diff options
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | ext/session/php_session.h | 27 | ||||
| -rw-r--r-- | ext/session/session.c | 1918 | ||||
| -rw-r--r-- | ext/session/tests/008-php4.2.3.phpt | 2 | ||||
| -rw-r--r-- | ext/session/tests/014.phpt | 4 | ||||
| -rw-r--r-- | ext/session/tests/session_decode_variation3.phpt | 20 | ||||
| -rw-r--r-- | ext/session/tests/session_encode_error2.phpt | 28 | ||||
| -rw-r--r-- | ext/session/tests/session_encode_variation1.phpt | 5 | ||||
| -rw-r--r-- | ext/session/tests/session_encode_variation2.phpt | 3 | ||||
| -rw-r--r-- | ext/session/tests/session_encode_variation3.phpt | 1 | ||||
| -rw-r--r-- | ext/session/tests/session_encode_variation4.phpt | 1 | ||||
| -rw-r--r-- | ext/session/tests/session_encode_variation5.phpt | 1 | ||||
| -rw-r--r-- | ext/session/tests/session_encode_variation6.phpt | 7 | ||||
| -rw-r--r-- | ext/session/tests/session_encode_variation7.phpt | 1 | ||||
| -rw-r--r-- | ext/session/tests/session_encode_variation8.phpt | 11 | ||||
| -rw-r--r-- | ext/session/tests/session_id_error4.phpt | 7 |
16 files changed, 1091 insertions, 946 deletions
@@ -4,6 +4,7 @@ PHP NEWS - Removed shebang line check from CGI sapi (it is checked by scanner) (Dmitry) - Added litespeed SAPI module. (George Wang) +- Added ext/hash support to ext/session's ID generator. (Sara) - Fixed a bug that caused miscalculations with the "last <weekday> of <n> month" relative time string. (Derick) diff --git a/ext/session/php_session.h b/ext/session/php_session.h index 08e44d58ed..0c79cd7074 100644 --- a/ext/session/php_session.h +++ b/ext/session/php_session.h @@ -23,6 +23,10 @@ #include "ext/standard/php_var.h" +#if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH) +# include "ext/hash/php_hash.h" +#endif + #define PHP_SESSION_API 20020330 #define PS_OPEN_ARGS void **mod_data, const char *save_path, const char *session_name TSRMLS_DC @@ -134,6 +138,9 @@ typedef struct _php_ps_globals { zend_bool apply_trans_sid; /* whether or not to enable trans-sid for the current request */ long hash_func; +#if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH) + php_hash_ops *hash_ops; +#endif long hash_bits_per_character; int send_cookie; int define_sid; @@ -145,26 +152,6 @@ typedef php_ps_globals zend_ps_globals; extern zend_module_entry session_module_entry; #define phpext_session_ptr &session_module_entry -PHP_FUNCTION(session_name); -PHP_FUNCTION(session_module_name); -PHP_FUNCTION(session_save_path); -PHP_FUNCTION(session_id); -PHP_FUNCTION(session_regenerate_id); -PHP_FUNCTION(session_decode); -PHP_FUNCTION(session_register); -PHP_FUNCTION(session_unregister); -PHP_FUNCTION(session_is_registered); -PHP_FUNCTION(session_encode); -PHP_FUNCTION(session_start); -PHP_FUNCTION(session_destroy); -PHP_FUNCTION(session_unset); -PHP_FUNCTION(session_set_save_handler); -PHP_FUNCTION(session_cache_expire); -PHP_FUNCTION(session_cache_limiter); -PHP_FUNCTION(session_set_cookie_params); -PHP_FUNCTION(session_get_cookie_params); -PHP_FUNCTION(session_write_close); - #ifdef ZTS #define PS(v) TSRMG(ps_globals_id, php_ps_globals *, v) #else diff --git a/ext/session/session.c b/ext/session/session.c index 0641d7b8bd..fc102e5393 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -43,7 +43,7 @@ #include "ext/standard/datetime.h" #include "ext/standard/php_lcg.h" #include "ext/standard/url_scanner_ex.h" -#include "ext/standard/php_rand.h" /* for RAND_MAX */ +#include "ext/standard/php_rand.h" /* for RAND_MAX */ #include "ext/standard/info.h" #include "ext/standard/php_smart_str.h" #include "ext/standard/url.h" @@ -55,344 +55,79 @@ #include "mod_mm.h" #endif -/* {{{ arginfo */ -static -ZEND_BEGIN_ARG_INFO_EX(arginfo_session_name, 0, 0, 0) - ZEND_ARG_INFO(0, name) -ZEND_END_ARG_INFO() - -static -ZEND_BEGIN_ARG_INFO_EX(arginfo_session_module_name, 0, 0, 0) - ZEND_ARG_INFO(0, module) -ZEND_END_ARG_INFO() - -static -ZEND_BEGIN_ARG_INFO_EX(arginfo_session_save_path, 0, 0, 0) - ZEND_ARG_INFO(0, path) -ZEND_END_ARG_INFO() - -static -ZEND_BEGIN_ARG_INFO_EX(arginfo_session_id, 0, 0, 0) - ZEND_ARG_INFO(0, id) -ZEND_END_ARG_INFO() - -static -ZEND_BEGIN_ARG_INFO_EX(arginfo_session_regenerate_id, 0, 0, 0) - ZEND_ARG_INFO(0, delete_old_session) -ZEND_END_ARG_INFO() - -static -ZEND_BEGIN_ARG_INFO_EX(arginfo_session_decode, 0, 0, 1) - ZEND_ARG_INFO(0, data) -ZEND_END_ARG_INFO() - -static -ZEND_BEGIN_ARG_INFO_EX(arginfo_session_register, 0, 0, 1) - ZEND_ARG_INFO(0, name) - ZEND_ARG_INFO(0, ...) -ZEND_END_ARG_INFO() - -static -ZEND_BEGIN_ARG_INFO_EX(arginfo_session_unregister, 0, 0, 1) - ZEND_ARG_INFO(0, name) -ZEND_END_ARG_INFO() - -static -ZEND_BEGIN_ARG_INFO_EX(arginfo_session_is_registered, 0, 0, 1) - ZEND_ARG_INFO(0, name) -ZEND_END_ARG_INFO() - -static -ZEND_BEGIN_ARG_INFO(arginfo_session_void, 0) -ZEND_END_ARG_INFO() - -static -ZEND_BEGIN_ARG_INFO_EX(arginfo_session_set_save_handler, 0, 0, 6) - ZEND_ARG_INFO(0, open) - ZEND_ARG_INFO(0, close) - ZEND_ARG_INFO(0, read) - ZEND_ARG_INFO(0, write) - ZEND_ARG_INFO(0, destroy) - ZEND_ARG_INFO(0, gc) -ZEND_END_ARG_INFO() - -static -ZEND_BEGIN_ARG_INFO_EX(arginfo_session_cache_limiter, 0, 0, 0) - ZEND_ARG_INFO(0, cache_limiter) -ZEND_END_ARG_INFO() +PHPAPI ZEND_DECLARE_MODULE_GLOBALS(ps); -static -ZEND_BEGIN_ARG_INFO_EX(arginfo_session_cache_expire, 0, 0, 0) - ZEND_ARG_INFO(0, new_cache_expire) -ZEND_END_ARG_INFO() +/* *********** + * Helpers * + *********** */ -static -ZEND_BEGIN_ARG_INFO_EX(arginfo_session_set_cookie_params, 0, 0, 1) - ZEND_ARG_INFO(0, lifetime) - ZEND_ARG_INFO(0, path) - ZEND_ARG_INFO(0, domain) - ZEND_ARG_INFO(0, secure) - ZEND_ARG_INFO(0, httponly) -ZEND_END_ARG_INFO() -/* }}} */ - -/* {{{ session_functions[] - */ -const zend_function_entry session_functions[] = { - PHP_FE(session_name, arginfo_session_name) - PHP_FE(session_module_name, arginfo_session_module_name) - PHP_FE(session_save_path, arginfo_session_save_path) - PHP_FE(session_id, arginfo_session_id) - PHP_FE(session_regenerate_id, arginfo_session_regenerate_id) - PHP_FE(session_decode, arginfo_session_decode) - PHP_FE(session_register, arginfo_session_register) - PHP_FE(session_unregister, arginfo_session_unregister) - PHP_FE(session_is_registered, arginfo_session_is_registered) - PHP_FE(session_encode, arginfo_session_void) - PHP_FE(session_start, arginfo_session_void) - PHP_FE(session_destroy, arginfo_session_void) - PHP_FE(session_unset, arginfo_session_void) - PHP_FE(session_set_save_handler, arginfo_session_set_save_handler) - PHP_FE(session_cache_limiter, arginfo_session_cache_limiter) - PHP_FE(session_cache_expire, arginfo_session_cache_expire) - PHP_FE(session_set_cookie_params, arginfo_session_set_cookie_params) - PHP_FE(session_get_cookie_params, arginfo_session_void) - PHP_FE(session_write_close, arginfo_session_void) - PHP_FALIAS(session_commit, session_write_close, arginfo_session_void) - {NULL, NULL, NULL} -}; -/* }}} */ +#ifdef NETWARE +# define SESS_SB_MTIME(sb) ((sb).st_mtime.tv_sec) +#else +# define SESS_SB_MTIME(sb) ((sb).st_mtime) +#endif -PHPAPI ZEND_DECLARE_MODULE_GLOBALS(ps); -static PHP_GINIT_FUNCTION(ps); +#define IF_SESSION_VARS() \ + if (PS(http_session_vars) && PS(http_session_vars)->type == IS_ARRAY) #define SESSION_CHECK_ACTIVE_STATE \ if (PS(session_status) == php_session_active) { \ php_error_docref(NULL TSRMLS_CC, E_WARNING, "A session is active. You cannot change the session module's ini settings at this time"); \ return FAILURE; \ - } \ - -static PHP_INI_MH(OnUpdateSaveHandler) -{ - ps_module *tmp; - SESSION_CHECK_ACTIVE_STATE; - - tmp = _php_find_ps_module(new_value TSRMLS_CC); - - if (PG(modules_activated) && !tmp) { - int err_type; - if (stage == ZEND_INI_STAGE_RUNTIME) { - err_type = E_WARNING; - } else { - err_type = E_ERROR; - } - php_error_docref(NULL TSRMLS_CC, err_type, "Cannot find save handler %s", new_value); - return FAILURE; } - PS(mod) = tmp; - - return SUCCESS; -} -static PHP_INI_MH(OnUpdateTransSid) +/* Dispatched by RINIT and by php_session_destroy */ +static inline void php_rinit_session_globals(TSRMLS_D) /* {{{ */ { - SESSION_CHECK_ACTIVE_STATE; - - if (!strncasecmp(new_value, "on", sizeof("on"))) { - PS(use_trans_sid) = (zend_bool) 1; - } else { - PS(use_trans_sid) = (zend_bool) atoi(new_value); - } - - return SUCCESS; + PS(id) = NULL; + PS(session_status) = php_session_none; + PS(mod_data) = NULL; + /* Do NOT init PS(mod_user_names) here! */ + PS(http_session_vars) = NULL; } +/* }}} */ -static PHP_INI_MH(OnUpdateSerializer) +/* Dispatched by RSHUTDOWN and by php_session_destroy */ +static inline void php_rshutdown_session_globals(TSRMLS_D) /* {{{ */ { - const ps_serializer *tmp; - SESSION_CHECK_ACTIVE_STATE; - - tmp = _php_find_ps_serializer(new_value TSRMLS_CC); - - if (PG(modules_activated) && !tmp) { - int err_type; - if (stage == ZEND_INI_STAGE_RUNTIME) { - err_type = E_WARNING; - } else { - err_type = E_ERROR; - } - php_error_docref(NULL TSRMLS_CC, err_type, "Cannot find serialization handler %s", new_value); - return FAILURE; + if (PS(http_session_vars)) { + zval_ptr_dtor(&PS(http_session_vars)); + PS(http_session_vars) = NULL; } - PS(serializer) = tmp; - - return SUCCESS; -} - -static PHP_INI_MH(OnUpdateSaveDir) -{ - /* Only do the safemode/open_basedir check at runtime */ - if (stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) { - char *p; - - if (memchr(new_value, '\0', new_value_length) != NULL) { - return FAILURE; - } - - if ((p = zend_memrchr(new_value, ';', new_value_length))) { - p++; - } else { - p = new_value; - } - - if (PG(safe_mode) && (!php_checkuid(p, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - return FAILURE; - } - - if (PG(open_basedir) && php_check_open_basedir(p TSRMLS_CC)) { - return FAILURE; - } + /* Do NOT destroy PS(mod_user_names) here! */ + if (PS(mod_data)) { + zend_try { + PS(mod)->s_close(&PS(mod_data) TSRMLS_CC); + } zend_end_try(); + } + if (PS(id)) { + efree(PS(id)); } - OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); - return SUCCESS; } - -/* {{{ PHP_INI - */ -PHP_INI_BEGIN() - STD_PHP_INI_BOOLEAN("session.bug_compat_42", "1", PHP_INI_ALL, OnUpdateBool, bug_compat, php_ps_globals, ps_globals) - STD_PHP_INI_BOOLEAN("session.bug_compat_warn", "1", PHP_INI_ALL, OnUpdateBool, bug_compat_warn, php_ps_globals, ps_globals) - STD_PHP_INI_ENTRY("session.save_path", "", PHP_INI_ALL, OnUpdateSaveDir,save_path, php_ps_globals, ps_globals) - STD_PHP_INI_ENTRY("session.name", "PHPSESSID", PHP_INI_ALL, OnUpdateString, session_name, php_ps_globals, ps_globals) - PHP_INI_ENTRY("session.save_handler", "files", PHP_INI_ALL, OnUpdateSaveHandler) - STD_PHP_INI_BOOLEAN("session.auto_start", "0", PHP_INI_ALL, OnUpdateBool, auto_start, php_ps_globals, ps_globals) - STD_PHP_INI_ENTRY("session.gc_probability", "1", PHP_INI_ALL, OnUpdateLong, gc_probability, php_ps_globals, ps_globals) - STD_PHP_INI_ENTRY("session.gc_divisor", "100", PHP_INI_ALL, OnUpdateLong, gc_divisor, php_ps_globals, ps_globals) - STD_PHP_INI_ENTRY("session.gc_maxlifetime", "1440", PHP_INI_ALL, OnUpdateLong, gc_maxlifetime, php_ps_globals, ps_globals) - PHP_INI_ENTRY("session.serialize_handler", "php", PHP_INI_ALL, OnUpdateSerializer) - STD_PHP_INI_ENTRY("session.cookie_lifetime", "0", PHP_INI_ALL, OnUpdateLong, cookie_lifetime, php_ps_globals, ps_globals) - STD_PHP_INI_ENTRY("session.cookie_path", "/", PHP_INI_ALL, OnUpdateString, cookie_path, php_ps_globals, ps_globals) - STD_PHP_INI_ENTRY("session.cookie_domain", "", PHP_INI_ALL, OnUpdateString, cookie_domain, php_ps_globals, ps_globals) - STD_PHP_INI_BOOLEAN("session.cookie_secure", "", PHP_INI_ALL, OnUpdateBool, cookie_secure, php_ps_globals, ps_globals) - STD_PHP_INI_BOOLEAN("session.cookie_httponly", "", PHP_INI_ALL, OnUpdateBool, cookie_httponly, php_ps_globals, ps_globals) - STD_PHP_INI_BOOLEAN("session.use_cookies", "1", PHP_INI_ALL, OnUpdateBool, use_cookies, php_ps_globals, ps_globals) - STD_PHP_INI_BOOLEAN("session.use_only_cookies", "0", PHP_INI_ALL, OnUpdateBool, use_only_cookies, php_ps_globals, ps_globals) - STD_PHP_INI_ENTRY("session.referer_check", "", PHP_INI_ALL, OnUpdateString, extern_referer_chk, php_ps_globals, ps_globals) - STD_PHP_INI_ENTRY("session.entropy_file", "", PHP_INI_ALL, OnUpdateString, entropy_file, php_ps_globals, ps_globals) - STD_PHP_INI_ENTRY("session.entropy_length", "0", PHP_INI_ALL, OnUpdateLong, entropy_length, php_ps_globals, ps_globals) - STD_PHP_INI_ENTRY("session.cache_limiter", "nocache", PHP_INI_ALL, OnUpdateString, cache_limiter, php_ps_globals, ps_globals) - STD_PHP_INI_ENTRY("session.cache_expire", "180", PHP_INI_ALL, OnUpdateLong, cache_expire, php_ps_globals, ps_globals) - PHP_INI_ENTRY("session.use_trans_sid", "0", PHP_INI_ALL, OnUpdateTransSid) - STD_PHP_INI_ENTRY("session.hash_function", "0", PHP_INI_ALL, OnUpdateLong, hash_func, php_ps_globals, ps_globals) - STD_PHP_INI_ENTRY("session.hash_bits_per_character", "4", PHP_INI_ALL, OnUpdateLong, hash_bits_per_character, php_ps_globals, ps_globals) - - /* Commented out until future discussion */ - /* PHP_INI_ENTRY("session.encode_sources", "globals,track", PHP_INI_ALL, NULL) */ -PHP_INI_END() /* }}} */ -PS_SERIALIZER_FUNCS(php); -PS_SERIALIZER_FUNCS(php_binary); - -#define MAX_SERIALIZERS 10 -#define PREDEFINED_SERIALIZERS 2 - -static ps_serializer ps_serializers[MAX_SERIALIZERS + 1] = { - PS_SERIALIZER_ENTRY(php), - PS_SERIALIZER_ENTRY(php_binary) -}; - -#define MAX_MODULES 10 -#define PREDEFINED_MODULES 2 - -static ps_module *ps_modules[MAX_MODULES + 1] = { - ps_files_ptr, - ps_user_ptr -}; - -#define IF_SESSION_VARS() \ - if (PS(http_session_vars) && PS(http_session_vars)->type == IS_ARRAY) - -PHPAPI int php_session_register_serializer(const char *name, - int (*encode)(PS_SERIALIZER_ENCODE_ARGS), - int (*decode)(PS_SERIALIZER_DECODE_ARGS)) +static int php_session_destroy(TSRMLS_D) /* {{{ */ { - int ret = -1; - int i; + int retval = SUCCESS; - for (i = 0; i < MAX_SERIALIZERS; i++) { - if (ps_serializers[i].name == NULL) { - ps_serializers[i].name = name; - ps_serializers[i].encode = encode; - ps_serializers[i].decode = decode; - ps_serializers[i + 1].name = NULL; - ret = 0; - break; - } + if (PS(session_status) != php_session_active) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Trying to destroy uninitialized session"); + return FAILURE; } - return ret; -} - -PHPAPI int php_session_register_module(ps_module *ptr) -{ - int ret = -1; - int i; - - for (i = 0; i < MAX_MODULES; i++) { - if (!ps_modules[i]) { - ps_modules[i] = ptr; - ret = 0; - break; - } + if (PS(mod)->s_destroy(&PS(mod_data), PS(id) TSRMLS_CC) == FAILURE) { + retval = FAILURE; + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Session object destruction failed"); } - - return ret; -} - -PHP_MINIT_FUNCTION(session); -PHP_RINIT_FUNCTION(session); -PHP_MSHUTDOWN_FUNCTION(session); -PHP_RSHUTDOWN_FUNCTION(session); -PHP_MINFO_FUNCTION(session); - -static void php_rinit_session_globals(TSRMLS_D); -static void php_rshutdown_session_globals(TSRMLS_D); -static int php_session_destroy(TSRMLS_D); - -zend_module_entry session_module_entry = { - STANDARD_MODULE_HEADER, - "session", - session_functions, - PHP_MINIT(session), PHP_MSHUTDOWN(session), - PHP_RINIT(session), PHP_RSHUTDOWN(session), - PHP_MINFO(session), - NO_VERSION_YET, - PHP_MODULE_GLOBALS(ps), - PHP_GINIT(ps), - NULL, - NULL, - STANDARD_MODULE_PROPERTIES_EX -}; - -#ifdef COMPILE_DL_SESSION -ZEND_GET_MODULE(session) -#endif - -typedef struct { - char *name; - void (*func)(TSRMLS_D); -} php_session_cache_limiter_t; -#define CACHE_LIMITER(name) _php_cache_limiter_##name -#define CACHE_LIMITER_FUNC(name) static void CACHE_LIMITER(name)(TSRMLS_D) -#define CACHE_LIMITER_ENTRY(name) { #name, CACHE_LIMITER(name) }, - -#define ADD_HEADER(a) sapi_add_header(a, strlen(a), 1); + php_rshutdown_session_globals(TSRMLS_C); + php_rinit_session_globals(TSRMLS_C); -#define MAX_STR 512 + return retval; +} +/* }}} */ -PHPAPI void php_add_session_var(char *name, size_t namelen TSRMLS_DC) +PHPAPI void php_add_session_var(char *name, size_t namelen TSRMLS_DC) /* {{{ */ { zval **sym_track = NULL; @@ -409,8 +144,8 @@ PHPAPI void php_add_session_var(char *name, size_t namelen TSRMLS_DC) if (PG(register_globals)) { zval **sym_global = NULL; - - if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void *) &sym_global) == SUCCESS) { + + if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void *) &sym_global) == SUCCESS) { if ((Z_TYPE_PP(sym_global) == IS_ARRAY && Z_ARRVAL_PP(sym_global) == &EG(symbol_table)) || *sym_global == PS(http_session_vars)) { return; } @@ -433,14 +168,15 @@ PHPAPI void php_add_session_var(char *name, size_t namelen TSRMLS_DC) } else { if (sym_track == NULL) { zval *empty_var; - + ALLOC_INIT_ZVAL(empty_var); ZEND_SET_SYMBOL_WITH_LENGTH(Z_ARRVAL_P(PS(http_session_vars)), name, namelen+1, empty_var, 1, 0); } } } +/* }}} */ -PHPAPI void php_set_session_var(char *name, size_t namelen, zval *state_val, php_unserialize_data_t *var_hash TSRMLS_DC) +PHPAPI void php_set_session_var(char *name, size_t namelen, zval *state_val, php_unserialize_data_t *var_hash TSRMLS_DC) /* {{{ */ { if (PG(register_globals)) { zval **old_symbol; @@ -461,7 +197,6 @@ PHPAPI void php_set_session_var(char *name, size_t namelen, zval *state_val, php * session-vars won't work because of this very reason! */ - REPLACE_ZVAL_VALUE(old_symbol,state_val,1); /* @@ -482,8 +217,9 @@ PHPAPI void php_set_session_var(char *name, size_t namelen, zval *state_val, php zend_set_hash_symbol(state_val, name, namelen, PZVAL_IS_REF(state_val), 1, Z_ARRVAL_P(PS(http_session_vars))); } } +/* }}} */ -PHPAPI int php_get_session_var(char *name, size_t namelen, zval ***state_var TSRMLS_DC) +PHPAPI int php_get_session_var(char *name, size_t namelen, zval ***state_var TSRMLS_DC) /* {{{ */ { int ret = FAILURE; @@ -498,7 +234,7 @@ PHPAPI int php_get_session_var(char *name, size_t namelen, zval ***state_var TSR * if the global var exists, then * we prefer the same key in the global sym table */ - + if (PG(register_globals) && ret == SUCCESS && Z_TYPE_PP(*state_var) == IS_NULL) { zval **tmp; @@ -509,184 +245,14 @@ PHPAPI int php_get_session_var(char *name, size_t namelen, zval ***state_var TSR } } } - return ret; } +/* }}} */ -#define PS_BIN_NR_OF_BITS 8 -#define PS_BIN_UNDEF (1<<(PS_BIN_NR_OF_BITS-1)) -#define PS_BIN_MAX (PS_BIN_UNDEF-1) - -PS_SERIALIZER_ENCODE_FUNC(php_binary) -{ - smart_str buf = {0}; - php_serialize_data_t var_hash; - PS_ENCODE_VARS; - - PHP_VAR_SERIALIZE_INIT(var_hash); - - PS_ENCODE_LOOP( - if (key_length > PS_BIN_MAX) continue; - smart_str_appendc(&buf, (unsigned char) key_length); - smart_str_appendl(&buf, key, key_length); - - php_var_serialize(&buf, struc, &var_hash TSRMLS_CC); - } else { - if (key_length > PS_BIN_MAX) continue; - smart_str_appendc(&buf, (unsigned char) (key_length & PS_BIN_UNDEF)); - smart_str_appendl(&buf, key, key_length); - ); - - if (newlen) *newlen = buf.len; - *newstr = buf.c; - PHP_VAR_SERIALIZE_DESTROY(var_hash); - - return SUCCESS; -} - -PS_SERIALIZER_DECODE_FUNC(php_binary) -{ - const char *p; - char *name; - const char *endptr = val + vallen; - zval *current; - int namelen; - int has_value; - php_unserialize_data_t var_hash; - - PHP_VAR_UNSERIALIZE_INIT(var_hash); - - for (p = val; p < endptr; ) { - zval **tmp; - namelen = *p & (~PS_BIN_UNDEF); - - if (namelen < 0 || namelen > PS_BIN_MAX || (p + namelen) >= endptr) { - return FAILURE; - } - - has_value = *p & PS_BIN_UNDEF ? 0 : 1; - - name = estrndup(p + 1, namelen); - - p += namelen + 1; - - if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void **) &tmp) == SUCCESS) { - if ((Z_TYPE_PP(tmp) == IS_ARRAY && Z_ARRVAL_PP(tmp) == &EG(symbol_table)) || *tmp == PS(http_session_vars)) { - efree(name); - continue; - } - } - - if (has_value) { - ALLOC_INIT_ZVAL(current); - if (php_var_unserialize(¤t, (const unsigned char **) &p, (const unsigned char *) endptr, &var_hash TSRMLS_CC)) { - php_set_session_var(name, namelen, current, &var_hash TSRMLS_CC); - } - zval_ptr_dtor(¤t); - } - PS_ADD_VARL(name, namelen); - efree(name); - } - - PHP_VAR_UNSERIALIZE_DESTROY(var_hash); - - return SUCCESS; -} - -#define PS_DELIMITER '|' -#define PS_UNDEF_MARKER '!' - -PS_SERIALIZER_ENCODE_FUNC(php) -{ - smart_str buf = {0}; - php_serialize_data_t var_hash; - PS_ENCODE_VARS; - - PHP_VAR_SERIALIZE_INIT(var_hash); - - PS_ENCODE_LOOP( - smart_str_appendl(&buf, key, key_length); - if (memchr(key, PS_DELIMITER, key_length)) { - PHP_VAR_SERIALIZE_DESTROY(var_hash); - smart_str_free(&buf); - return FAILURE; - } - smart_str_appendc(&buf, PS_DELIMITER); - - php_var_serialize(&buf, struc, &var_hash TSRMLS_CC); - } else { - smart_str_appendc(&buf, PS_UNDEF_MARKER); - smart_str_appendl(&buf, key, key_length); - smart_str_appendc(&buf, PS_DELIMITER); - ); - - if (newlen) *newlen = buf.len; - *newstr = buf.c; - - PHP_VAR_SERIALIZE_DESTROY(var_hash); - return SUCCESS; -} - -PS_SERIALIZER_DECODE_FUNC(php) -{ - const char *p, *q; - char *name; - const char *endptr = val + vallen; - zval *current; - int namelen; - int has_value; - php_unserialize_data_t var_hash; - - PHP_VAR_UNSERIALIZE_INIT(var_hash); - - p = val; - - while (p < endptr) { - zval **tmp; - q = p; - while (*q != PS_DELIMITER) - if (++q >= endptr) goto break_outer_loop; - - if (p[0] == PS_UNDEF_MARKER) { - p++; - has_value = 0; - } else { - has_value = 1; - } - - namelen = q - p; - name = estrndup(p, namelen); - q++; - - if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void **) &tmp) == SUCCESS) { - if ((Z_TYPE_PP(tmp) == IS_ARRAY && Z_ARRVAL_PP(tmp) == &EG(symbol_table)) || *tmp == PS(http_session_vars)) { - goto skip; - } - } - - if (has_value) { - ALLOC_INIT_ZVAL(current); - if (php_var_unserialize(¤t, (const unsigned char **) &q, (const unsigned char *) endptr, &var_hash TSRMLS_CC)) { - php_set_session_var(name, namelen, current, &var_hash TSRMLS_CC); - } - zval_ptr_dtor(¤t); - } - PS_ADD_VARL(name, namelen); -skip: - efree(name); - p = q; - } -break_outer_loop: - - PHP_VAR_UNSERIALIZE_DESTROY(var_hash); - - return SUCCESS; -} - -static void php_session_track_init(TSRMLS_D) +static void php_session_track_init(TSRMLS_D) /* {{{ */ { zval *session_vars = NULL; - + /* Unconditionally destroy existing arrays -- possible dirty data */ zend_delete_global_variable("HTTP_SESSION_VARS", sizeof("HTTP_SESSION_VARS")-1 TSRMLS_CC); zend_delete_global_variable("_SESSION", sizeof("_SESSION")-1 TSRMLS_CC); @@ -698,7 +264,7 @@ static void php_session_track_init(TSRMLS_D) MAKE_STD_ZVAL(session_vars); array_init(session_vars); PS(http_session_vars) = session_vars; - + if (PG(register_long_arrays)) { ZEND_SET_GLOBAL_VAR_WITH_LENGTH("HTTP_SESSION_VARS", sizeof("HTTP_SESSION_VARS"), PS(http_session_vars), 3, 1); ZEND_SET_GLOBAL_VAR_WITH_LENGTH("_SESSION", sizeof("_SESSION"), PS(http_session_vars), 3, 1); @@ -707,8 +273,9 @@ static void php_session_track_init(TSRMLS_D) ZEND_SET_GLOBAL_VAR_WITH_LENGTH("_SESSION", sizeof("_SESSION"), PS(http_session_vars), 2, 1); } } +/* }}} */ -static char *php_session_encode(int *newlen TSRMLS_DC) +static char *php_session_encode(int *newlen TSRMLS_DC) /* {{{ */ { char *ret = NULL; @@ -716,17 +283,17 @@ static char *php_session_encode(int *newlen TSRMLS_DC) if (!PS(serializer)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown session.serialize_handler. Failed to encode session object"); ret = NULL; - } - else if (PS(serializer)->encode(&ret, newlen TSRMLS_CC) == FAILURE) + } else if (PS(serializer)->encode(&ret, newlen TSRMLS_CC) == FAILURE) { ret = NULL; + } } else { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot encode non-existent session"); } - return ret; } +/* }}} */ -static void php_session_decode(const char *val, int vallen TSRMLS_DC) +static void php_session_decode(const char *val, int vallen TSRMLS_DC) /* {{{ */ { if (!PS(serializer)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unknown session.serialize_handler. Failed to decode session object"); @@ -737,7 +304,7 @@ static void php_session_decode(const char *val, int vallen TSRMLS_DC) php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to decode session object. Session has been destroyed"); } } - +/* }}} */ /* * Note that we cannot use the BASE64 alphabet here, because @@ -749,24 +316,25 @@ static char hexconvtab[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOP enum { PS_HASH_FUNC_MD5, - PS_HASH_FUNC_SHA1 + PS_HASH_FUNC_SHA1, + PS_HASH_FUNC_OTHER }; /* returns a pointer to the byte after the last valid character in out */ -static char *bin_to_readable(char *in, size_t inlen, char *out, char nbits) +static char *bin_to_readable(char *in, size_t inlen, char *out, char nbits) /* {{{ */ { unsigned char *p, *q; unsigned short w; int mask; int have; - + p = (unsigned char *) in; q = (unsigned char *)in + inlen; w = 0; have = 0; mask = (1 << nbits) - 1; - + while (1) { if (have < nbits) { if (p < q) { @@ -785,16 +353,21 @@ static char *bin_to_readable(char *in, size_t inlen, char *out, char nbits) w >>= nbits; have -= nbits; } - + *out = '\0'; return out; } +/* }}} */ -PHPAPI char *php_session_create_id(PS_CREATE_SID_ARGS) +#define PS_ID_INITIAL_SIZE 100 +PHPAPI char *php_session_create_id(PS_CREATE_SID_ARGS) /* {{{ */ { PHP_MD5_CTX md5_context; PHP_SHA1_CTX sha1_context; - unsigned char digest[21]; +#if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH) + void *hash_context; +#endif + unsigned char *digest; int digest_len; int j; char *buf; @@ -804,34 +377,48 @@ PHPAPI char *php_session_create_id(PS_CREATE_SID_ARGS) char *remote_addr = NULL; gettimeofday(&tv, NULL); - + if (zend_hash_find(&EG(symbol_table), "_SERVER", sizeof("_SERVER"), (void **) &array) == SUCCESS && - Z_TYPE_PP(array) == IS_ARRAY && - zend_hash_find(Z_ARRVAL_PP(array), "REMOTE_ADDR", + Z_TYPE_PP(array) == IS_ARRAY && + zend_hash_find(Z_ARRVAL_PP(array), "REMOTE_ADDR", sizeof("REMOTE_ADDR"), (void **) &token) == SUCCESS) { remote_addr = Z_STRVAL_PP(token); } - /* maximum 15+19+19+10 bytes */ + /* maximum 15+19+19+10 bytes */ spprintf(&buf, 0, "%.15s%ld%ld%0.8F", remote_addr ? remote_addr : "", tv.tv_sec, (long int)tv.tv_usec, php_combined_lcg(TSRMLS_C) * 10); switch (PS(hash_func)) { - case PS_HASH_FUNC_MD5: - PHP_MD5Init(&md5_context); - PHP_MD5Update(&md5_context, (unsigned char *) buf, strlen(buf)); - digest_len = 16; - break; - case PS_HASH_FUNC_SHA1: - PHP_SHA1Init(&sha1_context); - PHP_SHA1Update(&sha1_context, (unsigned char *) buf, strlen(buf)); - digest_len = 20; - break; - default: - php_error_docref(NULL TSRMLS_CC, E_ERROR, "Invalid session hash function"); - efree(buf); - return NULL; + case PS_HASH_FUNC_MD5: + PHP_MD5Init(&md5_context); + PHP_MD5Update(&md5_context, (unsigned char *) buf, strlen(buf)); + digest_len = 16; + break; + case PS_HASH_FUNC_SHA1: + PHP_SHA1Init(&sha1_context); + PHP_SHA1Update(&sha1_context, (unsigned char *) buf, strlen(buf)); + digest_len = 20; + break; +#if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH) + case PS_HASH_FUNC_OTHER: + if (!PS(hash_ops)) { + php_error_docref(NULL TSRMLS_CC, E_ERROR, "Invalid session hash function"); + efree(buf); + return NULL; + } + + hash_context = emalloc(PS(hash_ops)->context_size); + PS(hash_ops)->hash_init(hash_context); + PS(hash_ops)->hash_update(hash_context, (unsigned char *) buf, strlen(buf)); + digest_len = PS(hash_ops)->digest_size; + break; +#endif /* HAVE_HASH_EXT */ + default: + php_error_docref(NULL TSRMLS_CC, E_ERROR, "Invalid session hash function"); + efree(buf); + return NULL; } if (PS(entropy_length) > 0) { @@ -842,18 +429,23 @@ PHPAPI char *php_session_create_id(PS_CREATE_SID_ARGS) unsigned char rbuf[2048]; int n; int to_read = PS(entropy_length); - + while (to_read > 0) { n = read(fd, rbuf, MIN(to_read, sizeof(rbuf))); if (n <= 0) break; - + switch (PS(hash_func)) { - case PS_HASH_FUNC_MD5: - PHP_MD5Update(&md5_context, rbuf, n); - break; - case PS_HASH_FUNC_SHA1: - PHP_SHA1Update(&sha1_context, rbuf, n); - break; + case PS_HASH_FUNC_MD5: + PHP_MD5Update(&md5_context, rbuf, n); + break; + case PS_HASH_FUNC_SHA1: + PHP_SHA1Update(&sha1_context, rbuf, n); + break; +#if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH) + case PS_HASH_FUNC_OTHER: + PS(hash_ops)->hash_update(hash_context, rbuf, n); + break; +#endif /* HAVE_HASH_EXT */ } to_read -= n; } @@ -861,13 +453,20 @@ PHPAPI char *php_session_create_id(PS_CREATE_SID_ARGS) } } + digest = emalloc(digest_len + 1); switch (PS(hash_func)) { - case PS_HASH_FUNC_MD5: - PHP_MD5Final(digest, &md5_context); - break; - case PS_HASH_FUNC_SHA1: - PHP_SHA1Final(digest, &sha1_context); - break; + case PS_HASH_FUNC_MD5: + PHP_MD5Final(digest, &md5_context); + break; + case PS_HASH_FUNC_SHA1: + PHP_SHA1Final(digest, &sha1_context); + break; +#if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH) + case PS_HASH_FUNC_OTHER: + PS(hash_ops)->hash_final(digest, hash_context); + efree(hash_context); + break; +#endif /* HAVE_HASH_EXT */ } if (PS(hash_bits_per_character) < 4 @@ -876,14 +475,24 @@ PHPAPI char *php_session_create_id(PS_CREATE_SID_ARGS) php_error_docref(NULL TSRMLS_CC, E_WARNING, "The ini setting hash_bits_per_character is out of range (should be 4, 5, or 6) - using 4 for now"); } + + if (PS_ID_INITIAL_SIZE < ((digest_len + 2) * (8 / PS(hash_bits_per_character))) ) { + /* 100 bytes is enough for most, but not all hash algos */ + buf = erealloc(buf, (digest_len + 2) * (8 / PS(hash_bits_per_character)) ); + } + j = (int) (bin_to_readable((char *)digest, digest_len, buf, PS(hash_bits_per_character)) - buf); - - if (newlen) + efree(digest); + + if (newlen) { *newlen = j; + } + return buf; } +/* }}} */ -static void php_session_initialize(TSRMLS_D) +static void php_session_initialize(TSRMLS_D) /* {{{ */ { char *val; int vallen; @@ -904,7 +513,7 @@ static void php_session_initialize(TSRMLS_D) php_error_docref(NULL TSRMLS_CC, E_ERROR, "Failed to initialize storage module: %s (path: %s)", PS(mod)->s_name, PS(save_path)); return; } - + /* If there is no ID, use session module to create one */ if (!PS(id)) { new_session: @@ -913,7 +522,7 @@ new_session: PS(send_cookie) = 1; } } - + /* Read data */ /* Question: if you create a SID here, should you also try to read data? * I'm not sure, but while not doing so will remove one session operation @@ -932,8 +541,9 @@ new_session: goto new_session; } } +/* }}} */ -static int migrate_global(HashTable *ht, HashPosition *pos TSRMLS_DC) +static int migrate_global(HashTable *ht, HashPosition *pos TSRMLS_DC) /* {{{ */ { char *str; uint str_len; @@ -941,7 +551,7 @@ static int migrate_global(HashTable *ht, HashPosition *pos TSRMLS_DC) int n; zval **val; int ret = 0; - + n = zend_hash_get_current_key_ex(ht, &str, &str_len, &num_key, 0, pos); switch (n) { @@ -960,14 +570,14 @@ static int migrate_global(HashTable *ht, HashPosition *pos TSRMLS_DC) "numeric nature", num_key); break; } - return ret; } +/* }}} */ -static void php_session_save_current_state(TSRMLS_D) +static void php_session_save_current_state(TSRMLS_D) /* {{{ */ { int ret = FAILURE; - + IF_SESSION_VARS() { if (PS(bug_compat) && !PG(register_globals)) { HashTable *ht = Z_ARRVAL_P(PS(http_session_vars)); @@ -1004,17 +614,458 @@ static void php_session_save_current_state(TSRMLS_D) } } - if (ret == FAILURE) + if (ret == FAILURE) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to write session data (%s). Please " "verify that the current setting of session.save_path " "is correct (%s)", PS(mod)->s_name, PS(save_path)); + } } - - if (PS(mod_data)) + + if (PS(mod_data)) { PS(mod)->s_close(&PS(mod_data) TSRMLS_CC); + } +} +/* }}} */ + +/* ************************* + * INI Settings/Handlers * + ************************* */ + +static PHP_INI_MH(OnUpdateSaveHandler) /* {{{ */ +{ + ps_module *tmp; + SESSION_CHECK_ACTIVE_STATE; + + tmp = _php_find_ps_module(new_value TSRMLS_CC); + + if (PG(modules_activated) && !tmp) { + int err_type; + + if (stage == ZEND_INI_STAGE_RUNTIME) { + err_type = E_WARNING; + } else { + err_type = E_ERROR; + } + if (stage != ZEND_INI_STAGE_DEACTIVATE) { + php_error_docref(NULL TSRMLS_CC, err_type, "Cannot find save handler '%s'", new_value); + } + return FAILURE; + } + PS(mod) = tmp; + + return SUCCESS; +} +/* }}} */ + +static PHP_INI_MH(OnUpdateSerializer) /* {{{ */ +{ + const ps_serializer *tmp; + SESSION_CHECK_ACTIVE_STATE; + + tmp = _php_find_ps_serializer(new_value TSRMLS_CC); + + if (PG(modules_activated) && !tmp) { + int err_type; + + if (stage == ZEND_INI_STAGE_RUNTIME) { + err_type = E_WARNING; + } else { + err_type = E_ERROR; + } + if (stage != ZEND_INI_STAGE_DEACTIVATE) { + php_error_docref(NULL TSRMLS_CC, err_type, "Cannot find serialization handler '%s'", new_value); + } + return FAILURE; + } + PS(serializer) = tmp; + + return SUCCESS; +} +/* }}} */ + +static PHP_INI_MH(OnUpdateTransSid) /* {{{ */ +{ + SESSION_CHECK_ACTIVE_STATE; + + if (!strncasecmp(new_value, "on", sizeof("on"))) { + PS(use_trans_sid) = (zend_bool) 1; + } else { + PS(use_trans_sid) = (zend_bool) atoi(new_value); + } + + return SUCCESS; } +/* }}} */ + +static PHP_INI_MH(OnUpdateSaveDir) /* {{{ */ +{ + /* Only do the safemode/open_basedir check at runtime */ + if (stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) { + char *p; + + if (memchr(new_value, '\0', new_value_length) != NULL) { + return FAILURE; + } + + if ((p = zend_memrchr(new_value, ';', new_value_length))) { + p++; + } else { + p = new_value; + } + + if (PG(safe_mode) && (!php_checkuid(p, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + return FAILURE; + } + + if (PG(open_basedir) && php_check_open_basedir(p TSRMLS_CC)) { + return FAILURE; + } + } + OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); + return SUCCESS; +} +/* }}} */ + +static PHP_INI_MH(OnUpdateHashFunc) /* {{{ */ +{ + long val; + char *endptr = NULL; + +#if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH) + PS(hash_ops) = NULL; +#endif + + val = strtol(new_value, &endptr, 10); + if (endptr && (*endptr == '\0')) { + /* Numeric value */ + PS(hash_func) = val ? 1 : 0; + + return SUCCESS; + } + + if (new_value_length == (sizeof("md5") - 1) && + strncasecmp(new_value, "md5", sizeof("md5") - 1) == 0) { + PS(hash_func) = PS_HASH_FUNC_MD5; + + return SUCCESS; + } + + if (new_value_length == (sizeof("sha1") - 1) && + strncasecmp(new_value, "sha1", sizeof("sha1") - 1) == 0) { + PS(hash_func) = PS_HASH_FUNC_SHA1; + + return SUCCESS; + } + +#if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH) /* {{{ */ +{ + php_hash_ops *ops = (php_hash_ops*)php_hash_fetch_ops(new_value, new_value_length); + + if (ops) { + PS(hash_func) = PS_HASH_FUNC_OTHER; + PS(hash_ops) = ops; + + return SUCCESS; + } +} +#endif /* HAVE_HASH_EXT */ + + return FAILURE; +} +/* }}} */ + +/* {{{ PHP_INI + */ +PHP_INI_BEGIN() + STD_PHP_INI_BOOLEAN("session.bug_compat_42", "1", PHP_INI_ALL, OnUpdateBool, bug_compat, php_ps_globals, ps_globals) + STD_PHP_INI_BOOLEAN("session.bug_compat_warn", "1", PHP_INI_ALL, OnUpdateBool, bug_compat_warn, php_ps_globals, ps_globals) + STD_PHP_INI_ENTRY("session.save_path", "", PHP_INI_ALL, OnUpdateSaveDir,save_path, php_ps_globals, ps_globals) + STD_PHP_INI_ENTRY("session.name", "PHPSESSID", PHP_INI_ALL, OnUpdateString, session_name, php_ps_globals, ps_globals) + PHP_INI_ENTRY("session.save_handler", "files", PHP_INI_ALL, OnUpdateSaveHandler) + STD_PHP_INI_BOOLEAN("session.auto_start", "0", PHP_INI_ALL, OnUpdateBool, auto_start, php_ps_globals, ps_globals) + STD_PHP_INI_ENTRY("session.gc_probability", "1", PHP_INI_ALL, OnUpdateLong, gc_probability, php_ps_globals, ps_globals) + STD_PHP_INI_ENTRY("session.gc_divisor", "100", PHP_INI_ALL, OnUpdateLong, gc_divisor, php_ps_globals, ps_globals) + STD_PHP_INI_ENTRY("session.gc_maxlifetime", "1440", PHP_INI_ALL, OnUpdateLong, gc_maxlifetime, php_ps_globals, ps_globals) + PHP_INI_ENTRY("session.serialize_handler", "php", PHP_INI_ALL, OnUpdateSerializer) + STD_PHP_INI_ENTRY("session.cookie_lifetime", "0", PHP_INI_ALL, OnUpdateLong, cookie_lifetime, php_ps_globals, ps_globals) + STD_PHP_INI_ENTRY("session.cookie_path", "/", PHP_INI_ALL, OnUpdateString, cookie_path, php_ps_globals, ps_globals) + STD_PHP_INI_ENTRY("session.cookie_domain", "", PHP_INI_ALL, OnUpdateString, cookie_domain, php_ps_globals, ps_globals) + STD_PHP_INI_BOOLEAN("session.cookie_secure", "", PHP_INI_ALL, OnUpdateBool, cookie_secure, php_ps_globals, ps_globals) + STD_PHP_INI_BOOLEAN("session.cookie_httponly", "", PHP_INI_ALL, OnUpdateBool, cookie_httponly, php_ps_globals, ps_globals) + STD_PHP_INI_BOOLEAN("session.use_cookies", "1", PHP_INI_ALL, OnUpdateBool, use_cookies, php_ps_globals, ps_globals) + STD_PHP_INI_BOOLEAN("session.use_only_cookies", "1", PHP_INI_ALL, OnUpdateBool, use_only_cookies, php_ps_globals, ps_globals) + STD_PHP_INI_ENTRY("session.referer_check", "", PHP_INI_ALL, OnUpdateString, extern_referer_chk, php_ps_globals, ps_globals) + STD_PHP_INI_ENTRY("session.entropy_file", "", PHP_INI_ALL, OnUpdateString, entropy_file, php_ps_globals, ps_globals) + STD_PHP_INI_ENTRY("session.entropy_length", "0", PHP_INI_ALL, OnUpdateLong, entropy_length, php_ps_globals, ps_globals) + STD_PHP_INI_ENTRY("session.cache_limiter", "nocache", PHP_INI_ALL, OnUpdateString, cache_limiter, php_ps_globals, ps_globals) + STD_PHP_INI_ENTRY("session.cache_expire", "180", PHP_INI_ALL, OnUpdateLong, cache_expire, php_ps_globals, ps_globals) + PHP_INI_ENTRY("session.use_trans_sid", "0", PHP_INI_ALL, OnUpdateTransSid) + PHP_INI_ENTRY("session.hash_function", "0", PHP_INI_ALL, OnUpdateHashFunc) + STD_PHP_INI_ENTRY("session.hash_bits_per_character", "4", PHP_INI_ALL, OnUpdateLong, hash_bits_per_character, php_ps_globals, ps_globals) + + /* Commented out until future discussion */ + /* PHP_INI_ENTRY("session.encode_sources", "globals,track", PHP_INI_ALL, NULL) */ +PHP_INI_END() +/* }}} */ + +/* *************** + * Serializers * + *************** */ + +#define PS_BIN_NR_OF_BITS 8 +#define PS_BIN_UNDEF (1<<(PS_BIN_NR_OF_BITS-1)) +#define PS_BIN_MAX (PS_BIN_UNDEF-1) + +PS_SERIALIZER_ENCODE_FUNC(php_binary) /* {{{ */ +{ + smart_str buf = {0}; + php_serialize_data_t var_hash; + PS_ENCODE_VARS; + + PHP_VAR_SERIALIZE_INIT(var_hash); + + PS_ENCODE_LOOP( + if (key_length > PS_BIN_MAX) continue; + smart_str_appendc(&buf, (unsigned char) key_length); + smart_str_appendl(&buf, key, key_length); + php_var_serialize(&buf, struc, &var_hash TSRMLS_CC); + } else { + if (key_length > PS_BIN_MAX) continue; + smart_str_appendc(&buf, (unsigned char) (key_length & PS_BIN_UNDEF)); + smart_str_appendl(&buf, key, key_length); + ); + + if (newlen) { + *newlen = buf.len; + } + smart_str_0(&buf); + *newstr = buf.c; + PHP_VAR_SERIALIZE_DESTROY(var_hash); + + return SUCCESS; +} +/* }}} */ + +PS_SERIALIZER_DECODE_FUNC(php_binary) /* {{{ */ +{ + const char *p; + char *name; + const char *endptr = val + vallen; + zval *current; + int namelen; + int has_value; + php_unserialize_data_t var_hash; + + PHP_VAR_UNSERIALIZE_INIT(var_hash); + + for (p = val; p < endptr; ) { + zval **tmp; + namelen = ((unsigned char)(*p)) & (~PS_BIN_UNDEF); + + if (namelen < 0 || namelen > PS_BIN_MAX || (p + namelen) >= endptr) { + return FAILURE; + } + + has_value = *p & PS_BIN_UNDEF ? 0 : 1; + + name = estrndup(p + 1, namelen); + + p += namelen + 1; + + if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void **) &tmp) == SUCCESS) { + if ((Z_TYPE_PP(tmp) == IS_ARRAY && Z_ARRVAL_PP(tmp) == &EG(symbol_table)) || *tmp == PS(http_session_vars)) { + efree(name); + continue; + } + } + + if (has_value) { + ALLOC_INIT_ZVAL(current); + if (php_var_unserialize(¤t, (const unsigned char **) &p, (const unsigned char *) endptr, &var_hash TSRMLS_CC)) { + php_set_session_var(name, namelen, current, &var_hash TSRMLS_CC); + } + zval_ptr_dtor(¤t); + } + PS_ADD_VARL(name, namelen); + efree(name); + } + + PHP_VAR_UNSERIALIZE_DESTROY(var_hash); + + return SUCCESS; +} +/* }}} */ + +#define PS_DELIMITER '|' +#define PS_UNDEF_MARKER '!' + +PS_SERIALIZER_ENCODE_FUNC(php) /* {{{ */ +{ + smart_str buf = {0}; + php_serialize_data_t var_hash; + PS_ENCODE_VARS; + + PHP_VAR_SERIALIZE_INIT(var_hash); + + PS_ENCODE_LOOP( + smart_str_appendl(&buf, key, key_length); + if (memchr(key, PS_DELIMITER, key_length)) { + PHP_VAR_SERIALIZE_DESTROY(var_hash); + smart_str_free(&buf); + return FAILURE; + } + smart_str_appendc(&buf, PS_DELIMITER); + + php_var_serialize(&buf, struc, &var_hash TSRMLS_CC); + } else { + smart_str_appendc(&buf, PS_UNDEF_MARKER); + smart_str_appendl(&buf, key, key_length); + smart_str_appendc(&buf, PS_DELIMITER); + ); + + if (newlen) { + *newlen = buf.len; + } + smart_str_0(&buf); + *newstr = buf.c; + + PHP_VAR_SERIALIZE_DESTROY(var_hash); + return SUCCESS; +} +/* }}} */ + +PS_SERIALIZER_DECODE_FUNC(php) /* {{{ */ +{ + const char *p, *q; + char *name; + const char *endptr = val + vallen; + zval *current; + int namelen; + int has_value; + php_unserialize_data_t var_hash; + + PHP_VAR_UNSERIALIZE_INIT(var_hash); + + p = val; + + while (p < endptr) { + zval **tmp; + q = p; + while (*q != PS_DELIMITER) { + if (++q >= endptr) goto break_outer_loop; + } + if (p[0] == PS_UNDEF_MARKER) { + p++; + has_value = 0; + } else { + has_value = 1; + } + + namelen = q - p; + name = estrndup(p, namelen); + q++; + + if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void **) &tmp) == SUCCESS) { + if ((Z_TYPE_PP(tmp) == IS_ARRAY && Z_ARRVAL_PP(tmp) == &EG(symbol_table)) || *tmp == PS(http_session_vars)) { + goto skip; + } + } + + if (has_value) { + ALLOC_INIT_ZVAL(current); + if (php_var_unserialize(¤t, (const unsigned char **) &q, (const unsigned char *) endptr, &var_hash TSRMLS_CC)) { + php_set_session_var(name, namelen, current, &var_hash TSRMLS_CC); + } + zval_ptr_dtor(¤t); + } + PS_ADD_VARL(name, namelen); +skip: + efree(name); + + p = q; + } +break_outer_loop: + + PHP_VAR_UNSERIALIZE_DESTROY(var_hash); + + return SUCCESS; +} +/* }}} */ + +#define MAX_SERIALIZERS 10 +#define PREDEFINED_SERIALIZERS 2 + +static ps_serializer ps_serializers[MAX_SERIALIZERS + 1] = { + PS_SERIALIZER_ENTRY(php), + PS_SERIALIZER_ENTRY(php_binary) +}; + +PHPAPI int php_session_register_serializer( + const char *name, + int (*encode)(PS_SERIALIZER_ENCODE_ARGS), + int (*decode)(PS_SERIALIZER_DECODE_ARGS)) /* {{{ */ +{ + int ret = -1; + int i; + + for (i = 0; i < MAX_SERIALIZERS; i++) { + if (ps_serializers[i].name == NULL) { + ps_serializers[i].name = name; + ps_serializers[i].encode = encode; + ps_serializers[i].decode = decode; + ps_serializers[i + 1].name = NULL; + ret = 0; + break; + } + } + return ret; +} +/* }}} */ + +/* ******************* + * Storage Modules * + ******************* */ + +#define MAX_MODULES 10 +#define PREDEFINED_MODULES 2 + +static ps_module *ps_modules[MAX_MODULES + 1] = { + ps_files_ptr, + ps_user_ptr +}; + +PHPAPI int php_session_register_module(ps_module *ptr) /* {{{ */ +{ + int ret = -1; + int i; + + for (i = 0; i < MAX_MODULES; i++) { + if (!ps_modules[i]) { + ps_modules[i] = ptr; + ret = 0; + break; + } + } + return ret; +} +/* }}} */ + +/* ****************** + * Cache Limiters * + ****************** */ + +typedef struct { + char *name; + void (*func)(TSRMLS_D); +} php_session_cache_limiter_t; + +#define CACHE_LIMITER(name) _php_cache_limiter_##name +#define CACHE_LIMITER_FUNC(name) static void CACHE_LIMITER(name)(TSRMLS_D) +#define CACHE_LIMITER_ENTRY(name) { #name, CACHE_LIMITER(name) }, +#define ADD_HEADER(a) sapi_add_header(a, strlen(a), 1); +#define MAX_STR 512 static char *month_names[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", @@ -1025,19 +1076,19 @@ static char *week_days[] = { "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun" }; -static void strcpy_gmt(char *ubuf, time_t *when) +static inline void strcpy_gmt(char *ubuf, time_t *when) /* {{{ */ { char buf[MAX_STR]; struct tm tm, *res; int n; - + res = php_gmtime_r(when, &tm); if (!res) { buf[0] = '\0'; return; } - + n = slprintf(buf, sizeof(buf), "%s, %02d %s %d %02d:%02d:%02d GMT", /* SAFE */ week_days[tm.tm_wday], tm.tm_mday, month_names[tm.tm_mon], tm.tm_year + 1900, @@ -1046,13 +1097,14 @@ static void strcpy_gmt(char *ubuf, time_t *when) memcpy(ubuf, buf, n); ubuf[n] = '\0'; } +/* }}} */ -static void last_modified(TSRMLS_D) +static inline void last_modified(TSRMLS_D) /* {{{ */ { const char *path; struct stat sb; char buf[MAX_STR + 1]; - + path = SG(request_info).path_translated; if (path) { if (VCWD_STAT(path, &sb) == -1) { @@ -1061,58 +1113,61 @@ static void last_modified(TSRMLS_D) #define LAST_MODIFIED "Last-Modified: " memcpy(buf, LAST_MODIFIED, sizeof(LAST_MODIFIED) - 1); -#ifdef NETWARE - strcpy_gmt(buf + sizeof(LAST_MODIFIED) - 1, &(sb.st_mtime.tv_sec)); -#else - strcpy_gmt(buf + sizeof(LAST_MODIFIED) - 1, &sb.st_mtime); -#endif + strcpy_gmt(buf + sizeof(LAST_MODIFIED) - 1, &SESS_SB_MTIME(sb)); ADD_HEADER(buf); } } +/* }}} */ -CACHE_LIMITER_FUNC(public) +#define EXPIRES "Expires: " +CACHE_LIMITER_FUNC(public) /* {{{ */ { char buf[MAX_STR + 1]; struct timeval tv; time_t now; - + gettimeofday(&tv, NULL); now = tv.tv_sec + PS(cache_expire) * 60; -#define EXPIRES "Expires: " memcpy(buf, EXPIRES, sizeof(EXPIRES) - 1); strcpy_gmt(buf + sizeof(EXPIRES) - 1, &now); ADD_HEADER(buf); - + snprintf(buf, sizeof(buf) , "Cache-Control: public, max-age=%ld", PS(cache_expire) * 60); /* SAFE */ ADD_HEADER(buf); - + last_modified(TSRMLS_C); } +/* }}} */ -CACHE_LIMITER_FUNC(private_no_expire) +CACHE_LIMITER_FUNC(private_no_expire) /* {{{ */ { char buf[MAX_STR + 1]; - + snprintf(buf, sizeof(buf), "Cache-Control: private, max-age=%ld, pre-check=%ld", PS(cache_expire) * 60, PS(cache_expire) * 60); /* SAFE */ ADD_HEADER(buf); last_modified(TSRMLS_C); } +/* }}} */ -CACHE_LIMITER_FUNC(private) +CACHE_LIMITER_FUNC(private) /* {{{ */ { ADD_HEADER("Expires: Thu, 19 Nov 1981 08:52:00 GMT"); CACHE_LIMITER(private_no_expire)(TSRMLS_C); } +/* }}} */ -CACHE_LIMITER_FUNC(nocache) +CACHE_LIMITER_FUNC(nocache) /* {{{ */ { ADD_HEADER("Expires: Thu, 19 Nov 1981 08:52:00 GMT"); + /* For HTTP/1.1 conforming clients and the rest (MSIE 5) */ ADD_HEADER("Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0"); + /* For HTTP/1.0 conforming clients */ ADD_HEADER("Pragma: no-cache"); } +/* }}} */ static php_session_cache_limiter_t php_session_cache_limiters[] = { CACHE_LIMITER_ENTRY(public) @@ -1122,12 +1177,12 @@ static php_session_cache_limiter_t php_session_cache_limiters[] = { {0} }; -static int php_session_cache_limiter(TSRMLS_D) +static int php_session_cache_limiter(TSRMLS_D) /* {{{ */ { php_session_cache_limiter_t *lim; if (PS(cache_limiter)[0] == '\0') return 0; - + if (SG(headers_sent)) { char *output_start_filename = php_get_output_start_filename(TSRMLS_C); int output_start_lineno = php_get_output_start_lineno(TSRMLS_C); @@ -1137,10 +1192,10 @@ static int php_session_cache_limiter(TSRMLS_D) output_start_filename, output_start_lineno); } else { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot send session cache limiter - headers already sent"); - } + } return -2; } - + for (lim = php_session_cache_limiters; lim->name; lim++) { if (!strcasecmp(lim->name, PS(cache_limiter))) { lim->func(TSRMLS_C); @@ -1150,6 +1205,11 @@ static int php_session_cache_limiter(TSRMLS_D) return -1; } +/* }}} */ + +/* ********************* + * Cookie Management * + ********************* */ #define COOKIE_SET_COOKIE "Set-Cookie: " #define COOKIE_EXPIRES "; expires=" @@ -1158,7 +1218,7 @@ static int php_session_cache_limiter(TSRMLS_D) #define COOKIE_SECURE "; secure" #define COOKIE_HTTPONLY "; HttpOnly" -static void php_session_send_cookie(TSRMLS_D) +static void php_session_send_cookie(TSRMLS_D) /* {{{ */ { smart_str ncookie = {0}; char *date_fmt = NULL; @@ -1173,10 +1233,10 @@ static void php_session_send_cookie(TSRMLS_D) output_start_filename, output_start_lineno); } else { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot send session cookie - headers already sent"); - } + } return; } - + /* URL encode session_name and id because they might be user supplied */ e_session_name = php_url_encode(PS(session_name), strlen(PS(session_name)), NULL); e_id = php_url_encode(PS(id), strlen(PS(id)), NULL); @@ -1185,17 +1245,17 @@ static void php_session_send_cookie(TSRMLS_D) smart_str_appends(&ncookie, e_session_name); smart_str_appendc(&ncookie, '='); smart_str_appends(&ncookie, e_id); - + efree(e_session_name); efree(e_id); - + if (PS(cookie_lifetime) > 0) { struct timeval tv; time_t t; - + gettimeofday(&tv, NULL); t = tv.tv_sec + PS(cookie_lifetime); - + if (t > 0) { date_fmt = php_std_date(t TSRMLS_CC); smart_str_appends(&ncookie, COOKIE_EXPIRES); @@ -1208,7 +1268,7 @@ static void php_session_send_cookie(TSRMLS_D) smart_str_appends(&ncookie, COOKIE_PATH); smart_str_appends(&ncookie, PS(cookie_path)); } - + if (PS(cookie_domain)[0]) { smart_str_appends(&ncookie, COOKIE_DOMAIN); smart_str_appends(&ncookie, PS(cookie_domain)); @@ -1223,49 +1283,52 @@ static void php_session_send_cookie(TSRMLS_D) } smart_str_0(&ncookie); - + /* 'replace' must be 0 here, else a previous Set-Cookie header, probably sent with setcookie() will be replaced! */ sapi_add_header_ex(ncookie.c, ncookie.len, 0, 0 TSRMLS_CC); } +/* }}} */ -PHPAPI ps_module *_php_find_ps_module(char *name TSRMLS_DC) +PHPAPI ps_module *_php_find_ps_module(char *name TSRMLS_DC) /* {{{ */ { ps_module *ret = NULL; ps_module **mod; int i; - for (i = 0, mod = ps_modules; i < MAX_MODULES; i++, mod++) + for (i = 0, mod = ps_modules; i < MAX_MODULES; i++, mod++) { if (*mod && !strcasecmp(name, (*mod)->s_name)) { ret = *mod; break; } - + } return ret; } +/* }}} */ -PHPAPI const ps_serializer *_php_find_ps_serializer(char *name TSRMLS_DC) +PHPAPI const ps_serializer *_php_find_ps_serializer(char *name TSRMLS_DC) /* {{{ */ { const ps_serializer *ret = NULL; const ps_serializer *mod; - for (mod = ps_serializers; mod->name; mod++) + for (mod = ps_serializers; mod->name; mod++) { if (!strcasecmp(name, mod->name)) { ret = mod; break; } - + } return ret; } +/* }}} */ #define PPID2SID \ convert_to_string((*ppid)); \ PS(id) = estrndup(Z_STRVAL_PP(ppid), Z_STRLEN_PP(ppid)) -static void php_session_reset_id(TSRMLS_D) +static void php_session_reset_id(TSRMLS_D) /* {{{ */ { int module_number = PS(module_number); - + if (PS(use_cookies) && PS(send_cookie)) { php_session_send_cookie(TSRMLS_C); PS(send_cookie) = 0; @@ -1273,7 +1336,7 @@ static void php_session_reset_id(TSRMLS_D) /* if the SID constant exists, destroy it. */ zend_hash_del(EG(zend_constants), "sid", sizeof("sid")); - + if (PS(define_sid)) { smart_str var = {0}; @@ -1291,41 +1354,51 @@ static void php_session_reset_id(TSRMLS_D) php_url_scanner_add_var(PS(session_name), strlen(PS(session_name)), PS(id), strlen(PS(id)), 1 TSRMLS_CC); } } - -PHPAPI void php_session_start(TSRMLS_D) +/* }}} */ + +PHPAPI void php_session_start(TSRMLS_D) /* {{{ */ { zval **ppid; zval **data; - char *p; + char *p, *value; int nrand; int lensess; PS(apply_trans_sid) = PS(use_trans_sid); - if (PS(session_status) != php_session_none) { - if (PS(session_status) == php_session_disabled) { - char *value; + switch (PS(session_status)) { + case php_session_active: + php_error(E_NOTICE, "A session had already been started - ignoring session_start()"); + return; + break; + case php_session_disabled: value = zend_ini_string("session.save_handler", sizeof("session.save_handler"), 0); - - if (value) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot find save handler %s", value); + if (!PS(mod) && value) { + PS(mod) = _php_find_ps_module(value TSRMLS_CC); + if (!PS(mod)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot find save handler '%s' - session startup failed", value); + return; + } } - else { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot find unknown save handler"); + value = zend_ini_string("session.serialize_handler", sizeof("session.serialize_handler"), 0); + if (!PS(serializer) && value) { + PS(serializer) = _php_find_ps_serializer(value TSRMLS_CC); + if (!PS(serializer)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot find serialization handler '%s' - session startup failed", value); + return; + } } - return; - } - - php_error(E_NOTICE, "A session had already been started - ignoring session_start()"); - return; - } else { - PS(define_sid) = 1; - PS(send_cookie) = 1; + PS(session_status) = php_session_none; + /* fallthrough */ + + default: + case php_session_none: + PS(define_sid) = 1; + PS(send_cookie) = 1; } lensess = strlen(PS(session_name)); - /* * Cookies are preferred, because initially @@ -1382,12 +1455,11 @@ PHPAPI void php_session_start(TSRMLS_D) PS(id) = estrndup(p, q - p); PS(send_cookie) = 0; } - } /* check whether the current request was referred to by an external site which invalidates the previously found id */ - + if (PS(id) && PS(extern_referer_chk)[0] != '\0' && PG(http_globals)[TRACK_VARS_SERVER] && @@ -1399,20 +1471,22 @@ PHPAPI void php_session_start(TSRMLS_D) efree(PS(id)); PS(id) = NULL; PS(send_cookie) = 1; - if (PS(use_trans_sid)) + if (PS(use_trans_sid)) { PS(apply_trans_sid) = 1; + } } - + php_session_initialize(TSRMLS_C); - + if (!PS(use_cookies) && PS(send_cookie)) { - if (PS(use_trans_sid)) + if (PS(use_trans_sid)) { PS(apply_trans_sid) = 1; + } PS(send_cookie) = 0; } php_session_reset_id(TSRMLS_C); - + PS(session_status) = php_session_active; php_session_cache_limiter(TSRMLS_C); @@ -1423,74 +1497,77 @@ PHPAPI void php_session_start(TSRMLS_D) nrand = (int) ((float) PS(gc_divisor) * php_combined_lcg(TSRMLS_C)); if (nrand < PS(gc_probability)) { PS(mod)->s_gc(&PS(mod_data), PS(gc_maxlifetime), &nrdels TSRMLS_CC); -#if 0 - if (nrdels != -1) +#ifdef SESSION_DEBUG + if (nrdels != -1) { php_error_docref(NULL TSRMLS_CC, E_NOTICE, "purged %d expired session objects", nrdels); + } #endif } } } +/* }}} */ -static int php_session_destroy(TSRMLS_D) +static void php_session_flush(TSRMLS_D) /* {{{ */ { - int retval = SUCCESS; - - if (PS(session_status) != php_session_active) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Trying to destroy uninitialized session"); - return FAILURE; + if (PS(session_status) == php_session_active) { + PS(session_status) = php_session_none; + zend_try { + php_session_save_current_state(TSRMLS_C); + } zend_end_try(); } +} +/* }}} */ - if (PS(mod)->s_destroy(&PS(mod_data), PS(id) TSRMLS_CC) == FAILURE) { - retval = FAILURE; - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Session object destruction failed"); +PHPAPI void session_adapt_url(const char *url, size_t urllen, char **new, size_t *newlen TSRMLS_DC) /* {{{ */ +{ + if (PS(apply_trans_sid) && (PS(session_status) == php_session_active)) { + *new = php_url_scanner_adapt_single_url(url, urllen, PS(session_name), PS(id), newlen TSRMLS_CC); } - - php_rshutdown_session_globals(TSRMLS_C); - php_rinit_session_globals(TSRMLS_C); - - return retval; } +/* }}} */ +/* ******************************** + * Userspace exported functions * + ******************************** */ /* {{{ proto void session_set_cookie_params(int lifetime [, string path [, string domain [, bool secure[, bool httponly]]]]) Set session cookie parameters */ -PHP_FUNCTION(session_set_cookie_params) +static PHP_FUNCTION(session_set_cookie_params) { - zval **lifetime; + zval **lifetime = NULL; char *path = NULL, *domain = NULL; int path_len, domain_len, argc = ZEND_NUM_ARGS(); - zend_bool secure, httponly; - - if (!PS(use_cookies)) { - return; - } + zend_bool secure = 0, httponly = 0; - if (zend_parse_parameters(argc TSRMLS_CC, "Z|ssbb", &lifetime, &path, &path_len, &domain, &domain_len, &secure, &httponly) == FAILURE) { + if (!PS(use_cookies) || + zend_parse_parameters(argc TSRMLS_CC, "Z|ssbb", &lifetime, &path, &path_len, + &domain, &domain_len, &secure, &httponly) == FAILURE) { return; } convert_to_string_ex(lifetime); - + zend_alter_ini_entry("session.cookie_lifetime", sizeof("session.cookie_lifetime"), Z_STRVAL_PP(lifetime), Z_STRLEN_PP(lifetime), PHP_INI_USER, PHP_INI_STAGE_RUNTIME); - if (argc > 1) { + if (path) { zend_alter_ini_entry("session.cookie_path", sizeof("session.cookie_path"), path, path_len, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); - if (argc > 2) { - zend_alter_ini_entry("session.cookie_domain", sizeof("session.cookie_domain"), domain, domain_len, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); - if (argc > 3) { - zend_alter_ini_entry("session.cookie_secure", sizeof("session.cookie_secure"), secure?"1":"0", 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); - if (argc > 4) { - zend_alter_ini_entry("session.cookie_httponly", sizeof("session.cookie_httponly"), httponly?"1":"0", 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); - } - } - } + } + if (domain) { + zend_alter_ini_entry("session.cookie_domain", sizeof("session.cookie_domain"), domain, domain_len, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); + } + + if (argc > 3) { + zend_alter_ini_entry("session.cookie_secure", sizeof("session.cookie_secure"), secure ? "1" : "0", 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); + } + if (argc > 4) { + zend_alter_ini_entry("session.cookie_httponly", sizeof("session.cookie_httponly"), httponly ? "1" : "0", 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); } } /* }}} */ /* {{{ proto array session_get_cookie_params(void) Return the session cookie parameters */ -PHP_FUNCTION(session_get_cookie_params) +static PHP_FUNCTION(session_get_cookie_params) { if (zend_parse_parameters_none() == FAILURE) { return; @@ -1508,33 +1585,31 @@ PHP_FUNCTION(session_get_cookie_params) /* {{{ proto string session_name([string newname]) Return the current session name. If newname is given, the session name is replaced with newname */ -PHP_FUNCTION(session_name) +static PHP_FUNCTION(session_name) { - char *old, *p_name = NULL; - int p_name_len, argc = ZEND_NUM_ARGS(); + char *name = NULL; + int name_len; - if (zend_parse_parameters(argc TSRMLS_CC, "|s", &p_name, &p_name_len) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|s", &name, &name_len) == FAILURE) { return; } - - old = estrdup(PS(session_name)); - if (argc) { - zend_alter_ini_entry("session.name", sizeof("session.name"), p_name, p_name_len, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); + RETVAL_STRING(PS(session_name), 1); + + if (name) { + zend_alter_ini_entry("session.name", sizeof("session.name"), name, name_len, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); } - - RETVAL_STRING(old, 0); } /* }}} */ /* {{{ proto string session_module_name([string newname]) Return the current module name used for accessing session data. If newname is given, the module name is replaced with newname */ -PHP_FUNCTION(session_module_name) +static PHP_FUNCTION(session_module_name) { - char *p_name = NULL; - int p_name_len, argc = ZEND_NUM_ARGS(); + char *name = NULL; + int name_len; - if (zend_parse_parameters(argc TSRMLS_CC, "|s", &p_name, &p_name_len) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|s", &name, &name_len) == FAILURE) { return; } @@ -1544,10 +1619,11 @@ PHP_FUNCTION(session_module_name) } else { RETVAL_EMPTY_STRING(); } - - if (argc == 1) { - if (!_php_find_ps_module(p_name TSRMLS_CC)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot find named PHP session module (%s)", p_name); + + if (name) { + if (!_php_find_ps_module(name TSRMLS_CC)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot find named PHP session module (%s)", name); + zval_dtor(return_value); RETURN_FALSE; } @@ -1556,19 +1632,23 @@ PHP_FUNCTION(session_module_name) } PS(mod_data) = NULL; - zend_alter_ini_entry("session.save_handler", sizeof("session.save_handler"), p_name, p_name_len, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); + zend_alter_ini_entry("session.save_handler", sizeof("session.save_handler"), name, name_len, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); } } /* }}} */ /* {{{ proto void session_set_save_handler(string open, string close, string read, string write, string destroy, string gc) Sets user-level functions */ -PHP_FUNCTION(session_set_save_handler) +static PHP_FUNCTION(session_set_save_handler) { zval ***args = NULL; int i, num_args, argc = ZEND_NUM_ARGS(); char *name; + if (PS(session_status) != php_session_none) { + RETURN_FALSE; + } + if (argc != 6) { WRONG_PARAM_COUNT; } @@ -1576,12 +1656,7 @@ PHP_FUNCTION(session_set_save_handler) if (zend_parse_parameters(argc TSRMLS_CC, "+", &args, &num_args) == FAILURE) { return; } - - if (PS(session_status) != php_session_none) { - efree(args); - RETURN_FALSE; - } - + for (i = 0; i < 6; i++) { if (!zend_is_callable(*args[i], 0, &name TSRMLS_CC)) { efree(args); @@ -1591,7 +1666,7 @@ PHP_FUNCTION(session_set_save_handler) } efree(name); } - + zend_alter_ini_entry("session.save_handler", sizeof("session.save_handler"), "user", sizeof("user")-1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); for (i = 0; i < 6; i++) { @@ -1601,7 +1676,7 @@ PHP_FUNCTION(session_set_save_handler) Z_ADDREF_PP(args[i]); PS(mod_user_names).names[i] = *args[i]; } - + efree(args); RETURN_TRUE; } @@ -1609,58 +1684,57 @@ PHP_FUNCTION(session_set_save_handler) /* {{{ proto string session_save_path([string newname]) Return the current save path passed to module_name. If newname is given, the save path is replaced with newname */ -PHP_FUNCTION(session_save_path) +static PHP_FUNCTION(session_save_path) { - char *p_name = NULL; - int p_name_len, argc = ZEND_NUM_ARGS(); - char *old; - - if (zend_parse_parameters(argc TSRMLS_CC, "|s", &p_name, &p_name_len) == FAILURE) { + char *name = NULL; + int name_len; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|s", &name, &name_len) == FAILURE) { return; } - - old = estrdup(PS(save_path)); - if (argc == 1) { - zend_alter_ini_entry("session.save_path", sizeof("session.save_path"), p_name, p_name_len, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); + RETVAL_STRING(PS(save_path), 1); + + if (name) { + if (memchr(name, '\0', name_len) != NULL) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "The save_path cannot contain NULL characters"); + zval_dtor(return_value); + RETURN_FALSE; + } + zend_alter_ini_entry("session.save_path", sizeof("session.save_path"), name, name_len, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); } - - RETVAL_STRING(old, 0); } /* }}} */ /* {{{ proto string session_id([string newid]) Return the current session id. If newid is given, the session id is replaced with newid */ -PHP_FUNCTION(session_id) +static PHP_FUNCTION(session_id) { - char *p_name = NULL; - int p_name_len, argc = ZEND_NUM_ARGS(); - char *old; + char *name = NULL; + int name_len; - if (zend_parse_parameters(argc TSRMLS_CC, "|s", &p_name, &p_name_len) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|s", &name, &name_len) == FAILURE) { return; } if (PS(id)) { - old = estrdup(PS(id)); + RETVAL_STRING(PS(id), 1); } else { - old = STR_EMPTY_ALLOC(); + RETVAL_EMPTY_STRING(); } - if (argc == 1) { + if (name) { if (PS(id)) { efree(PS(id)); } - PS(id) = estrndup(p_name, p_name_len); + PS(id) = estrndup(name, name_len); } - - RETVAL_STRING(old, 0); } /* }}} */ /* {{{ proto bool session_regenerate_id([bool delete_old_session]) Update the current session id with a newly generated one. If delete_old_session is set to true, remove the old session. */ -PHP_FUNCTION(session_regenerate_id) +static PHP_FUNCTION(session_regenerate_id) { zend_bool del_ses = 0; @@ -1682,12 +1756,12 @@ PHP_FUNCTION(session_regenerate_id) efree(PS(id)); PS(id) = NULL; } - + PS(id) = PS(mod)->s_create_sid(&PS(mod_data), NULL TSRMLS_CC); PS(send_cookie) = 1; php_session_reset_id(TSRMLS_C); - + RETURN_TRUE; } RETURN_FALSE; @@ -1696,46 +1770,40 @@ PHP_FUNCTION(session_regenerate_id) /* {{{ proto string session_cache_limiter([string new_cache_limiter]) Return the current cache limiter. If new_cache_limited is given, the current cache_limiter is replaced with new_cache_limiter */ -PHP_FUNCTION(session_cache_limiter) +static PHP_FUNCTION(session_cache_limiter) { - char *p_cache_limiter; - int p_cache_limiter_len, argc = ZEND_NUM_ARGS(); - char *old; + char *limiter = NULL; + int limiter_len; - if (zend_parse_parameters(argc TSRMLS_CC, "|s", &p_cache_limiter, &p_cache_limiter_len) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|s", &limiter, &limiter_len) == FAILURE) { return; } - - old = estrdup(PS(cache_limiter)); - if (argc == 1) { - zend_alter_ini_entry("session.cache_limiter", sizeof("session.cache_limiter"), p_cache_limiter, p_cache_limiter_len, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); + RETVAL_STRING(PS(cache_limiter), 1); + + if (limiter) { + zend_alter_ini_entry("session.cache_limiter", sizeof("session.cache_limiter"), limiter, limiter_len, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); } - - RETVAL_STRING(old, 0); } /* }}} */ /* {{{ proto int session_cache_expire([int new_cache_expire]) Return the current cache expire. If new_cache_expire is given, the current cache_expire is replaced with new_cache_expire */ -PHP_FUNCTION(session_cache_expire) +static PHP_FUNCTION(session_cache_expire) { - zval **p_cache_expire = NULL; + zval **expires = NULL; int argc = ZEND_NUM_ARGS(); - long old; - - old = PS(cache_expire); - if (zend_parse_parameters(argc TSRMLS_CC, "|Z", &p_cache_expire) == FAILURE) { + if (zend_parse_parameters(argc TSRMLS_CC, "|Z", &expires) == FAILURE) { return; } + RETVAL_LONG(PS(cache_expire)); + if (argc == 1) { - convert_to_string_ex(p_cache_expire); - zend_alter_ini_entry("session.cache_expire", sizeof("session.cache_expire"), Z_STRVAL_PP(p_cache_expire), Z_STRLEN_PP(p_cache_expire), ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME); + convert_to_string_ex(expires); + zend_alter_ini_entry("session.cache_expire", sizeof("session.cache_expire"), Z_STRVAL_PP(expires), Z_STRLEN_PP(expires), ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME); } - - RETVAL_LONG(old); } /* }}} */ @@ -1743,7 +1811,7 @@ PHP_FUNCTION(session_cache_expire) static void php_register_var(zval** entry TSRMLS_DC) { zval **value; - + if (Z_TYPE_PP(entry) == IS_ARRAY) { if (Z_ARRVAL_PP(entry)->nApplyCount > 1) { return; @@ -1769,88 +1837,9 @@ static void php_register_var(zval** entry TSRMLS_DC) } /* }}} */ -/* {{{ proto bool session_register(mixed var_names [, mixed ...]) - Adds varname(s) to the list of variables which are freezed at the session end */ -PHP_FUNCTION(session_register) -{ - zval ***args = NULL; - int num_args, i; - - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "+", &args, &num_args) == FAILURE) { - return; - } - - if (PS(session_status) == php_session_none || PS(session_status) == php_session_disabled) { - php_session_start(TSRMLS_C); - } - - if (PS(session_status) == php_session_disabled) { - if (args) { - efree(args); - } - RETURN_FALSE; - } - - for (i = 0; i < num_args; i++) { - if (Z_TYPE_PP(args[i]) == IS_ARRAY) { - SEPARATE_ZVAL(args[i]); - } - php_register_var(args[i] TSRMLS_CC); - } - - if (args) { - efree(args); - } - - RETURN_TRUE; -} -/* }}} */ - -/* {{{ proto bool session_unregister(string varname) - Removes varname from the list of variables which are freezed at the session end */ -PHP_FUNCTION(session_unregister) -{ - char *p_name; - int p_name_len; - - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &p_name, &p_name_len) == FAILURE) { - return; - } - - PS_DEL_VARL(p_name, p_name_len); - - RETURN_TRUE; -} -/* }}} */ - -/* {{{ proto bool session_is_registered(string varname) - Checks if a variable is registered in session */ -PHP_FUNCTION(session_is_registered) -{ - zval *p_var; - char *p_name; - int p_name_len; - - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &p_name, &p_name_len) == FAILURE) { - return; - } - - if (PS(session_status) == php_session_none) { - RETURN_FALSE; - } - - IF_SESSION_VARS() { - if (zend_hash_find(Z_ARRVAL_P(PS(http_session_vars)), p_name, p_name_len+1, (void **)&p_var) == SUCCESS) { - RETURN_TRUE; - } - } - RETURN_FALSE; -} -/* }}} */ - /* {{{ proto string session_encode(void) Serializes the current setup and returns the serialized representation */ -PHP_FUNCTION(session_encode) +static PHP_FUNCTION(session_encode) { int len; char *enc; @@ -1863,65 +1852,65 @@ PHP_FUNCTION(session_encode) if (enc == NULL) { RETURN_FALSE; } - + RETVAL_STRINGL(enc, len, 0); } /* }}} */ /* {{{ proto bool session_decode(string data) Deserializes data and reinitializes the variables */ -PHP_FUNCTION(session_decode) +static PHP_FUNCTION(session_decode) { char *str; int str_len; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &str, &str_len) == FAILURE) { - return; - } - if (PS(session_status) == php_session_none) { RETURN_FALSE; } + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &str, &str_len) == FAILURE) { + return; + } + php_session_decode(str, str_len TSRMLS_CC); - + RETURN_TRUE; } /* }}} */ /* {{{ proto bool session_start(void) Begin session - reinitializes freezed variables, registers browsers etc */ -PHP_FUNCTION(session_start) +static PHP_FUNCTION(session_start) { /* skipping check for non-zero args for performance reasons here ?*/ php_session_start(TSRMLS_C); + + if (PS(session_status) != php_session_active) { + RETURN_FALSE; + } RETURN_TRUE; } /* }}} */ /* {{{ proto bool session_destroy(void) Destroy the current session and all data associated with it */ -PHP_FUNCTION(session_destroy) +static PHP_FUNCTION(session_destroy) { if (zend_parse_parameters_none() == FAILURE) { return; } - if (php_session_destroy(TSRMLS_C) == SUCCESS) { - RETURN_TRUE; - } else { - RETURN_FALSE; - } + RETURN_BOOL(php_session_destroy(TSRMLS_C) == SUCCESS); } /* }}} */ - /* {{{ proto void session_unset(void) Unset all registered variables */ -PHP_FUNCTION(session_unset) +static PHP_FUNCTION(session_unset) { - if (PS(session_status) == php_session_none) + if (PS(session_status) == php_session_none) { RETURN_FALSE; + } IF_SESSION_VARS() { HashTable *ht = Z_ARRVAL_P(PS(http_session_vars)); @@ -1931,7 +1920,7 @@ PHP_FUNCTION(session_unset) char *str; ulong num_key; HashPosition pos; - + zend_hash_internal_pointer_reset_ex(ht, &pos); while (zend_hash_get_current_key_ex(ht, &str, &str_len, &num_key, @@ -1940,48 +1929,213 @@ PHP_FUNCTION(session_unset) zend_hash_move_forward_ex(ht, &pos); } } - + /* Clean $_SESSION. */ zend_hash_clean(ht); } } /* }}} */ -PHPAPI void session_adapt_url(const char *url, size_t urllen, char **new, size_t *newlen TSRMLS_DC) +/* {{{ proto void session_write_close(void) + Write session data and end session */ +static PHP_FUNCTION(session_write_close) { - if (PS(apply_trans_sid) && (PS(session_status) == php_session_active)) { - *new = php_url_scanner_adapt_single_url(url, urllen, PS(session_name), PS(id), newlen TSRMLS_CC); + php_session_flush(TSRMLS_C); +} +/* }}} */ + +/* {{{ proto bool session_register(mixed var_names [, mixed ...]) + Adds varname(s) to the list of variables which are freezed at the session end */ +static PHP_FUNCTION(session_register) +{ + zval ***args = NULL; + int num_args, i; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "+", &args, &num_args) == FAILURE) { + return; + } + + if (PS(session_status) == php_session_none || PS(session_status) == php_session_disabled) { + php_session_start(TSRMLS_C); + } + + if (PS(session_status) == php_session_disabled) { + if (args) { + efree(args); + } + RETURN_FALSE; + } + + for (i = 0; i < num_args; i++) { + if (Z_TYPE_PP(args[i]) == IS_ARRAY) { + SEPARATE_ZVAL(args[i]); + } + php_register_var(args[i] TSRMLS_CC); } + + if (args) { + efree(args); + } + + RETURN_TRUE; } +/* }}} */ -static void php_rinit_session_globals(TSRMLS_D) -{ - PS(id) = NULL; - PS(session_status) = php_session_none; - PS(mod_data) = NULL; - /* Do NOT init PS(mod_user_names) here! */ - PS(http_session_vars) = NULL; +/* {{{ proto bool session_unregister(string varname) + Removes varname from the list of variables which are freezed at the session end */ +static PHP_FUNCTION(session_unregister) +{ + char *p_name; + int p_name_len; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &p_name, &p_name_len) == FAILURE) { + return; + } + + PS_DEL_VARL(p_name, p_name_len); + + RETURN_TRUE; } +/* }}} */ -static void php_rshutdown_session_globals(TSRMLS_D) +/* {{{ proto bool session_is_registered(string varname) + Checks if a variable is registered in session */ +static PHP_FUNCTION(session_is_registered) { - if (PS(http_session_vars)) { - zval_ptr_dtor(&PS(http_session_vars)); - PS(http_session_vars) = NULL; + zval *p_var; + char *p_name; + int p_name_len; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &p_name, &p_name_len) == FAILURE) { + return; } - /* Do NOT destroy PS(mod_user_names) here! */ - if (PS(mod_data)) { - zend_try { - PS(mod)->s_close(&PS(mod_data) TSRMLS_CC); - } zend_end_try(); + + if (PS(session_status) == php_session_none) { + RETURN_FALSE; } - if (PS(id)) { - efree(PS(id)); + + IF_SESSION_VARS() { + if (zend_hash_find(Z_ARRVAL_P(PS(http_session_vars)), p_name, p_name_len+1, (void **)&p_var) == SUCCESS) { + RETURN_TRUE; + } } + RETURN_FALSE; } +/* }}} */ + +/* {{{ arginfo */ +static +ZEND_BEGIN_ARG_INFO_EX(arginfo_session_name, 0, 0, 0) + ZEND_ARG_INFO(0, name) +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO_EX(arginfo_session_module_name, 0, 0, 0) + ZEND_ARG_INFO(0, module) +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO_EX(arginfo_session_save_path, 0, 0, 0) + ZEND_ARG_INFO(0, path) +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO_EX(arginfo_session_id, 0, 0, 0) + ZEND_ARG_INFO(0, id) +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO_EX(arginfo_session_regenerate_id, 0, 0, 0) + ZEND_ARG_INFO(0, delete_old_session) +ZEND_END_ARG_INFO() +static +ZEND_BEGIN_ARG_INFO_EX(arginfo_session_decode, 0, 0, 1) + ZEND_ARG_INFO(0, data) +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO_EX(arginfo_session_register, 0, 0, 1) + ZEND_ARG_INFO(0, name) + ZEND_ARG_INFO(0, ...) +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO_EX(arginfo_session_unregister, 0, 0, 1) + ZEND_ARG_INFO(0, name) +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO_EX(arginfo_session_is_registered, 0, 0, 1) + ZEND_ARG_INFO(0, name) +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO(arginfo_session_void, 0) +ZEND_END_ARG_INFO() -PHP_RINIT_FUNCTION(session) +static +ZEND_BEGIN_ARG_INFO_EX(arginfo_session_set_save_handler, 0, 0, 6) + ZEND_ARG_INFO(0, open) + ZEND_ARG_INFO(0, close) + ZEND_ARG_INFO(0, read) + ZEND_ARG_INFO(0, write) + ZEND_ARG_INFO(0, destroy) + ZEND_ARG_INFO(0, gc) +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO_EX(arginfo_session_cache_limiter, 0, 0, 0) + ZEND_ARG_INFO(0, cache_limiter) +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO_EX(arginfo_session_cache_expire, 0, 0, 0) + ZEND_ARG_INFO(0, new_cache_expire) +ZEND_END_ARG_INFO() + +static +ZEND_BEGIN_ARG_INFO_EX(arginfo_session_set_cookie_params, 0, 0, 1) + ZEND_ARG_INFO(0, lifetime) + ZEND_ARG_INFO(0, path) + ZEND_ARG_INFO(0, domain) + ZEND_ARG_INFO(0, secure) + ZEND_ARG_INFO(0, httponly) +ZEND_END_ARG_INFO() +/* }}} */ + +/* {{{ session_functions[] + */ +static const zend_function_entry session_functions[] = { + PHP_FE(session_name, arginfo_session_name) + PHP_FE(session_module_name, arginfo_session_module_name) + PHP_FE(session_save_path, arginfo_session_save_path) + PHP_FE(session_id, arginfo_session_id) + PHP_FE(session_regenerate_id, arginfo_session_regenerate_id) + PHP_FE(session_decode, arginfo_session_decode) + PHP_FE(session_register, arginfo_session_register) + PHP_FE(session_unregister, arginfo_session_unregister) + PHP_FE(session_is_registered, arginfo_session_is_registered) + PHP_FE(session_encode, arginfo_session_void) + PHP_FE(session_start, arginfo_session_void) + PHP_FE(session_destroy, arginfo_session_void) + PHP_FE(session_unset, arginfo_session_void) + PHP_FE(session_set_save_handler, arginfo_session_set_save_handler) + PHP_FE(session_cache_limiter, arginfo_session_cache_limiter) + PHP_FE(session_cache_expire, arginfo_session_cache_expire) + PHP_FE(session_set_cookie_params, arginfo_session_set_cookie_params) + PHP_FE(session_get_cookie_params, arginfo_session_void) + PHP_FE(session_write_close, arginfo_session_void) + PHP_FALIAS(session_commit, session_write_close, arginfo_session_void) + {NULL, NULL, NULL} +}; +/* }}} */ + +/* ******************************** + * Module Setup and Destruction * + ******************************** */ + +static PHP_RINIT_FUNCTION(session) /* {{{ */ { php_rinit_session_globals(TSRMLS_C); @@ -1998,7 +2152,7 @@ PHP_RINIT_FUNCTION(session) char *value; value = zend_ini_string("session.serialize_handler", sizeof("session.serialize_handler"), 0); - if(value) { + if (value) { PS(serializer) = _php_find_ps_serializer(value TSRMLS_CC); } } @@ -2006,7 +2160,6 @@ PHP_RINIT_FUNCTION(session) if (PS(mod) == NULL || PS(serializer) == NULL) { /* current status is unusable */ PS(session_status) = php_session_disabled; - return SUCCESS; } @@ -2016,30 +2169,15 @@ PHP_RINIT_FUNCTION(session) return SUCCESS; } +/* }}} */ -static void php_session_flush(TSRMLS_D) -{ - if (PS(session_status) == php_session_active) { - PS(session_status) = php_session_none; - zend_try { - php_session_save_current_state(TSRMLS_C); - } zend_end_try(); - } -} - -/* {{{ proto void session_write_close(void) - Write session data and end session */ -PHP_FUNCTION(session_write_close) -{ - php_session_flush(TSRMLS_C); -} - -PHP_RSHUTDOWN_FUNCTION(session) +static PHP_RSHUTDOWN_FUNCTION(session) /* {{{ */ { int i; php_session_flush(TSRMLS_C); php_rshutdown_session_globals(TSRMLS_C); + /* this should NOT be done in php_rshutdown_session_globals() */ for (i = 0; i < 6; i++) { if (PS(mod_user_names).names[i] != NULL) { @@ -2052,7 +2190,7 @@ PHP_RSHUTDOWN_FUNCTION(session) } /* }}} */ -static PHP_GINIT_FUNCTION(ps) +static PHP_GINIT_FUNCTION(ps) /* {{{ */ { int i; @@ -2060,6 +2198,7 @@ static PHP_GINIT_FUNCTION(ps) ps_globals->session_name = NULL; ps_globals->id = NULL; ps_globals->mod = NULL; + ps_globals->serializer = NULL; ps_globals->mod_data = NULL; ps_globals->session_status = php_session_none; for (i = 0; i < 6; i++) { @@ -2067,8 +2206,9 @@ static PHP_GINIT_FUNCTION(ps) } ps_globals->http_session_vars = NULL; } +/* }}} */ -PHP_MINIT_FUNCTION(session) +static PHP_MINIT_FUNCTION(session) /* {{{ */ { zend_register_auto_global("_SESSION", sizeof("_SESSION")-1, NULL TSRMLS_CC); @@ -2082,8 +2222,9 @@ PHP_MINIT_FUNCTION(session) #endif return SUCCESS; } +/* }}} */ -PHP_MSHUTDOWN_FUNCTION(session) +static PHP_MSHUTDOWN_FUNCTION(session) /* {{{ */ { UNREGISTER_INI_ENTRIES(); @@ -2096,16 +2237,16 @@ PHP_MSHUTDOWN_FUNCTION(session) return SUCCESS; } +/* }}} */ - -PHP_MINFO_FUNCTION(session) +static PHP_MINFO_FUNCTION(session) /* {{{ */ { ps_module **mod; ps_serializer *ser; smart_str save_handlers = {0}; smart_str ser_handlers = {0}; int i; - + /* Get save handlers */ for (i = 0, mod = ps_modules; i < MAX_MODULES; i++, mod++) { if (*mod && (*mod)->s_name) { @@ -2121,7 +2262,7 @@ PHP_MINFO_FUNCTION(session) smart_str_appendc(&ser_handlers, ' '); } } - + php_info_print_table_start(); php_info_print_table_row(2, "Session Support", "enabled" ); @@ -2145,7 +2286,26 @@ PHP_MINFO_FUNCTION(session) DISPLAY_INI_ENTRIES(); } +/* }}} */ + +zend_module_entry session_module_entry = { + STANDARD_MODULE_HEADER, + "session", + session_functions, + PHP_MINIT(session), PHP_MSHUTDOWN(session), + PHP_RINIT(session), PHP_RSHUTDOWN(session), + PHP_MINFO(session), + NO_VERSION_YET, + PHP_MODULE_GLOBALS(ps), + PHP_GINIT(ps), + NULL, + NULL, + STANDARD_MODULE_PROPERTIES_EX +}; +#ifdef COMPILE_DL_SESSION +ZEND_GET_MODULE(session) +#endif /* * Local variables: diff --git a/ext/session/tests/008-php4.2.3.phpt b/ext/session/tests/008-php4.2.3.phpt index b6485b3b46..7d31f2e3de 100644 --- a/ext/session/tests/008-php4.2.3.phpt +++ b/ext/session/tests/008-php4.2.3.phpt @@ -59,7 +59,7 @@ session_destroy(); ?> --EXPECTF-- NULL -session_write_close(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. +session_write_close(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively array(1) { ["c"]=> float(3.14) diff --git a/ext/session/tests/014.phpt b/ext/session/tests/014.phpt index 4c5b14c697..e5734bc6e9 100644 --- a/ext/session/tests/014.phpt +++ b/ext/session/tests/014.phpt @@ -35,8 +35,8 @@ session_destroy(); --EXPECTF-- <a href="/link?PHPSESSID=abtest"> -Warning: ini_set(): A session is active. You cannot change the session module's ini settings at this time. in %s on line %d +Warning: ini_set(): A session is active. You cannot change the session module's ini settings at this time in %s on line %d <a href="/link?PHPSESSID=abtest"> -Warning: ini_set(): A session is active. You cannot change the session module's ini settings at this time. in %s on line %d +Warning: ini_set(): A session is active. You cannot change the session module's ini settings at this time in %s on line %d <a href="/link?PHPSESSID=abtest"> diff --git a/ext/session/tests/session_decode_variation3.phpt b/ext/session/tests/session_decode_variation3.phpt index b7e13cc40c..4a6f768713 100644 --- a/ext/session/tests/session_decode_variation3.phpt +++ b/ext/session/tests/session_decode_variation3.phpt @@ -23,8 +23,8 @@ $_SESSION["foo"] = 1234567890; $_SESSION["bar"] = "Blah!"; $_SESSION["guff"] = 123.456; var_dump($_SESSION); -$encoded = "A2Zvb2k6MTIzNDU2Nzg5MDs="; -var_dump(session_decode(base64_decode($encoded))); +$encoded = "foo|i:1234567890;"; +var_dump(session_decode($encoded)); var_dump($_SESSION); var_dump(session_destroy()); @@ -34,10 +34,11 @@ ob_end_flush(); --EXPECTF-- *** Testing session_decode() : variation *** -Warning: session_start(): Unknown session.serialize_handler. Failed to decode session object. in %s on line %d -bool(true) -array(0) { -} +Warning: session_start(): Cannot find serialization handler 'blah' - session startup failed in %s on line %d +bool(false) + +Notice: Undefined variable: _SESSION in %s on line %d +NULL array(3) { ["foo"]=> int(1234567890) @@ -47,7 +48,7 @@ array(3) { float(123.456) } -Warning: session_decode(): Unknown session.serialize_handler. Failed to decode session object. in %s on line %d +Warning: session_decode(): Unknown session.serialize_handler. Failed to decode session object in %s on line %d bool(true) array(3) { ["foo"]=> @@ -57,6 +58,7 @@ array(3) { ["guff"]=> float(123.456) } -bool(true) -Done +Warning: session_destroy(): Trying to destroy uninitialized session in %s on line %d +bool(false) +Done diff --git a/ext/session/tests/session_encode_error2.phpt b/ext/session/tests/session_encode_error2.phpt index 6a019b203d..24758500cd 100644 --- a/ext/session/tests/session_encode_error2.phpt +++ b/ext/session/tests/session_encode_error2.phpt @@ -100,63 +100,63 @@ ob_end_flush(); -- Iteration 1 -- bool(true) -Notice: session_encode(): Skipping numeric key 0. in %s on line %d +Notice: session_encode(): Skipping numeric key 0 in %s on line %d bool(false) bool(true) -- Iteration 2 -- bool(true) -Notice: session_encode(): Skipping numeric key 1. in %s on line %d +Notice: session_encode(): Skipping numeric key 1 in %s on line %d bool(false) bool(true) -- Iteration 3 -- bool(true) -Notice: session_encode(): Skipping numeric key 12345. in %s on line %d +Notice: session_encode(): Skipping numeric key 12345 in %s on line %d bool(false) bool(true) -- Iteration 4 -- bool(true) -Notice: session_encode(): Skipping numeric key -2345. in %s on line %d +Notice: session_encode(): Skipping numeric key -2345 in %s on line %d bool(false) bool(true) -- Iteration 5 -- bool(true) -Notice: session_encode(): Skipping numeric key 10. in %s on line %d +Notice: session_encode(): Skipping numeric key 10 in %s on line %d bool(false) bool(true) -- Iteration 6 -- bool(true) -Notice: session_encode(): Skipping numeric key -10. in %s on line %d +Notice: session_encode(): Skipping numeric key -10 in %s on line %d bool(false) bool(true) -- Iteration 7 -- bool(true) -Notice: session_encode(): Skipping numeric key %s. in %s on line %d +Notice: session_encode(): Skipping numeric key %s in %s on line %d bool(false) bool(true) -- Iteration 8 -- bool(true) -Notice: session_encode(): Skipping numeric key 0. in %s on line %d +Notice: session_encode(): Skipping numeric key 0 in %s on line %d bool(false) bool(true) -- Iteration 9 -- bool(true) -Notice: session_encode(): Skipping numeric key 0. in %s on line %d +Notice: session_encode(): Skipping numeric key 0 in %s on line %d bool(false) bool(true) @@ -173,28 +173,28 @@ bool(true) -- Iteration 12 -- bool(true) -Notice: session_encode(): Skipping numeric key 1. in %s on line %d +Notice: session_encode(): Skipping numeric key 1 in %s on line %d bool(false) bool(true) -- Iteration 13 -- bool(true) -Notice: session_encode(): Skipping numeric key 0. in %s on line %d +Notice: session_encode(): Skipping numeric key 0 in %s on line %d bool(false) bool(true) -- Iteration 14 -- bool(true) -Notice: session_encode(): Skipping numeric key 1. in %s on line %d +Notice: session_encode(): Skipping numeric key 1 in %s on line %d bool(false) bool(true) -- Iteration 15 -- bool(true) -Notice: session_encode(): Skipping numeric key 0. in %s on line %d +Notice: session_encode(): Skipping numeric key 0 in %s on line %d bool(false) bool(true) @@ -245,7 +245,7 @@ bool(true) Strict Standards: Resource ID#%d used as offset, casting to integer (%d) in %s on line %d -Notice: session_encode(): Skipping numeric key %d. in %s on line %d +Notice: session_encode(): Skipping numeric key %d in %s on line %d bool(false) bool(true) Done diff --git a/ext/session/tests/session_encode_variation1.phpt b/ext/session/tests/session_encode_variation1.phpt index 9c9f64b436..ce3a921659 100644 --- a/ext/session/tests/session_encode_variation1.phpt +++ b/ext/session/tests/session_encode_variation1.phpt @@ -31,7 +31,7 @@ ob_end_flush(); --EXPECTF-- *** Testing session_encode() : variation *** -Warning: session_encode(): Cannot encode non-existent session. in %s on line %d +Warning: session_encode(): Cannot encode non-existent session in %s on line %d bool(false) bool(true) bool(false) @@ -41,7 +41,6 @@ bool(true) bool(false) bool(true) -Warning: session_encode(): Cannot encode non-existent session. in %s on line %d +Warning: session_encode(): Cannot encode non-existent session in %s on line %d bool(false) Done - diff --git a/ext/session/tests/session_encode_variation2.phpt b/ext/session/tests/session_encode_variation2.phpt index 7ec8a63afd..93fab30d67 100644 --- a/ext/session/tests/session_encode_variation2.phpt +++ b/ext/session/tests/session_encode_variation2.phpt @@ -29,7 +29,6 @@ ob_end_flush(); bool(false) bool(true) -Warning: session_encode(): Cannot encode non-existent session. in %s on line %d +Warning: session_encode(): Cannot encode non-existent session in %s on line %d bool(false) Done - diff --git a/ext/session/tests/session_encode_variation3.phpt b/ext/session/tests/session_encode_variation3.phpt index 40bb44de54..47b2441b30 100644 --- a/ext/session/tests/session_encode_variation3.phpt +++ b/ext/session/tests/session_encode_variation3.phpt @@ -31,4 +31,3 @@ bool(true) string(34) "foo|a:3:{i:0;i:1;i:1;i:2;i:2;i:3;}" bool(true) Done - diff --git a/ext/session/tests/session_encode_variation4.phpt b/ext/session/tests/session_encode_variation4.phpt index d85b9a48ad..89af6ebb21 100644 --- a/ext/session/tests/session_encode_variation4.phpt +++ b/ext/session/tests/session_encode_variation4.phpt @@ -33,4 +33,3 @@ bool(true) string(52) "foo|a:3:{i:0;i:1;i:1;i:2;i:2;i:3;}guff|R:1;blah|R:1;" bool(true) Done - diff --git a/ext/session/tests/session_encode_variation5.phpt b/ext/session/tests/session_encode_variation5.phpt index fc408847bf..d7639fadb1 100644 --- a/ext/session/tests/session_encode_variation5.phpt +++ b/ext/session/tests/session_encode_variation5.phpt @@ -33,4 +33,3 @@ bool(true) string(64) "data|a:5:{i:0;i:1;i:1;i:2;i:2;i:3;s:3:"foo";R:1;s:4:"blah";R:1;}" bool(true) Done - diff --git a/ext/session/tests/session_encode_variation6.phpt b/ext/session/tests/session_encode_variation6.phpt index 4280473821..c5f1f4bbc3 100644 --- a/ext/session/tests/session_encode_variation6.phpt +++ b/ext/session/tests/session_encode_variation6.phpt @@ -35,18 +35,17 @@ ob_end_flush(); *** Testing session_encode() : variation *** bool(true) -Notice: session_encode(): Skipping numeric key 0. in %s on line %d +Notice: session_encode(): Skipping numeric key 0 in %s on line %d bool(false) bool(true) bool(true) -Notice: session_encode(): Skipping numeric key 1234567890. in %s on line %d +Notice: session_encode(): Skipping numeric key 1234567890 in %s on line %d bool(false) bool(true) bool(true) -Notice: session_encode(): Skipping numeric key -1234567890. in %s on line %d +Notice: session_encode(): Skipping numeric key -1234567890 in %s on line %d bool(false) bool(true) Done - diff --git a/ext/session/tests/session_encode_variation7.phpt b/ext/session/tests/session_encode_variation7.phpt index b3de3c68a8..04cfe4439d 100644 --- a/ext/session/tests/session_encode_variation7.phpt +++ b/ext/session/tests/session_encode_variation7.phpt @@ -32,4 +32,3 @@ bool(true) string(24) "A2Zvb2k6MTIzNDU2Nzg5MDs=" bool(true) Done - diff --git a/ext/session/tests/session_encode_variation8.phpt b/ext/session/tests/session_encode_variation8.phpt index 57c9e17bd4..7ffa948620 100644 --- a/ext/session/tests/session_encode_variation8.phpt +++ b/ext/session/tests/session_encode_variation8.phpt @@ -29,11 +29,12 @@ ob_end_flush(); --EXPECTF-- *** Testing session_encode() : variation *** -Warning: session_start(): Unknown session.serialize_handler. Failed to decode session object. in %s on line %d -bool(true) +Warning: session_start(): Cannot find serialization handler 'blah' - session startup failed in %s on line %d +bool(false) -Warning: session_encode(): Unknown session.serialize_handler. Failed to encode session object. in %s on line %d +Warning: session_encode(): Cannot encode non-existent session in %s on line %d string(0) "" -bool(true) -Done +Warning: session_destroy(): Trying to destroy uninitialized session in %s on line %d +bool(false) +Done diff --git a/ext/session/tests/session_id_error4.phpt b/ext/session/tests/session_id_error4.phpt index c07912d7ea..bb5cc6b858 100644 --- a/ext/session/tests/session_id_error4.phpt +++ b/ext/session/tests/session_id_error4.phpt @@ -30,6 +30,7 @@ ob_end_flush(); *** Testing session_id() : error functionality *** string(1) "0" string(0) "" - -Fatal error: session_start(): Invalid session hash function in %s on line %d - +bool(true) +string(40) "%s" +bool(true) +Done |