[PHP-CVS] cvs: php-src(PHP_5_0) / NEWS /ext/session session.c
rasmus Sat May 21 14:54:58 2005 EDT Modified files: (Branch: PHP_5_0) /php-srcNEWS /php-src/ext/sessionsession.c Log: MFH Fixed bug 33072 - safemode/open_basedir check for runtime save_path change http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1760.2.392r2=1.1760.2.393ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1760.2.392 php-src/NEWS:1.1760.2.393 --- php-src/NEWS:1.1760.2.392 Sat May 21 04:54:50 2005 +++ php-src/NEWSSat May 21 14:54:57 2005 @@ -14,6 +14,8 @@ - Fixed bug #33090 (mysqli_prepare doesn't return an error). (Georg) - Fixed bug #33076 (str_ireplace() incorrectly counts result string length and may cause segfault). (Tony) +- Fixed bug #33072 (Add a safemode/open_basedir check for runtime save_path + change) (Rasmus) - Fixed bug #33059 (crash when moving xml attribute set in dtd). (Ilia) - Fixed bug #33057 (Don't send extraneous entity-headers on a 304 as per RFC 2616 section 10.3.5) (Rasmus, Choitel) http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.391.2.12r2=1.391.2.13ty=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.391.2.12 php-src/ext/session/session.c:1.391.2.13 --- php-src/ext/session/session.c:1.391.2.12Fri May 20 06:28:16 2005 +++ php-src/ext/session/session.c Sat May 21 14:54:57 2005 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.391.2.12 2005/05/20 10:28:16 tony2001 Exp $ */ +/* $Id: session.c,v 1.391.2.13 2005/05/21 18:54:57 rasmus Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -131,13 +131,26 @@ return SUCCESS; } +static PHP_INI_MH(OnUpdateSaveDir) { + /* Only do the safemode/open_basedir check at runtime */ + if(stage == PHP_INI_STAGE_RUNTIME) { + if (PG(safe_mode) (!php_checkuid(new_value, NULL, CHECKUID_ALLOW_ONLY_DIR))) { + return FAILURE; + } + + if (php_check_open_basedir(new_value TSRMLS_CC)) { + return FAILURE; + } + } + OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); +} /* {{{ PHP_INI */ PHP_INI_BEGIN() STD_PHP_INI_BOOLEAN(session.bug_compat_42,1, PHP_INI_ALL, OnUpdateBool, bug_compat, php_ps_globals,ps_globals) STD_PHP_INI_BOOLEAN(session.bug_compat_warn, 1, PHP_INI_ALL, OnUpdateBool, bug_compat_warn,php_ps_globals,ps_globals) - STD_PHP_INI_ENTRY(session.save_path, , PHP_INI_ALL, OnUpdateString, save_path, php_ps_globals,ps_globals) + STD_PHP_INI_ENTRY(session.save_path, , PHP_INI_ALL, OnUpdateSaveDir,save_path, php_ps_globals,ps_globals) STD_PHP_INI_ENTRY(session.name, PHPSESSID, PHP_INI_ALL, OnUpdateString, session_name, php_ps_globals,ps_globals) PHP_INI_ENTRY(session.save_handler, files, PHP_INI_ALL, OnUpdateSaveHandler) STD_PHP_INI_BOOLEAN(session.auto_start, 0, PHP_INI_ALL, OnUpdateBool, auto_start, php_ps_globals,ps_globals) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_0) / NEWS /ext/session session.c
tony2001Fri May 20 06:28:17 2005 EDT Modified files: (Branch: PHP_5_0) /php-src/ext/sessionsession.c /php-srcNEWS Log: MFH: fix bug #32944 (Disabling session.use_cookies doesn't prevent reading session cookies) http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.391.2.11r2=1.391.2.12ty=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.391.2.11 php-src/ext/session/session.c:1.391.2.12 --- php-src/ext/session/session.c:1.391.2.11Wed Mar 23 19:17:53 2005 +++ php-src/ext/session/session.c Fri May 20 06:28:16 2005 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.391.2.11 2005/03/24 00:17:53 tony2001 Exp $ */ +/* $Id: session.c,v 1.391.2.12 2005/05/20 10:28:16 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1134,7 +1134,7 @@ */ if (!PS(id)) { - if (zend_hash_find(EG(symbol_table), _COOKIE, + if (PS(use_cookies) zend_hash_find(EG(symbol_table), _COOKIE, sizeof(_COOKIE), (void **) data) == SUCCESS Z_TYPE_PP(data) == IS_ARRAY zend_hash_find(Z_ARRVAL_PP(data), PS(session_name), http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1760.2.388r2=1.1760.2.389ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1760.2.388 php-src/NEWS:1.1760.2.389 --- php-src/NEWS:1.1760.2.388 Fri May 20 02:37:30 2005 +++ php-src/NEWSFri May 20 06:28:16 2005 @@ -18,6 +18,8 @@ (jwozniak23 at poczta dot onet dot pl, Tony). - Fixed bug #32956 (mysql_bind_result() doesn't support MYSQL_TYPE_NULL). (Georg) - Fixed bug #32947 (Incorrect option for mysqli default password). (Georg) +- Fixed bug #32944 (Disabling session.use_cookies doesn't prevent reading + session cookies). (Jani, Tony) - Fixed bug #32936 (http redirects URLs are not checked for control chars). (Ilia) - Fixed bug #32932 (Oracle LDAP: ldap_get_entries(), invalid pointer). (Jani) - Fixed bug #32930 (class extending DOMDocument doesn't clone properly). (Rob) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_0) / NEWS /ext/session session.c
tony2001Thu Feb 10 14:40:54 2005 EDT Modified files: (Branch: PHP_5_0) /php-srcNEWS /php-src/ext/sessionsession.c Log: MFH: bug #28324 http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1760.2.240r2=1.1760.2.241ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1760.2.240 php-src/NEWS:1.1760.2.241 --- php-src/NEWS:1.1760.2.240 Wed Feb 9 06:47:46 2005 +++ php-src/NEWSThu Feb 10 14:40:53 2005 @@ -106,6 +106,8 @@ entries). (Andrei) - Fixed bug #28444 (Cannot access undefined property for object with overloaded property access). (Dmitry) +- Fixed bug #28324 (HTTP_SESSION_VARS appear when register_long_arrays is + Off). (Tony) - Fixed bug #28227 (PHP CGI depends upon non-standard SCRIPT_FILENAME). (lukem at NetBSD dot org) - Fixed bug #28074 (FastCGI: stderr should be written in a FCGI stderr stream). http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.391.2.8r2=1.391.2.9ty=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.391.2.8 php-src/ext/session/session.c:1.391.2.9 --- php-src/ext/session/session.c:1.391.2.8 Fri Jan 21 11:04:25 2005 +++ php-src/ext/session/session.c Thu Feb 10 14:40:53 2005 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.391.2.8 2005/01/21 16:04:25 sesser Exp $ */ +/* $Id: session.c,v 1.391.2.9 2005/02/10 19:40:53 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -536,7 +536,9 @@ array_init(session_vars); PS(http_session_vars) = session_vars; - ZEND_SET_GLOBAL_VAR_WITH_LENGTH(HTTP_SESSION_VARS, sizeof(HTTP_SESSION_VARS), PS(http_session_vars), 2, 1); + if (PG(register_long_arrays)) { + ZEND_SET_GLOBAL_VAR_WITH_LENGTH(HTTP_SESSION_VARS, sizeof(HTTP_SESSION_VARS), PS(http_session_vars), 2, 1); + } ZEND_SET_GLOBAL_VAR_WITH_LENGTH(_SESSION, sizeof(_SESSION), PS(http_session_vars), 2, 1); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php