5 @@
 --TEST--
 Bug #60634 (Segmentation fault when trying to die() in SessionHandler::write()) - exception in write during exec
---XFAIL--
-Long term low priority bug, working on it
 --INI--
 session.save_path=
 session.name=PHPSESSID
@@ -47,3 +45,8 @@ echo "um, hi\n";
 write: goodbye cruel world
 
 Fatal error: Uncaught exception 'Exception' in %s
+Stack trace:
+#0 [internal function]: write('%s', '')
+#1 %s(%d): session_write_close()
+#2 {main}
+  thrown in %s on line %d
diff --git a/ext/session/tests/bug60634_error_3.phpt b/ext/session/tests/bug60634_error_3.phpt
index b2004d68bc..4a508a4d8f 100644
--- a/ext/session/tests/bug60634_error_3.phpt
+++ b/ext/session/tests/bug60634_error_3.phpt
@@ -1,7 +1,5 @@
 --TEST--
 Bug #60634 (Segmentation fault when trying to die() in SessionHandler::write()) - fatal error in write after exec
---XFAIL--
-Long term low priority bug, working on it
 --INI--
 session.save_path=
 session.name=PHPSESSID
@@ -46,3 +44,4 @@ session_start();
 write: goodbye cruel world
 
 Fatal error: Call to undefined function undefined_function() in %s on line %d
+close: goodbye cruel world
diff --git a/ext/session/tests/bug60634_error_4.phpt b/ext/session/tests/bug60634_error_4.phpt
index 60bc0dcf54..f21d077b54 100644
--- a/ext/session/tests/bug60634_error_4.phpt
+++ b/ext/session/tests/bug60634_error_4.phpt
@@ -1,7 +1,5 @@
 --TEST--
 Bug #60634 (Segmentation fault when trying to die() in SessionHandler::write()) - exception in write after exec
---XFAIL--
-Long term low priority bug, working on it
 --INI--
 session.save_path=
 session.name=PHPSESSID
@@ -46,3 +44,8 @@ session_start();
 write: goodbye cruel world
 
 Fatal error: Uncaught exception 'Exception' in %s
+Stack trace:
+#0 [internal function]: write('%s', '')
+#1 {main}
+  thrown in %s on line %d
+close: goodbye cruel world
diff --git a/ext/session/tests/rfc1867_sid_invalid.phpt b/ext/session/tests/rfc1867_sid_invalid.phpt
index b28a2e341b..4dd8f1f979 100644
--- a/ext/session/tests/rfc1867_sid_invalid.phpt
+++ b/ext/session/tests/rfc1867_sid_invalid.phpt
@@ -46,6 +46,16 @@ session_destroy();
 ?>
 --EXPECTF--
 Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
+
+Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
+
+Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct () in Unknown on line 0
+
+Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
+
+Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
+
+Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct () in Unknown on line 0
 string(%d) "%s"
 bool(true)
 array(2) {
diff --git a/ext/session/tests/session_commit_variation4.phpt b/ext/session/tests/session_commit_variation4.phpt
index 57f42539d2..69854a6cf9 100644
--- a/ext/session/tests/session_commit_variation4.phpt
+++ b/ext/session/tests/session_commit_variation4.phpt
@@ -2,6 +2,8 @@
 Test session_commit() function : variation
 --SKIPIF--
 <?php include('skipif.inc'); ?>
+--INI--
+session.use_strict_mode=0
 --FILE--
 <?php
 
diff --git a/ext/session/tests/session_save_path_variation2.phpt b/ext/session/tests/session_save_path_variation2.phpt
index 6b08480312..dff070100c 100644
--- a/ext/session/tests/session_save_path_variation2.phpt
+++ b/ext/session/tests/session_save_path_variation2.phpt
@@ -32,7 +32,7 @@ ob_end_flush();
 *** Testing session_save_path() : variation ***
 string(5) "/blah"
 
-Warning: session_start(): open(%s, O_RDWR) failed: No such file or directory (2) in %s on line %d
+Warning: session_start(): open(/blah/%s, O_RDWR) failed: No such file or directory (2) in %s on line %d
 bool(true)
 string(5) "/blah"
 bool(true)
diff --git a/ext/session/tests/session_set_save_handler_error2.phpt b/ext/session/tests/session_set_save_handler_error2.phpt
index 03ba3b04d0..1f2a8b9e6a 100644
--- a/ext/session/tests/session_set_save_handler_error2.phpt
+++ b/ext/session/tests/session_set_save_handler_error2.phpt
@@ -2,6 +2,8 @@
 Test session_set_save_handler() function : error functionality
 --SKIPIF--
 <?php include('skipif.inc'); ?>
+--INI--
+error_reporting=0
 --FILE--
 <?php
 
diff --git a/ext/session/tests/session_set_save_handler_error3.phpt b/ext/session/tests/session_set_save_handler_error3.phpt
index 446ef7b75b..cb07b0d8de 100644
--- a/ext/session/tests/session_set_save_handler_error3.phpt
+++ b/ext/session/tests/session_set_save_handler_error3.phpt
@@ -40,4 +40,3 @@ Stack trace:
 #1 %s(%d): session_start()
 #2 {main}
   thrown in %s on line %d
-
diff --git a/ext/session/tests/session_set_save_handler_error4.phpt b/ext/session/tests/session_set_save_handler_error4.phpt
index 4debde5b0f..d286f07d99 100644
--- a/ext/session/tests/session_set_save_handler_error4.phpt
+++ b/ext/session/tests/session_set_save_handler_error4.phpt
@@ -39,4 +39,3 @@ Warning: session_set_save_handler(): Argument 4 is not a valid callback in %s on
 Warning: session_set_save_handler(): Argument 5 is not a valid callback in %s on line %d
 
 Warning: session_set_save_handler(): Argument 6 is not a valid callback in %s on line %d
-
diff --git a/ext/session/tests/session_write_close_variation4.phpt b/ext/session/tests/session_write_close_variation4.phpt
index 249c1555c0..9076dcf4a4 100644
--- a/ext/session/tests/session_write_close_variation4.phpt
+++ b/ext/session/tests/session_write_close_variation4.phpt
@@ -2,6 +2,8 @@
 Test session_write_close() function : variation
 --SKIPIF--
 <?php include('skipif.inc'); ?>
+--INI--
+session.use_strict_mode=0
 --FILE--
 <?php
author	Yasuo Ohgaki <yohgaki@php.net>	2013-06-25 19:47:04 +0900
committer	Stanislav Malyshev <stas@php.net>	2013-08-04 16:36:45 -0700
commit	25e8fcc88fa20dc9d4c47184471003f436927cde (patch)
tree	ac295c6a34592e66a408a323fc1773c5f88d5099 /ext/session
parent	c793a6569013f9ab46f2cd7331cc1a04aa42cbed (diff)
download	php-git-25e8fcc88fa20dc9d4c47184471003f436927cde.tar.gz