@ - Don't touch any globals in session_unset() if register_globals is set

@   to off. (Thies)

guys, shoot me if i'm wrong, but when we have set register_globals to off we
should _not_ touch any global variables at any time, right? so all session
register/unregister should only work on $HTTP_SESSION_VARS and $_SESSION. this
patch fixes at least one spot where we were touching globals even with
register_globals set to off.

1 files changed, 9 insertions, 7 deletions

diff --git a/ext/session/session.c b/ext/session/session.c
index 88d5d2574a..69836bff53 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -1374,13 +1374,15 @@ PHP_FUNCTION(session_unset)
 	
 	if (PS(session_status) == php_session_none)
 		RETURN_FALSE;
-	
-	for (zend_hash_internal_pointer_reset(&PS(vars));
-			zend_hash_get_current_key(&PS(vars), &variable, &num_key, 0) == HASH_KEY_IS_STRING;
-			zend_hash_move_forward(&PS(vars))) {
-		if (zend_hash_find(&EG(symbol_table), variable, strlen(variable) + 1, (void **) &tmp)
-				== SUCCESS)
-			zend_hash_del(&EG(symbol_table), variable, strlen(variable) + 1);
+
+	if (PG(register_globals)) {
+		for (zend_hash_internal_pointer_reset(&PS(vars));
+				zend_hash_get_current_key(&PS(vars), &variable, &num_key, 0) == HASH_KEY_IS_STRING;
+				zend_hash_move_forward(&PS(vars))) {
+			if (zend_hash_find(&EG(symbol_table), variable, strlen(variable) + 1, (void **) &tmp)
+					== SUCCESS)
+				zend_hash_del(&EG(symbol_table), variable, strlen(variable) + 1);
+		}
 	}
 
 	/* Clean $HTTP_SESSION_VARS. */