Created
November 20, 2011 01:35
-
-
Save yohgaki/1379668 to your computer and use it in GitHub Desktop.
PHP master: Strict session patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c | |
| index 621c4e1..a21e0ca 100644 | |
| --- a/ext/session/mod_files.c | |
| +++ b/ext/session/mod_files.c | |
| @@ -61,40 +61,9 @@ typedef struct { | |
| } ps_files; | |
| ps_module ps_mod_files = { | |
| - PS_MOD(files) | |
| + PS_MOD_SID(files) | |
| }; | |
| -/* If you change the logic here, please also update the error message in | |
| - * ps_files_open() appropriately */ | |
| -static int ps_files_valid_key(const char *key) | |
| -{ | |
| - size_t len; | |
| - const char *p; | |
| - char c; | |
| - int ret = 1; | |
| - | |
| - for (p = key; (c = *p); p++) { | |
| - /* valid characters are a..z,A..Z,0..9 */ | |
| - if (!((c >= 'a' && c <= 'z') | |
| - || (c >= 'A' && c <= 'Z') | |
| - || (c >= '0' && c <= '9') | |
| - || c == ',' | |
| - || c == '-')) { | |
| - ret = 0; | |
| - break; | |
| - } | |
| - } | |
| - | |
| - len = p - key; | |
| - | |
| - /* Somewhat arbitrary length limit here, but should be way more than | |
| - anyone needs and avoids file-level warnings later on if we exceed MAX_PATH */ | |
| - if (len == 0 || len > 128) { | |
| - ret = 0; | |
| - } | |
| - | |
| - return ret; | |
| -} | |
| static char *ps_files_path_create(char *buf, size_t buflen, ps_files *data, const char *key) | |
| { | |
| @@ -155,11 +124,12 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC) | |
| ps_files_close(data); | |
| - if (!ps_files_valid_key(key)) { | |
| - php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'"); | |
| + if (php_session_validate_key(key) == FAILURE) { | |
| PS(invalid_session_id) = 1; | |
| + php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'"); | |
| return; | |
| } | |
| + | |
| if (!ps_files_path_create(buf, sizeof(buf), data, key)) { | |
| return; | |
| } | |
| @@ -253,6 +223,51 @@ static int ps_files_cleanup_dir(const char *dirname, int maxlifetime TSRMLS_DC) | |
| return (nrdels); | |
| } | |
| +static int ps_files_validate_sid(ps_files *data, char *key TSRMLS_DC) | |
| +{ | |
| + char buf[MAXPATHLEN]; | |
| + int fd; | |
| + | |
| + if (php_session_validate_key(key) == FAILURE) { | |
| + PS(invalid_session_id) = 1; | |
| + php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'"); | |
| + return FAILURE; | |
| + } | |
| + | |
| + if (!ps_files_path_create(buf, sizeof(buf), data, key)) { | |
| + PS(invalid_session_id) = 1; | |
| + return FAILURE; | |
| + } | |
| + | |
| + fd = VCWD_OPEN_MODE(buf, O_RDWR | O_BINARY, data->filemode); | |
| + | |
| + if (fd != -1) { | |
| + close(fd); | |
| + return SUCCESS; | |
| + } | |
| + | |
| + PS(invalid_session_id) = 1; | |
| + return FAILURE; | |
| +} | |
| + | |
| +static int ps_files_check_collision(ps_files *data, char *key TSRMLS_DC) | |
| +{ | |
| + char buf[MAXPATHLEN]; | |
| + struct stat sbuf; | |
| + | |
| + if (!ps_files_path_create(buf, sizeof(buf), data, key)) { | |
| + PS(invalid_session_id) = 1; | |
| + return FAILURE; | |
| + } | |
| + | |
| + if (!VCWD_STAT(buf, &sbuf)) { | |
| + PS(invalid_session_id) = 1; | |
| + return FAILURE; | |
| + } | |
| + return SUCCESS; | |
| +} | |
| + | |
| + | |
| #define PS_FILES_DATA ps_files *data = PS_GET_MOD_DATA() | |
| PS_OPEN_FUNC(files) | |
| @@ -263,6 +278,7 @@ PS_OPEN_FUNC(files) | |
| int argc = 0; | |
| size_t dirdepth = 0; | |
| int filemode = 0600; | |
| + int cnt = 0; | |
| if (*save_path == '\0') { | |
| /* if save path is an empty string, determine the temporary dir */ | |
| @@ -316,6 +332,29 @@ PS_OPEN_FUNC(files) | |
| } | |
| PS_SET_MOD_DATA(data); | |
| + /* If there is an ID and strict mode, verify it */ | |
| + if (PS(id) && PS(use_strict_mode) | |
| + && ps_files_validate_sid(data, PS(id) TSRMLS_CC) == FAILURE) { | |
| + efree(PS(id)); | |
| + PS(id) = NULL; | |
| + } | |
| + | |
| + /* If there is no ID, use session module to create one */ | |
| + while(!PS(id)) { | |
| + PS(id) = PS(mod)->s_create_sid((void **)&data, NULL TSRMLS_CC); | |
| + if (cnt++ > 3) { | |
| + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to create session ID more than twice. Check your save_path."); | |
| + return FAILURE; | |
| + } | |
| + if (!PS(id) || ps_files_check_collision(data, PS(id) TSRMLS_CC) == FAILURE) { | |
| + continue; | |
| + } | |
| + PS(invalid_session_id) = 0; | |
| + if (PS(use_cookies)) { | |
| + PS(send_cookie) = 1; | |
| + } | |
| + } | |
| + | |
| return SUCCESS; | |
| } | |
| @@ -342,7 +381,7 @@ PS_READ_FUNC(files) | |
| struct stat sbuf; | |
| PS_FILES_DATA; | |
| - ps_files_open(data, key TSRMLS_CC); | |
| + ps_files_open(data, PS(id) TSRMLS_CC); | |
| if (data->fd < 0) { | |
| return FAILURE; | |
| } | |
| @@ -454,6 +493,24 @@ PS_GC_FUNC(files) | |
| return SUCCESS; | |
| } | |
| +PS_CREATE_SID_FUNC(files) | |
| +{ | |
| + char *sid; | |
| + PS_FILES_DATA; | |
| + | |
| + sid = php_session_create_id((void **)&data, newlen TSRMLS_CC); | |
| + | |
| + if (!sid) { | |
| + int newlen, old_hash; | |
| + old_hash = PS(hash_func); | |
| + PS(hash_func) = PS_HASH_FUNC_SHA1; /* use SHA1 so that it never fails */ | |
| + PS(id) = php_session_create_id((void **)&data, &newlen TSRMLS_CC); | |
| + PS(hash_func) = old_hash; | |
| + } | |
| + return sid; | |
| +} | |
| + | |
| + | |
| /* | |
| * Local variables: | |
| * tab-width: 4 | |
| diff --git a/ext/session/mod_files.h b/ext/session/mod_files.h | |
| index 43ac47f..3cdcad4 100644 | |
| --- a/ext/session/mod_files.h | |
| +++ b/ext/session/mod_files.h | |
| @@ -24,6 +24,6 @@ | |
| extern ps_module ps_mod_files; | |
| #define ps_files_ptr &ps_mod_files | |
| -PS_FUNCS(files); | |
| +PS_FUNCS_SID(files); | |
| #endif | |
| diff --git a/ext/session/mod_mm.c b/ext/session/mod_mm.c | |
| index b99dd82..cfa9a3b 100644 | |
| --- a/ext/session/mod_mm.c | |
| +++ b/ext/session/mod_mm.c | |
| @@ -124,7 +124,7 @@ static ps_sd *ps_sd_new(ps_mm *data, const char *key) | |
| if (!sd) { | |
| TSRMLS_FETCH(); | |
| - php_error_docref(NULL TSRMLS_CC, E_WARNING, "mm_malloc failed, avail %d, err %s", mm_available(data->mm), mm_error()); | |
| + php_error_docref(NULL TSRMLS_CC, E_WARNING, "mm_malloc failed, avail %ld, err %s", mm_available(data->mm), mm_error()); | |
| return NULL; | |
| } | |
| @@ -208,8 +208,38 @@ static ps_sd *ps_sd_lookup(ps_mm *data, const char *key, int rw) | |
| return ret; | |
| } | |
| +static int ps_mm_validate_sid(ps_mm *data, const char *key) | |
| +{ | |
| + ps_sd *sd; | |
| + | |
| + if (php_session_validate_key(key) == FAILURE) { | |
| + PS(invalid_session_id) = 1; | |
| + php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'"); | |
| + return FAILURE; | |
| + } | |
| + | |
| + sd = ps_sd_lookup(data, key, 0); | |
| + if (sd) { | |
| + return FAILURE; | |
| + } | |
| + PS(invalid_session_id) = 1; | |
| + return SUCCESS; | |
| +} | |
| + | |
| +static int ps_mm_check_collision(ps_mm *data, const char *key) | |
| +{ | |
| + ps_sd *sd; | |
| + | |
| + sd = ps_sd_lookup(data, key, 0); | |
| + if (sd) { | |
| + PS(invalid_session_id) = 1; | |
| + return FAILURE; | |
| + } | |
| + return SUCCESS; | |
| +} | |
| + | |
| ps_module ps_mod_mm = { | |
| - PS_MOD(mm) | |
| + PS_MOD_SID(mm) | |
| }; | |
| #define PS_MM_DATA ps_mm *data = PS_GET_MOD_DATA() | |
| @@ -257,6 +287,7 @@ static void ps_mm_destroy(ps_mm *data) | |
| free(data); | |
| } | |
| + | |
| PHP_MINIT_FUNCTION(ps_mm) | |
| { | |
| int save_path_len = strlen(PS(save_path)); | |
| @@ -314,6 +345,9 @@ PHP_MSHUTDOWN_FUNCTION(ps_mm) | |
| PS_OPEN_FUNC(mm) | |
| { | |
| + int cnt = 0; | |
| + PS_MM_DATA; | |
| + | |
| ps_mm_debug(("open: ps_mm_instance=%p\n", ps_mm_instance)); | |
| if (!ps_mm_instance) { | |
| @@ -321,6 +355,29 @@ PS_OPEN_FUNC(mm) | |
| } | |
| PS_SET_MOD_DATA(ps_mm_instance); | |
| + /* If there is an ID and strict mode, verify it */ | |
| + if (PS(id) && PS(use_strict_mode) | |
| + && ps_mm_validate_sid(data, PS(id) TSRMLS_CC) == FAILURE) { | |
| + efree(PS(id)); | |
| + PS(id) = NULL; | |
| + } | |
| + | |
| + /* If there is no ID, use session module to create one */ | |
| + while(!PS(id)) { | |
| + PS(id) = PS(mod)->s_create_sid((void **)&data, NULL TSRMLS_CC); | |
| + if (cnt++ > 3) { | |
| + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to create session ID more than twice. Check your save_path."); | |
| + return FAILURE; | |
| + } | |
| + if (!PS(id) || ps_mm_check_collision(data, PS(id) TSRMLS_CC) == FAILURE) { | |
| + continue; | |
| + } | |
| + PS(invalid_session_id) = 0; | |
| + if (PS(use_cookies)) { | |
| + PS(send_cookie) = 1; | |
| + } | |
| + } | |
| + | |
| return SUCCESS; | |
| } | |
| @@ -442,6 +499,24 @@ PS_GC_FUNC(mm) | |
| return SUCCESS; | |
| } | |
| +PS_CREATE_SID_FUNC(mm) | |
| +{ | |
| + char *sid; | |
| + PS_MM_DATA; | |
| + | |
| + sid = php_session_create_id((void **)&data, newlen); | |
| + | |
| + if (!sid) { | |
| + int newlen, old_hash; | |
| + old_hash = PS(hash_func); | |
| + PS(hash_func) = PS_HASH_FUNC_SHA1; /* use SHA1 so that it never fails */ | |
| + PS(id) = php_session_create_id((void **)&data, &newlen TSRMLS_CC); | |
| + PS(hash_func) = old_hash; | |
| + } | |
| + | |
| + return sid; | |
| +} | |
| + | |
| #endif | |
| /* | |
| diff --git a/ext/session/mod_mm.h b/ext/session/mod_mm.h | |
| index adec504..98f7d09 100644 | |
| --- a/ext/session/mod_mm.h | |
| +++ b/ext/session/mod_mm.h | |
| @@ -31,7 +31,7 @@ PHP_MSHUTDOWN_FUNCTION(ps_mm); | |
| extern ps_module ps_mod_mm; | |
| #define ps_mm_ptr &ps_mod_mm | |
| -PS_FUNCS(mm); | |
| +PS_FUNCS_SID(mm); | |
| #endif | |
| #endif | |
| diff --git a/ext/session/mod_user.c b/ext/session/mod_user.c | |
| index 2ff5302..eb14bb5 100644 | |
| --- a/ext/session/mod_user.c | |
| +++ b/ext/session/mod_user.c | |
| @@ -79,6 +79,7 @@ static zval *ps_call_handler(zval *func, int argc, zval **argv TSRMLS_DC) | |
| PS_OPEN_FUNC(user) | |
| { | |
| zval *args[2]; | |
| + int cnt = 0; | |
| STDVARS; | |
| if (PSF(open) == NULL) { | |
| @@ -94,6 +95,25 @@ PS_OPEN_FUNC(user) | |
| retval = ps_call_handler(PSF(open), 2, args TSRMLS_CC); | |
| PS(mod_user_implemented) = 1; | |
| + /* If there is no SID, use session module to create one. | |
| + * mod_user do not validate SID, nor check SID collision. | |
| + * Users are responsible to do that. | |
| + */ | |
| + while(!PS(id)) { | |
| + PS(id) = php_session_create_id((void **)mod_data, NULL TSRMLS_CC); | |
| + if (cnt++ > 3) { | |
| + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to create session ID more than twice. Check your save_path."); | |
| + return FAILURE; | |
| + } | |
| + PS(invalid_session_id) = 0; | |
| + } | |
| + | |
| + if (PS(use_strict_mode) && php_session_validate_key(PS(id)) == FAILURE) { | |
| + PS(invalid_session_id) = 1; | |
| + php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'"); | |
| + return FAILURE; | |
| + } | |
| + | |
| FINISH; | |
| } | |
| @@ -117,7 +137,7 @@ PS_READ_FUNC(user) | |
| zval *args[1]; | |
| STDVARS; | |
| - SESS_ZVAL_STRING((char*)key, args[0]); | |
| + SESS_ZVAL_STRING(PS(id), args[0]); | |
| retval = ps_call_handler(PSF(read), 1, args TSRMLS_CC); | |
| diff --git a/ext/session/mod_user.h b/ext/session/mod_user.h | |
| index ea1980a..a25fa6d 100644 | |
| --- a/ext/session/mod_user.h | |
| +++ b/ext/session/mod_user.h | |
| @@ -24,6 +24,6 @@ | |
| extern ps_module ps_mod_user; | |
| #define ps_user_ptr &ps_mod_user | |
| -PS_FUNCS(user); | |
| +PS_FUNCS_SID(user); | |
| #endif | |
| diff --git a/ext/session/mod_user_class.c b/ext/session/mod_user_class.c | |
| index 70d2f40..3a5daee 100644 | |
| --- a/ext/session/mod_user_class.c | |
| +++ b/ext/session/mod_user_class.c | |
| @@ -39,7 +39,7 @@ | |
| PHP_METHOD(SessionHandler, open) | |
| { | |
| char *save_path = NULL, *session_name = NULL; | |
| - int save_path_len, session_name_len; | |
| + int save_path_len, session_name_len, cnt = 0; | |
| PS_SANITY_CHECK; | |
| @@ -49,6 +49,25 @@ PHP_METHOD(SessionHandler, open) | |
| PS(mod_user_is_open) = 1; | |
| RETVAL_BOOL(SUCCESS == PS(default_mod)->s_open(&PS(mod_data), save_path, session_name TSRMLS_CC)); | |
| + | |
| + /* If there is no SID, use session module to create one. | |
| + * mod_user do not validate SID, nor check SID collision. | |
| + * Users are responsible to do that. | |
| + */ | |
| + while(!PS(id)) { | |
| + PS(id) = php_session_create_id(&PS(mod_data), NULL TSRMLS_CC); | |
| + if (cnt++ > 3) { | |
| + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to create session ID more than twice. Check your save_path."); | |
| + return; | |
| + } | |
| + PS(invalid_session_id) = 0; | |
| + } | |
| + | |
| + if (PS(use_strict_mode) && php_session_validate_key(PS(id)) == FAILURE) { | |
| + PS(invalid_session_id) = 1; | |
| + php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'"); | |
| + return; | |
| + } | |
| } | |
| /* }}} */ | |
| @@ -80,7 +99,7 @@ PHP_METHOD(SessionHandler, read) | |
| return; | |
| } | |
| - if (PS(default_mod)->s_read(&PS(mod_data), key, &val, &val_len TSRMLS_CC) == FAILURE) { | |
| + if (PS(default_mod)->s_read(&PS(mod_data), PS(id), &val, &val_len TSRMLS_CC) == FAILURE) { | |
| RETVAL_FALSE; | |
| return; | |
| } | |
| diff --git a/ext/session/php_session.h b/ext/session/php_session.h | |
| index ba0195b..c2398e6 100644 | |
| --- a/ext/session/php_session.h | |
| +++ b/ext/session/php_session.h | |
| @@ -39,6 +39,8 @@ | |
| /* default create id function */ | |
| PHPAPI char *php_session_create_id(PS_CREATE_SID_ARGS); | |
| +/* default session id validation function */ | |
| +PHPAPI int php_session_validate_key(const char *key); | |
| typedef struct ps_module_struct { | |
| const char *s_name; | |
| @@ -75,7 +77,7 @@ typedef struct ps_module_struct { | |
| #x, ps_open_##x, ps_close_##x, ps_read_##x, ps_write_##x, \ | |
| ps_delete_##x, ps_gc_##x, php_session_create_id | |
| -/* SID enabled module handler definitions */ | |
| +/* SID creation enabled module handler definitions */ | |
| #define PS_FUNCS_SID(x) \ | |
| PS_OPEN_FUNC(x); \ | |
| PS_CLOSE_FUNC(x); \ | |
| @@ -89,6 +91,12 @@ typedef struct ps_module_struct { | |
| #x, ps_open_##x, ps_close_##x, ps_read_##x, ps_write_##x, \ | |
| ps_delete_##x, ps_gc_##x, ps_create_sid_##x | |
| +enum { | |
| + PS_HASH_FUNC_MD5, | |
| + PS_HASH_FUNC_SHA1, | |
| + PS_HASH_FUNC_OTHER | |
| +}; | |
| + | |
| typedef enum { | |
| php_session_disabled, | |
| php_session_none, | |
| @@ -174,6 +182,8 @@ typedef struct _php_ps_globals { | |
| smart_str rfc1867_name; /* session.upload_progress.name */ | |
| long rfc1867_freq; /* session.upload_progress.freq */ | |
| double rfc1867_min_freq; /* session.upload_progress.min_freq */ | |
| + | |
| + zend_bool use_strict_mode; /* whether or not PHP accepts unknown session ids */ | |
| } php_ps_globals; | |
| typedef php_ps_globals zend_ps_globals; | |
| diff --git a/ext/session/session.c b/ext/session/session.c | |
| index 7a8199d..78b46d8 100644 | |
| --- a/ext/session/session.c | |
| +++ b/ext/session/session.c | |
| @@ -231,12 +231,6 @@ static void php_session_decode(const char *val, int vallen TSRMLS_DC) /* {{{ */ | |
| static char hexconvtab[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ,-"; | |
| -enum { | |
| - PS_HASH_FUNC_MD5, | |
| - PS_HASH_FUNC_SHA1, | |
| - PS_HASH_FUNC_OTHER | |
| -}; | |
| - | |
| /* returns a pointer to the byte after the last valid character in out */ | |
| static char *bin_to_readable(char *in, size_t inlen, char *out, char nbits) /* {{{ */ | |
| { | |
| @@ -425,6 +419,41 @@ PHPAPI char *php_session_create_id(PS_CREATE_SID_ARGS) /* {{{ */ | |
| } | |
| /* }}} */ | |
| +/* Default char validation function allowed by ps_modules. | |
| + * If you change the logic here, please also update the error message in | |
| + * ps_modules appropriately */ | |
| +PHPAPI int php_session_validate_key(const char *key) /* {{{ */ | |
| +{ | |
| + size_t len; | |
| + const char *p; | |
| + char c; | |
| + int ret = SUCCESS; | |
| + | |
| + for (p = key; (c = *p); p++) { | |
| + /* valid characters are a..z,A..Z,0..9 */ | |
| + if (!((c >= 'a' && c <= 'z') | |
| + || (c >= 'A' && c <= 'Z') | |
| + || (c >= '0' && c <= '9') | |
| + || c == ',' | |
| + || c == '-')) { | |
| + ret = FAILURE; | |
| + break; | |
| + } | |
| + } | |
| + | |
| + len = p - key; | |
| + | |
| + /* Somewhat arbitrary length limit here, but should be way more than | |
| + anyone needs and avoids file-level warnings later on if we exceed MAX_PATH */ | |
| + if (len == 0 || len > 128) { | |
| + ret = FAILURE; | |
| + } | |
| + | |
| + return ret; | |
| +} | |
| +/* }}} */ | |
| + | |
| + | |
| static void php_session_initialize(TSRMLS_D) /* {{{ */ | |
| { | |
| char *val; | |
| @@ -447,9 +476,12 @@ static void php_session_initialize(TSRMLS_D) /* {{{ */ | |
| return; | |
| } | |
| - /* If there is no ID, use session module to create one */ | |
| + /* If there is no ID, use session module to create one. | |
| + * This code must exist for third party PS module compatibility. | |
| + * Third party PS modules should validate PS(id) in open function | |
| + * to prevent session adoption and collision. | |
| + */ | |
| if (!PS(id)) { | |
| -new_session: | |
| PS(id) = PS(mod)->s_create_sid(&PS(mod_data), NULL TSRMLS_CC); | |
| if (PS(use_cookies)) { | |
| PS(send_cookie) = 1; | |
| @@ -462,16 +494,13 @@ new_session: | |
| * it could prove usefull for those sites which wish to have "default" | |
| * session information. */ | |
| php_session_track_init(TSRMLS_C); | |
| - PS(invalid_session_id) = 0; | |
| if (PS(mod)->s_read(&PS(mod_data), PS(id), &val, &vallen TSRMLS_CC) == SUCCESS) { | |
| php_session_decode(val, vallen TSRMLS_CC); | |
| efree(val); | |
| - } else if (PS(invalid_session_id)) { /* address instances where the session read fails due to an invalid id */ | |
| - PS(invalid_session_id) = 0; | |
| - efree(PS(id)); | |
| - PS(id) = NULL; | |
| - goto new_session; | |
| } | |
| + /* We should not address read failure here, since it may cause infinate | |
| + * loop by db/storage/network/etc errors depending on save handler's implementation. | |
| + */ | |
| } | |
| /* }}} */ | |
| @@ -720,6 +749,7 @@ PHP_INI_BEGIN() | |
| STD_PHP_INI_BOOLEAN("session.cookie_httponly", "", PHP_INI_ALL, OnUpdateBool, cookie_httponly, php_ps_globals, ps_globals) | |
| STD_PHP_INI_BOOLEAN("session.use_cookies", "1", PHP_INI_ALL, OnUpdateBool, use_cookies, php_ps_globals, ps_globals) | |
| STD_PHP_INI_BOOLEAN("session.use_only_cookies", "1", PHP_INI_ALL, OnUpdateBool, use_only_cookies, php_ps_globals, ps_globals) | |
| + STD_PHP_INI_BOOLEAN("session.use_strict_mode", "1", PHP_INI_ALL, OnUpdateBool, use_strict_mode, php_ps_globals, ps_globals) | |
| STD_PHP_INI_ENTRY("session.referer_check", "", PHP_INI_ALL, OnUpdateString, extern_referer_chk, php_ps_globals, ps_globals) | |
| #if HAVE_DEV_URANDOM | |
| STD_PHP_INI_ENTRY("session.entropy_file", "/dev/urandom", PHP_INI_ALL, OnUpdateString, entropy_file, php_ps_globals, ps_globals) | |
| @@ -1720,9 +1750,9 @@ static PHP_FUNCTION(session_save_path) | |
| static PHP_FUNCTION(session_id) | |
| { | |
| char *name = NULL; | |
| - int name_len; | |
| + int name_len, argc = ZEND_NUM_ARGS(); | |
| - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|s", &name, &name_len) == FAILURE) { | |
| + if (zend_parse_parameters(argc TSRMLS_CC, "|s", &name, &name_len) == FAILURE) { | |
| return; | |
| } | |
| @@ -1733,10 +1763,14 @@ static PHP_FUNCTION(session_id) | |
| } | |
| if (name) { | |
| - if (PS(id)) { | |
| - efree(PS(id)); | |
| + if (PS(use_strict_mode) && argc) { | |
| + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot set session ID when session.use_strict_mode is enabled"); | |
| + } else { | |
| + if (PS(id)) { | |
| + efree(PS(id)); | |
| + } | |
| + PS(id) = estrndup(name, name_len); | |
| } | |
| - PS(id) = estrndup(name, name_len); | |
| } | |
| } | |
| /* }}} */ | |
| diff --git a/ext/session/tests/003.phpt b/ext/session/tests/003.phpt | |
| index 03c3b95..8725f06 100644 | |
| --- a/ext/session/tests/003.phpt | |
| +++ b/ext/session/tests/003.phpt | |
| @@ -4,6 +4,7 @@ session object deserialization | |
| <?php include('skipif.inc'); ?> | |
| --INI-- | |
| session.use_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.cache_limiter= | |
| session.serialize_handler=php | |
| session.save_handler=files | |
| diff --git a/ext/session/tests/004.phpt b/ext/session/tests/004.phpt | |
| index aeb2c8b..4547c65 100644 | |
| --- a/ext/session/tests/004.phpt | |
| +++ b/ext/session/tests/004.phpt | |
| @@ -4,6 +4,7 @@ session_set_save_handler test | |
| <?php include('skipif.inc'); ?> | |
| --INI-- | |
| session.use_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.cache_limiter= | |
| session.name=PHPSESSID | |
| session.serialize_handler=php | |
| diff --git a/ext/session/tests/005.phpt b/ext/session/tests/005.phpt | |
| index a970e6b..796d9c3 100644 | |
| --- a/ext/session/tests/005.phpt | |
| +++ b/ext/session/tests/005.phpt | |
| @@ -4,6 +4,7 @@ custom save handler, multiple session_start()s, complex data structure test. | |
| <?php include('skipif.inc'); ?> | |
| --INI-- | |
| session.use_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.cache_limiter= | |
| session.name=PHPSESSID | |
| session.serialize_handler=php | |
| diff --git a/ext/session/tests/006.phpt b/ext/session/tests/006.phpt | |
| index 03fca10..dba6894 100644 | |
| --- a/ext/session/tests/006.phpt | |
| +++ b/ext/session/tests/006.phpt | |
| @@ -4,6 +4,7 @@ correct instantiation of references between variables in sessions | |
| <?php include('skipif.inc'); ?> | |
| --INI-- | |
| session.use_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.cache_limiter= | |
| session.serialize_handler=php | |
| session.save_handler=files | |
| diff --git a/ext/session/tests/009.phpt b/ext/session/tests/009.phpt | |
| index d73bc23..6d8d11c 100644 | |
| --- a/ext/session/tests/009.phpt | |
| +++ b/ext/session/tests/009.phpt | |
| @@ -4,6 +4,7 @@ unset($_SESSION["name"]); test | |
| <?php include('skipif.inc'); ?> | |
| --INI-- | |
| session.use_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.cache_limiter= | |
| session.serialize_handler=php | |
| session.save_handler=files | |
| diff --git a/ext/session/tests/012.phpt b/ext/session/tests/012.phpt | |
| index 8708011..c555d2c 100644 | |
| --- a/ext/session/tests/012.phpt | |
| +++ b/ext/session/tests/012.phpt | |
| @@ -4,6 +4,7 @@ registering $_SESSION should not segfault | |
| <?php include('skipif.inc'); ?> | |
| --INI-- | |
| session.use_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.cache_limiter= | |
| session.serialize_handler=php | |
| session.save_handler=files | |
| diff --git a/ext/session/tests/013.phpt b/ext/session/tests/013.phpt | |
| index 8d0f284..32909eb 100644 | |
| --- a/ext/session/tests/013.phpt | |
| +++ b/ext/session/tests/013.phpt | |
| @@ -4,6 +4,7 @@ redefining SID should not cause warnings | |
| <?php include('skipif.inc'); ?> | |
| --INI-- | |
| session.use_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.cache_limiter= | |
| session.serialize_handler=php | |
| session.save_handler=files | |
| diff --git a/ext/session/tests/014.phpt b/ext/session/tests/014.phpt | |
| index 73bc28e..cbf22b1 100644 | |
| --- a/ext/session/tests/014.phpt | |
| +++ b/ext/session/tests/014.phpt | |
| @@ -5,6 +5,7 @@ a script should not be able to modify session.use_trans_sid | |
| --INI-- | |
| session.use_trans_sid=0 | |
| session.use_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.cache_limiter= | |
| session.name=PHPSESSID | |
| session.serialize_handler=php | |
| diff --git a/ext/session/tests/015.phpt b/ext/session/tests/015.phpt | |
| index 7d7b737..527b86b 100644 | |
| --- a/ext/session/tests/015.phpt | |
| +++ b/ext/session/tests/015.phpt | |
| @@ -6,6 +6,7 @@ use_trans_sid should not affect SID | |
| session.use_trans_sid=1 | |
| session.use_cookies=0 | |
| session.use_only_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.cache_limiter= | |
| arg_separator.output=& | |
| session.name=PHPSESSID | |
| diff --git a/ext/session/tests/018.phpt b/ext/session/tests/018.phpt | |
| index def1f41..5ec132b 100644 | |
| --- a/ext/session/tests/018.phpt | |
| +++ b/ext/session/tests/018.phpt | |
| @@ -5,6 +5,7 @@ rewriter correctly handles attribute names which contain dashes | |
| --INI-- | |
| session.use_cookies=0 | |
| session.use_only_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.cache_limiter= | |
| session.use_trans_sid=1 | |
| session.name=PHPSESSID | |
| diff --git a/ext/session/tests/019.phpt b/ext/session/tests/019.phpt | |
| index 3ee8ccd..0f06add 100644 | |
| --- a/ext/session/tests/019.phpt | |
| +++ b/ext/session/tests/019.phpt | |
| @@ -4,6 +4,7 @@ serializing references test case using globals | |
| <?php include('skipif.inc'); ?> | |
| --INI-- | |
| session.use_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.cache_limiter= | |
| session.serialize_handler=php | |
| session.save_handler=files | |
| diff --git a/ext/session/tests/020.phpt b/ext/session/tests/020.phpt | |
| index f43bac5..7b18424 100644 | |
| --- a/ext/session/tests/020.phpt | |
| +++ b/ext/session/tests/020.phpt | |
| @@ -5,6 +5,7 @@ rewriter uses arg_seperator.output for modifying URLs | |
| --INI-- | |
| session.use_cookies=0 | |
| session.use_only_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.cache_limiter= | |
| session.use_trans_sid=1 | |
| arg_separator.output="&" | |
| diff --git a/ext/session/tests/021.phpt b/ext/session/tests/021.phpt | |
| index 1ad3c5d..e199972 100644 | |
| --- a/ext/session/tests/021.phpt | |
| +++ b/ext/session/tests/021.phpt | |
| @@ -5,6 +5,7 @@ rewriter handles form and fieldset tags correctly | |
| --INI-- | |
| session.use_cookies=0 | |
| session.use_only_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.cache_limiter= | |
| session.use_trans_sid=1 | |
| url_rewriter.tags="a=href,area=href,frame=src,input=src,form=,fieldset=" | |
| diff --git a/ext/session/tests/023.phpt b/ext/session/tests/023.phpt | |
| index 42b1e5b..592b4a8 100644 | |
| --- a/ext/session/tests/023.phpt | |
| +++ b/ext/session/tests/023.phpt | |
| @@ -4,6 +4,7 @@ session object deserialization | |
| <?php include('skipif.inc'); ?> | |
| --INI-- | |
| session.use_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.cache_limiter= | |
| session.serialize_handler=php | |
| session.save_handler=files | |
| diff --git a/ext/session/tests/024.phpt b/ext/session/tests/024.phpt | |
| index 2ad2606..2b273e2 100644 | |
| --- a/ext/session/tests/024.phpt | |
| +++ b/ext/session/tests/024.phpt | |
| @@ -4,6 +4,7 @@ session_set_save_handler test | |
| <?php include('skipif.inc'); ?> | |
| --INI-- | |
| session.use_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.cache_limiter= | |
| session.name=PHPSESSID | |
| session.serialize_handler=php | |
| diff --git a/ext/session/tests/025.phpt b/ext/session/tests/025.phpt | |
| index 4fd095f..a9ad8fb 100644 | |
| --- a/ext/session/tests/025.phpt | |
| +++ b/ext/session/tests/025.phpt | |
| @@ -4,6 +4,7 @@ custom save handler, multiple session_start()s, complex data structure test. | |
| <?php include('skipif.inc'); ?> | |
| --INI-- | |
| session.use_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.cache_limiter= | |
| session.name=PHPSESSID | |
| session.serialize_handler=php | |
| diff --git a/ext/session/tests/026.phpt b/ext/session/tests/026.phpt | |
| index 06c135d..44f0ae0 100644 | |
| --- a/ext/session/tests/026.phpt | |
| +++ b/ext/session/tests/026.phpt | |
| @@ -4,6 +4,7 @@ correct instantiation of references between variables in sessions | |
| <?php include('skipif.inc'); ?> | |
| --INI-- | |
| session.use_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.cache_limiter= | |
| session.serialize_handler=php | |
| session.save_handler=files | |
| diff --git a/ext/session/tests/027.phpt b/ext/session/tests/027.phpt | |
| index 600a992..6382852 100644 | |
| --- a/ext/session/tests/027.phpt | |
| +++ b/ext/session/tests/027.phpt | |
| @@ -4,6 +4,7 @@ unset($_SESSION["name"]); should work | |
| <?php include('skipif.inc'); ?> | |
| --INI-- | |
| session.use_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.cache_limiter= | |
| session.serialize_handler=php | |
| session.save_handler=files | |
| diff --git a/ext/session/tests/030.phpt b/ext/session/tests/030.phpt | |
| index 8d0f284..32909eb 100644 | |
| --- a/ext/session/tests/030.phpt | |
| +++ b/ext/session/tests/030.phpt | |
| @@ -4,6 +4,7 @@ redefining SID should not cause warnings | |
| <?php include('skipif.inc'); ?> | |
| --INI-- | |
| session.use_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.cache_limiter= | |
| session.serialize_handler=php | |
| session.save_handler=files | |
| diff --git a/ext/session/tests/bug41600.phpt b/ext/session/tests/bug41600.phpt | |
| index 690347a..5380ee7 100644 | |
| --- a/ext/session/tests/bug41600.phpt | |
| +++ b/ext/session/tests/bug41600.phpt | |
| @@ -7,6 +7,7 @@ session.use_cookies=0 | |
| session.use_only_cookies=0 | |
| session.cache_limiter= | |
| session.use_trans_sid=1 | |
| +session.use_strict_mode=0 | |
| arg_separator.output="&" | |
| session.name=PHPSESSID | |
| session.serialize_handler=php | |
| diff --git a/ext/session/tests/rfc1867.phpt b/ext/session/tests/rfc1867.phpt | |
| index dc44e8b..fb0f506 100644 | |
| --- a/ext/session/tests/rfc1867.phpt | |
| +++ b/ext/session/tests/rfc1867.phpt | |
| @@ -9,6 +9,7 @@ session.save_path= | |
| session.name=PHPSESSID | |
| session.use_cookies=1 | |
| session.use_only_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.upload_progress.enabled=1 | |
| session.upload_progress.cleanup=0 | |
| session.upload_progress.prefix=upload_progress_ | |
| diff --git a/ext/session/tests/rfc1867_cleanup.phpt b/ext/session/tests/rfc1867_cleanup.phpt | |
| index f70b395..c41a7d1 100644 | |
| --- a/ext/session/tests/rfc1867_cleanup.phpt | |
| +++ b/ext/session/tests/rfc1867_cleanup.phpt | |
| @@ -9,6 +9,7 @@ session.save_path= | |
| session.name=PHPSESSID | |
| session.use_cookies=1 | |
| session.use_only_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.upload_progress.enabled=1 | |
| session.upload_progress.cleanup=1 | |
| session.upload_progress.prefix=upload_progress_ | |
| diff --git a/ext/session/tests/rfc1867_disabled.phpt b/ext/session/tests/rfc1867_disabled.phpt | |
| index 4490055..751d590 100644 | |
| --- a/ext/session/tests/rfc1867_disabled.phpt | |
| +++ b/ext/session/tests/rfc1867_disabled.phpt | |
| @@ -9,6 +9,7 @@ session.save_path= | |
| session.name=PHPSESSID | |
| session.use_cookies=1 | |
| session.use_only_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.upload_progress.enabled=0 | |
| session.upload_progress.cleanup=0 | |
| session.upload_progress.prefix=upload_progress_ | |
| diff --git a/ext/session/tests/rfc1867_disabled_2.phpt b/ext/session/tests/rfc1867_disabled_2.phpt | |
| index e878f46..d83b1d9 100644 | |
| --- a/ext/session/tests/rfc1867_disabled_2.phpt | |
| +++ b/ext/session/tests/rfc1867_disabled_2.phpt | |
| @@ -9,6 +9,7 @@ session.save_path= | |
| session.name=PHPSESSID | |
| session.use_cookies=1 | |
| session.use_only_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.upload_progress.enabled=1 | |
| session.upload_progress.cleanup=0 | |
| session.upload_progress.prefix=upload_progress_ | |
| diff --git a/ext/session/tests/rfc1867_inter.phpt b/ext/session/tests/rfc1867_inter.phpt | |
| index 7686371..8e3c136 100644 | |
| --- a/ext/session/tests/rfc1867_inter.phpt | |
| +++ b/ext/session/tests/rfc1867_inter.phpt | |
| @@ -9,6 +9,7 @@ session.save_path= | |
| session.name=PHPSESSID | |
| session.use_cookies=1 | |
| session.use_only_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.upload_progress.enabled=1 | |
| session.upload_progress.cleanup=0 | |
| session.upload_progress.prefix=upload_progress_ | |
| diff --git a/ext/session/tests/rfc1867_no_name.phpt b/ext/session/tests/rfc1867_no_name.phpt | |
| index c1dda81..75928dd 100644 | |
| --- a/ext/session/tests/rfc1867_no_name.phpt | |
| +++ b/ext/session/tests/rfc1867_no_name.phpt | |
| @@ -9,6 +9,7 @@ session.save_path= | |
| session.name=PHPSESSID | |
| session.use_cookies=1 | |
| session.use_only_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.upload_progress.enabled=1 | |
| session.upload_progress.cleanup=0 | |
| session.upload_progress.prefix=upload_progress_ | |
| diff --git a/ext/session/tests/rfc1867_sid_cookie.phpt b/ext/session/tests/rfc1867_sid_cookie.phpt | |
| index 735a5ac..34256f1 100644 | |
| --- a/ext/session/tests/rfc1867_sid_cookie.phpt | |
| +++ b/ext/session/tests/rfc1867_sid_cookie.phpt | |
| @@ -9,6 +9,7 @@ session.save_path= | |
| session.name=PHPSESSID | |
| session.use_cookies=1 | |
| session.use_only_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.upload_progress.enabled=1 | |
| session.upload_progress.cleanup=0 | |
| session.upload_progress.prefix=upload_progress_ | |
| diff --git a/ext/session/tests/rfc1867_sid_get.phpt b/ext/session/tests/rfc1867_sid_get.phpt | |
| index cc5a793..fb48fd8 100644 | |
| --- a/ext/session/tests/rfc1867_sid_get.phpt | |
| +++ b/ext/session/tests/rfc1867_sid_get.phpt | |
| @@ -9,6 +9,7 @@ session.save_path= | |
| session.name=PHPSESSID | |
| session.use_cookies=1 | |
| session.use_only_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.upload_progress.enabled=1 | |
| session.upload_progress.cleanup=0 | |
| session.upload_progress.prefix=upload_progress_ | |
| diff --git a/ext/session/tests/rfc1867_sid_get_2.phpt b/ext/session/tests/rfc1867_sid_get_2.phpt | |
| index 1d22e59..a25d10c 100644 | |
| --- a/ext/session/tests/rfc1867_sid_get_2.phpt | |
| +++ b/ext/session/tests/rfc1867_sid_get_2.phpt | |
| @@ -9,6 +9,7 @@ session.save_path= | |
| session.name=PHPSESSID | |
| session.use_cookies=0 | |
| session.use_only_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.upload_progress.enabled=1 | |
| session.upload_progress.cleanup=0 | |
| session.upload_progress.prefix=upload_progress_ | |
| diff --git a/ext/session/tests/rfc1867_sid_invalid.phpt b/ext/session/tests/rfc1867_sid_invalid.phpt | |
| index b28a2e3..c39dd3c 100644 | |
| --- a/ext/session/tests/rfc1867_sid_invalid.phpt | |
| +++ b/ext/session/tests/rfc1867_sid_invalid.phpt | |
| @@ -9,8 +9,9 @@ session.save_path= | |
| session.name=PHPSESSID | |
| session.use_cookies=1 | |
| session.use_only_cookies=0 | |
| +session.use_strict_mode=1 | |
| session.auto_start=0 | |
| -session.upload_progress.enabled=1 | |
| +session.upload_progress.enabled=0 | |
| session.upload_progress.cleanup=0 | |
| session.upload_progress.prefix=upload_progress_ | |
| session.upload_progress.name=PHP_SESSION_UPLOAD_PROGRESS | |
| @@ -45,7 +46,6 @@ var_dump($_SESSION["upload_progress_" . basename(__FILE__)]); | |
| session_destroy(); | |
| ?> | |
| --EXPECTF-- | |
| -Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0 | |
| string(%d) "%s" | |
| bool(true) | |
| array(2) { | |
| diff --git a/ext/session/tests/rfc1867_sid_only_cookie.phpt b/ext/session/tests/rfc1867_sid_only_cookie.phpt | |
| index 9a01056..10620b8 100644 | |
| --- a/ext/session/tests/rfc1867_sid_only_cookie.phpt | |
| +++ b/ext/session/tests/rfc1867_sid_only_cookie.phpt | |
| @@ -9,6 +9,7 @@ session.save_path= | |
| session.name=PHPSESSID | |
| session.use_cookies=1 | |
| session.use_only_cookies=1 | |
| +session.use_strict_mode=0 | |
| session.upload_progress.enabled=1 | |
| session.upload_progress.cleanup=0 | |
| session.upload_progress.prefix=upload_progress_ | |
| diff --git a/ext/session/tests/rfc1867_sid_post.phpt b/ext/session/tests/rfc1867_sid_post.phpt | |
| index 7c1eb2d..d35215e 100644 | |
| --- a/ext/session/tests/rfc1867_sid_post.phpt | |
| +++ b/ext/session/tests/rfc1867_sid_post.phpt | |
| @@ -9,6 +9,7 @@ session.save_path= | |
| session.name=PHPSESSID | |
| session.use_cookies=1 | |
| session.use_only_cookies=0 | |
| +session.use_strict_mode=0 | |
| session.upload_progress.enabled=1 | |
| session.upload_progress.cleanup=0 | |
| session.upload_progress.prefix=upload_progress_ | |
| diff --git a/ext/session/tests/session_commit_variation4.phpt b/ext/session/tests/session_commit_variation4.phpt | |
| index 57f4253..69854a6 100644 | |
| --- a/ext/session/tests/session_commit_variation4.phpt | |
| +++ b/ext/session/tests/session_commit_variation4.phpt | |
| @@ -2,6 +2,8 @@ | |
| Test session_commit() function : variation | |
| --SKIPIF-- | |
| <?php include('skipif.inc'); ?> | |
| +--INI-- | |
| +session.use_strict_mode=0 | |
| --FILE-- | |
| <?php | |
| diff --git a/ext/session/tests/session_id_basic.phpt b/ext/session/tests/session_id_basic.phpt | |
| index 5cb13c2..690e4ab 100644 | |
| --- a/ext/session/tests/session_id_basic.phpt | |
| +++ b/ext/session/tests/session_id_basic.phpt | |
| @@ -2,6 +2,8 @@ | |
| Test session_id() function : basic functionality | |
| --SKIPIF-- | |
| <?php include('skipif.inc'); ?> | |
| +--INI-- | |
| +session.use_strict_mode=0 | |
| --FILE-- | |
| <?php | |
| diff --git a/ext/session/tests/session_id_error.phpt b/ext/session/tests/session_id_error.phpt | |
| index 6337cb9..dc731e7 100644 | |
| --- a/ext/session/tests/session_id_error.phpt | |
| +++ b/ext/session/tests/session_id_error.phpt | |
| @@ -2,6 +2,8 @@ | |
| Test session_id() function : error functionality | |
| --SKIPIF-- | |
| <?php include('skipif.inc'); ?> | |
| +--INI-- | |
| +session.use_strict_mode=0 | |
| --FILE-- | |
| <?php | |
| diff --git a/ext/session/tests/session_id_error2.phpt b/ext/session/tests/session_id_error2.phpt | |
| index 05284e7..56b840c 100644 | |
| --- a/ext/session/tests/session_id_error2.phpt | |
| +++ b/ext/session/tests/session_id_error2.phpt | |
| @@ -2,6 +2,8 @@ | |
| Test session_id() function : error functionality | |
| --SKIPIF-- | |
| <?php include('skipif.inc'); ?> | |
| +--INI-- | |
| +session.use_strict_mode=0 | |
| --FILE-- | |
| <?php | |
| diff --git a/ext/session/tests/session_id_error3.phpt b/ext/session/tests/session_id_error3.phpt | |
| index fc29138..9dc1658 100644 | |
| --- a/ext/session/tests/session_id_error3.phpt | |
| +++ b/ext/session/tests/session_id_error3.phpt | |
| @@ -2,6 +2,8 @@ | |
| Test session_id() function : error functionality | |
| --SKIPIF-- | |
| <?php include('skipif.inc'); ?> | |
| +--INI-- | |
| +session.use_strict_mode=0 | |
| --FILE-- | |
| <?php | |
| diff --git a/ext/session/tests/session_set_save_handler_basic.phpt b/ext/session/tests/session_set_save_handler_basic.phpt | |
| index 3897ba9..ec7ef1a 100644 | |
| --- a/ext/session/tests/session_set_save_handler_basic.phpt | |
| +++ b/ext/session/tests/session_set_save_handler_basic.phpt | |
| @@ -1,6 +1,7 @@ | |
| --TEST-- | |
| Test session_set_save_handler() function : basic functionality | |
| --INI-- | |
| +session.use_strict_mode=0 | |
| session.save_path= | |
| session.name=PHPSESSID | |
| --SKIPIF-- | |
| diff --git a/ext/session/tests/session_set_save_handler_class_012.phpt b/ext/session/tests/session_set_save_handler_class_012.phpt | |
| index 706ef79..d9c4a39 100644 | |
| --- a/ext/session/tests/session_set_save_handler_class_012.phpt | |
| +++ b/ext/session/tests/session_set_save_handler_class_012.phpt | |
| @@ -1,12 +1,15 @@ | |
| --TEST-- | |
| Test session_set_save_handler() : incorrect arguments for existing handler open | |
| --INI-- | |
| +session.use_strict_mode=1 | |
| session.save_handler=files | |
| session.name=PHPSESSID | |
| +session.gc_divisor=100000000 | |
| --SKIPIF-- | |
| <?php include('skipif.inc'); ?> | |
| --FILE-- | |
| <?php | |
| +/* When gc is invoked. This test fails. */ | |
| ob_start(); | |
| diff --git a/ext/session/tests/session_set_save_handler_closures.phpt b/ext/session/tests/session_set_save_handler_closures.phpt | |
| index 21b2c68..b5254fb 100755 | |
| --- a/ext/session/tests/session_set_save_handler_closures.phpt | |
| +++ b/ext/session/tests/session_set_save_handler_closures.phpt | |
| @@ -1,6 +1,7 @@ | |
| --TEST-- | |
| Test session_set_save_handler() function : using closures as callbacks | |
| --INI-- | |
| +session.use_strict_mode=0 | |
| session.save_path= | |
| session.name=PHPSESSID | |
| --SKIPIF-- | |
| diff --git a/ext/session/tests/session_set_save_handler_variation4.phpt b/ext/session/tests/session_set_save_handler_variation4.phpt | |
| index 3485f23..1b453e8 100644 | |
| --- a/ext/session/tests/session_set_save_handler_variation4.phpt | |
| +++ b/ext/session/tests/session_set_save_handler_variation4.phpt | |
| @@ -3,6 +3,7 @@ Test session_set_save_handler() function : variation | |
| --SKIPIF-- | |
| <?php include('skipif.inc'); ?> | |
| --INI-- | |
| +session.use_strict_mode=0 | |
| session.gc_probability=1 | |
| session.gc_divisor=1 | |
| session.gc_maxlifetime=0 | |
| diff --git a/ext/session/tests/session_write_close_variation4.phpt b/ext/session/tests/session_write_close_variation4.phpt | |
| index 249c155..9076dcf 100644 | |
| --- a/ext/session/tests/session_write_close_variation4.phpt | |
| +++ b/ext/session/tests/session_write_close_variation4.phpt | |
| @@ -2,6 +2,8 @@ | |
| Test session_write_close() function : variation | |
| --SKIPIF-- | |
| <?php include('skipif.inc'); ?> | |
| +--INI-- | |
| +session.use_strict_mode=0 | |
| --FILE-- | |
| <?php | |
| diff --git a/php.ini-development b/php.ini-development | |
| index f3b70f1..e0b5dc8 100644 | |
| --- a/php.ini-development | |
| +++ b/php.ini-development | |
| @@ -1407,6 +1407,11 @@ session.use_cookies = 1 | |
| ; http://php.net/session.use-only-cookies | |
| session.use_only_cookies = 1 | |
| +; This option forces new session ID when browser supplied uninitialized session | |
| +; ID. By enabling this option, module prevents session fixation based on adoption. | |
| +; http://php.net/session.use-strict-mode | |
| +session.use_strict_mode = 1 | |
| + | |
| ; Name of the session (used as cookie name). | |
| ; http://php.net/session.name | |
| session.name = PHPSESSID | |
| diff --git a/php.ini-production b/php.ini-production | |
| index c0937f9..f8ff629 100644 | |
| --- a/php.ini-production | |
| +++ b/php.ini-production | |
| @@ -1407,6 +1407,11 @@ session.use_cookies = 1 | |
| ; http://php.net/session.use-only-cookies | |
| session.use_only_cookies = 1 | |
| +; This option forces new session ID when browser supplied uninitialized session | |
| +; ID. By enabling this option, module prevents session fixation based on adoption. | |
| +; http://php.net/session.use-strict-mode | |
| +session.use_strict_mode = 1 | |
| + | |
| ; Name of the session (used as cookie name). | |
| ; http://php.net/session.name | |
| session.name = PHPSESSID |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment