Commit: 87dda666c73acde08982865cf63227eaa77f0478 Author: Yasuo Ohgaki <yohg...@php.net> Sat, 29 Jun 2013 08:07:44 +0900 Parents: ef63334fa6d0e51d3235b8a026da1316e89b08ce Branches: PHP-5.4
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=87dda666c73acde08982865cf63227eaa77f0478 Log: Fixed bug #35703: when session_name("123") consist only digits, should warning Bugs: https://bugs.php.net/35703 Changed paths: M ext/session/session.c M ext/session/tests/session_name_error.phpt M ext/session/tests/session_name_variation1.phpt Diff: diff --git a/ext/session/session.c b/ext/session/session.c index a130947..3879edc 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -615,6 +615,31 @@ static PHP_INI_MH(OnUpdateSaveDir) /* {{{ */ } /* }}} */ +static PHP_INI_MH(OnUpdateName) /* {{{ */ +{ + /* Numeric session.name won't work at all */ + if (PG(modules_activated) && + (!new_value_length || is_numeric_string(new_value, new_value_length, NULL, NULL, 0))) { + int err_type; + + if (stage == ZEND_INI_STAGE_RUNTIME) { + err_type = E_WARNING; + } else { + err_type = E_ERROR; + } + + /* Do not output error when restoring ini options. */ + if (stage != ZEND_INI_STAGE_DEACTIVATE) { + php_error_docref(NULL TSRMLS_CC, err_type, "session.name cannot be a numeric or empty '%s'", new_value); + } + return FAILURE; + } + + OnUpdateStringUnempty(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); + return SUCCESS; +} +/* }}} */ + static PHP_INI_MH(OnUpdateHashFunc) /* {{{ */ { long val; @@ -706,7 +731,7 @@ static ZEND_INI_MH(OnUpdateSmartStr) /* {{{ */ */ PHP_INI_BEGIN() STD_PHP_INI_ENTRY("session.save_path", "", PHP_INI_ALL, OnUpdateSaveDir,save_path, php_ps_globals, ps_globals) - STD_PHP_INI_ENTRY("session.name", "PHPSESSID", PHP_INI_ALL, OnUpdateString, session_name, php_ps_globals, ps_globals) + STD_PHP_INI_ENTRY("session.name", "PHPSESSID", PHP_INI_ALL, OnUpdateName, session_name, php_ps_globals, ps_globals) PHP_INI_ENTRY("session.save_handler", "files", PHP_INI_ALL, OnUpdateSaveHandler) STD_PHP_INI_BOOLEAN("session.auto_start", "0", PHP_INI_ALL, OnUpdateBool, auto_start, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.gc_probability", "1", PHP_INI_ALL, OnUpdateLong, gc_probability, php_ps_globals, ps_globals) diff --git a/ext/session/tests/session_name_error.phpt b/ext/session/tests/session_name_error.phpt index 2ed10d9..1b99d4e 100644 --- a/ext/session/tests/session_name_error.phpt +++ b/ext/session/tests/session_name_error.phpt @@ -86,7 +86,7 @@ $inputs = array( $iterator = 1; foreach($inputs as $input) { echo "\n-- Iteration $iterator --\n"; - var_dump(session_name($input)); + var_dump($input, session_name($input)); $iterator++; }; @@ -98,77 +98,139 @@ ob_end_flush(); *** Testing session_name() : error functionality *** -- Iteration 1 -- + +Warning: session_name(): session.name cannot be a numeric or empty '0' in %s on line %d +int(0) string(9) "PHPSESSID" -- Iteration 2 -- -string(1) "0" + +Warning: session_name(): session.name cannot be a numeric or empty '1' in %s on line %d +int(1) +string(9) "PHPSESSID" -- Iteration 3 -- -string(1) "1" + +Warning: session_name(): session.name cannot be a numeric or empty '12345' in %s on line %d +int(12345) +string(9) "PHPSESSID" -- Iteration 4 -- -string(5) "12345" + +Warning: session_name(): session.name cannot be a numeric or empty '-2345' in %s on line %d +int(-2345) +string(9) "PHPSESSID" -- Iteration 5 -- -string(5) "-2345" + +Warning: session_name(): session.name cannot be a numeric or empty '10.5' in %s on line %d +float(10.5) +string(9) "PHPSESSID" -- Iteration 6 -- -string(4) "10.5" + +Warning: session_name(): session.name cannot be a numeric or empty '-10.5' in %s on line %d +float(-10.5) +string(9) "PHPSESSID" -- Iteration 7 -- -string(5) "-10.5" + +Warning: session_name(): session.name cannot be a numeric or empty '123456789000' in %s on line %d +float(123456789000) +string(9) "PHPSESSID" -- Iteration 8 -- -string(12) "123456789000" + +Warning: session_name(): session.name cannot be a numeric or empty '1.23456789E-9' in %s on line %d +float(1.23456789E-9) +string(9) "PHPSESSID" -- Iteration 9 -- -string(13) "1.23456789E-9" + +Warning: session_name(): session.name cannot be a numeric or empty '0.5' in %s on line %d +float(0.5) +string(9) "PHPSESSID" -- Iteration 10 -- -string(3) "0.5" + +Warning: session_name(): session.name cannot be a numeric or empty '' in %s on line %d +NULL +string(9) "PHPSESSID" -- Iteration 11 -- -string(0) "" + +Warning: session_name(): session.name cannot be a numeric or empty '' in %s on line %d +NULL +string(9) "PHPSESSID" -- Iteration 12 -- -string(0) "" + +Warning: session_name(): session.name cannot be a numeric or empty '1' in %s on line %d +bool(true) +string(9) "PHPSESSID" -- Iteration 13 -- -string(1) "1" + +Warning: session_name(): session.name cannot be a numeric or empty '' in %s on line %d +bool(false) +string(9) "PHPSESSID" -- Iteration 14 -- -string(0) "" + +Warning: session_name(): session.name cannot be a numeric or empty '1' in %s on line %d +bool(true) +string(9) "PHPSESSID" -- Iteration 15 -- -string(1) "1" + +Warning: session_name(): session.name cannot be a numeric or empty '' in %s on line %d +bool(false) +string(9) "PHPSESSID" -- Iteration 16 -- + +Warning: session_name(): session.name cannot be a numeric or empty '' in %s on line %d string(0) "" +string(9) "PHPSESSID" -- Iteration 17 -- + +Warning: session_name(): session.name cannot be a numeric or empty '' in %s on line %d string(0) "" +string(9) "PHPSESSID" -- Iteration 18 -- -string(0) "" +string(7) "Nothing" +string(9) "PHPSESSID" -- Iteration 19 -- string(7) "Nothing" +string(7) "Nothing" -- Iteration 20 -- +string(12) "Hello World!" string(7) "Nothing" -- Iteration 21 -- +object(classA)#1 (0) { +} string(12) "Hello World!" -- Iteration 22 -- + +Warning: session_name(): session.name cannot be a numeric or empty '' in %s on line %d +NULL string(12) "Hello World!" -- Iteration 23 -- -string(0) "" + +Warning: session_name(): session.name cannot be a numeric or empty '' in %s on line %d +NULL +string(12) "Hello World!" -- Iteration 24 -- Warning: session_name() expects parameter 1 to be string, resource given in %s on line %d +resource(5) of type (stream) NULL -Done - +Done \ No newline at end of file diff --git a/ext/session/tests/session_name_variation1.phpt b/ext/session/tests/session_name_variation1.phpt index 16d6ad4..b0de3ee 100644 --- a/ext/session/tests/session_name_variation1.phpt +++ b/ext/session/tests/session_name_variation1.phpt @@ -43,18 +43,20 @@ ob_end_flush(); *** Testing session_name() : variation *** string(9) "PHPSESSID" bool(true) -string(0) "" +string(9) "PHPSESSID" bool(true) -string(0) "" -string(0) "" +string(9) "PHPSESSID" +string(9) "PHPSESSID" bool(true) string(1) " " bool(true) string(1) " " + +Warning: session_name(): session.name cannot be a numeric or empty '' in %s on line %d string(1) " " bool(true) -string(0) "" +string(1) " " bool(true) -string(0) "" +string(1) " " Done -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php