[PHP-CVS] cvs: php-src(PHP_4_3) /ext/session session.c

Fri, 29 Aug 2003 12:36:00 +0000 

sas             Fri Aug 29 08:35:15 2003 EDT

  Modified files:              (Branch: PHP_4_3)
    /php-src/ext/session        session.c 
  Log:
  MFH
  
  Fix a segfault which occured when using a storage format not capable
  of expressing references (e.g. WDDX) and deserializing a session variable
  whose name conflicted with an existing symbol in the global scope.
           
  PR: #25307
  Submitted by: Jani Taskinen
  Speling fixes: me
  
  
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.336.2.27 
php-src/ext/session/session.c:1.336.2.28
--- php-src/ext/session/session.c:1.336.2.27    Thu Aug 28 16:26:32 2003
+++ php-src/ext/session/session.c       Fri Aug 29 08:35:15 2003
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: session.c,v 1.336.2.27 2003/08/28 20:26:32 andrey Exp $ */
+/* $Id: session.c,v 1.336.2.28 2003/08/29 12:35:15 sas Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -287,24 +287,31 @@
        if (PG(register_globals)) {
                zval **old_symbol;
                if (zend_hash_find(&EG(symbol_table),name,namelen+1,(void 
*)&old_symbol) == SUCCESS) { 
+                       
                        /* 
-                          There was an old one, we need to replace it accurately.
-                          hash_update in zend_set_hash_symbol is not good, because
-                          it will leave referenced variables (such as local instances
-                          of a global variable) dangling.
-
-                          BTW: if you use register_globals references between
-                          session-vars won't work because of this very reason!
+                        * A global symbol with the same name exists already. That
+                        * symbol might have been created by other means (e.g. $_GET).
+                        *
+                        * hash_update in zend_set_hash_symbol is not good, because
+                        * it will leave referenced variables (such as local instances
+                        * of a global variable) dangling.
+                        *
+                        * BTW: if you use register_globals references between
+                        * session-vars won't work because of this very reason!
                         */
 
                        
                        REPLACE_ZVAL_VALUE(old_symbol,state_val,1);
 
-                       /* the following line will muck with the reference-table used 
for
-                        * unserialisation 
+                       /*
+                        * The following line will update the reference table used for
+                        * unserialization.  It is optional, because some storage 
+                        * formats may not be able to represent references.
                         */
 
-                       
PHP_VAR_UNSERIALIZE_ZVAL_CHANGED(var_hash,state_val,*old_symbol);
+                       if (var_hash) {
+                               
PHP_VAR_UNSERIALIZE_ZVAL_CHANGED(var_hash,state_val,*old_symbol);
+                       }
 
                        zend_set_hash_symbol(*old_symbol, name, namelen, 1, 1, 
Z_ARRVAL_P(PS(http_session_vars)));
                } else {

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to