subject:"\[PHP\-CVS\] cvs\: php\-src\(PHP_5_0\) \/ NEWS \/ext\/session session.c"

[PHP-CVS] cvs: php-src(PHP_5_0) / NEWS /ext/session session.c

2005-05-21 Thread Rasmus Lerdorf

rasmus  Sat May 21 14:54:58 2005 EDT

  Modified files:  (Branch: PHP_5_0)
/php-srcNEWS 
/php-src/ext/sessionsession.c 
  Log:
  MFH Fixed bug 33072 - safemode/open_basedir check for runtime save_path
  change
  
  
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1760.2.392r2=1.1760.2.393ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1760.2.392 php-src/NEWS:1.1760.2.393
--- php-src/NEWS:1.1760.2.392   Sat May 21 04:54:50 2005
+++ php-src/NEWSSat May 21 14:54:57 2005
@@ -14,6 +14,8 @@
 - Fixed bug #33090 (mysqli_prepare doesn't return an error). (Georg)
 - Fixed bug #33076 (str_ireplace() incorrectly counts result string length 
   and may cause segfault). (Tony)
+- Fixed bug #33072 (Add a safemode/open_basedir check for runtime save_path 
+  change) (Rasmus)
 - Fixed bug #33059 (crash when moving xml attribute set in dtd). (Ilia)
 - Fixed bug #33057 (Don't send extraneous entity-headers on a 304 as per
   RFC 2616 section 10.3.5) (Rasmus, Choitel)
http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.391.2.12r2=1.391.2.13ty=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.391.2.12 
php-src/ext/session/session.c:1.391.2.13
--- php-src/ext/session/session.c:1.391.2.12Fri May 20 06:28:16 2005
+++ php-src/ext/session/session.c   Sat May 21 14:54:57 2005
@@ -17,7 +17,7 @@
+--+
  */
 
-/* $Id: session.c,v 1.391.2.12 2005/05/20 10:28:16 tony2001 Exp $ */
+/* $Id: session.c,v 1.391.2.13 2005/05/21 18:54:57 rasmus Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include config.h
@@ -131,13 +131,26 @@
return SUCCESS;
 }
 
+static PHP_INI_MH(OnUpdateSaveDir) {
+   /* Only do the safemode/open_basedir check at runtime */
+   if(stage == PHP_INI_STAGE_RUNTIME) {
+   if (PG(safe_mode)  (!php_checkuid(new_value, NULL, 
CHECKUID_ALLOW_ONLY_DIR))) {
+   return FAILURE;
+   }
+
+   if (php_check_open_basedir(new_value TSRMLS_CC)) {
+   return FAILURE;
+   }
+   }
+   OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, 
mh_arg3, stage TSRMLS_CC);
+}
 
 /* {{{ PHP_INI
  */
 PHP_INI_BEGIN()
STD_PHP_INI_BOOLEAN(session.bug_compat_42,1, 
PHP_INI_ALL, OnUpdateBool,   bug_compat, php_ps_globals,ps_globals)
STD_PHP_INI_BOOLEAN(session.bug_compat_warn,  1, 
PHP_INI_ALL, OnUpdateBool,   bug_compat_warn,php_ps_globals,ps_globals)
-   STD_PHP_INI_ENTRY(session.save_path,  ,  
PHP_INI_ALL, OnUpdateString, save_path,  php_ps_globals,ps_globals)
+   STD_PHP_INI_ENTRY(session.save_path,  ,  
PHP_INI_ALL, OnUpdateSaveDir,save_path,  php_ps_globals,ps_globals)
STD_PHP_INI_ENTRY(session.name,   PHPSESSID, 
PHP_INI_ALL, OnUpdateString, session_name,   php_ps_globals,ps_globals)
PHP_INI_ENTRY(session.save_handler,   files, 
PHP_INI_ALL, OnUpdateSaveHandler)
STD_PHP_INI_BOOLEAN(session.auto_start,   0, 
PHP_INI_ALL, OnUpdateBool,   auto_start, php_ps_globals,ps_globals)

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src(PHP_5_0) / NEWS /ext/session session.c

2005-05-20 Thread Antony Dovgal

tony2001Fri May 20 06:28:17 2005 EDT

  Modified files:  (Branch: PHP_5_0)
/php-src/ext/sessionsession.c 
/php-srcNEWS 
  Log:
  MFH: fix bug #32944 (Disabling session.use_cookies doesn't prevent reading 
session cookies)
  
  
http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.391.2.11r2=1.391.2.12ty=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.391.2.11 
php-src/ext/session/session.c:1.391.2.12
--- php-src/ext/session/session.c:1.391.2.11Wed Mar 23 19:17:53 2005
+++ php-src/ext/session/session.c   Fri May 20 06:28:16 2005
@@ -17,7 +17,7 @@
+--+
  */
 
-/* $Id: session.c,v 1.391.2.11 2005/03/24 00:17:53 tony2001 Exp $ */
+/* $Id: session.c,v 1.391.2.12 2005/05/20 10:28:16 tony2001 Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include config.h
@@ -1134,7 +1134,7 @@
 */
 
if (!PS(id)) {
-   if (zend_hash_find(EG(symbol_table), _COOKIE,
+   if (PS(use_cookies)  zend_hash_find(EG(symbol_table), 
_COOKIE,
sizeof(_COOKIE), (void **) data) == 
SUCCESS 
Z_TYPE_PP(data) == IS_ARRAY 
zend_hash_find(Z_ARRVAL_PP(data), 
PS(session_name),
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1760.2.388r2=1.1760.2.389ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1760.2.388 php-src/NEWS:1.1760.2.389
--- php-src/NEWS:1.1760.2.388   Fri May 20 02:37:30 2005
+++ php-src/NEWSFri May 20 06:28:16 2005
@@ -18,6 +18,8 @@
   (jwozniak23 at poczta dot onet dot pl, Tony).
 - Fixed bug #32956 (mysql_bind_result() doesn't support MYSQL_TYPE_NULL). 
(Georg)
 - Fixed bug #32947 (Incorrect option for mysqli default password). (Georg)
+- Fixed bug #32944 (Disabling session.use_cookies doesn't prevent reading 
+  session cookies). (Jani, Tony)
 - Fixed bug #32936 (http redirects URLs are not checked for control chars). 
(Ilia)
 - Fixed bug #32932 (Oracle LDAP: ldap_get_entries(), invalid pointer). (Jani)
 - Fixed bug #32930 (class extending DOMDocument doesn't clone properly). (Rob)

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src(PHP_5_0) / NEWS /ext/session session.c

2005-02-10 Thread Antony Dovgal

tony2001Thu Feb 10 14:40:54 2005 EDT

  Modified files:  (Branch: PHP_5_0)
/php-srcNEWS 
/php-src/ext/sessionsession.c 
  Log:
  MFH: bug #28324
  
  
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1760.2.240r2=1.1760.2.241ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1760.2.240 php-src/NEWS:1.1760.2.241
--- php-src/NEWS:1.1760.2.240   Wed Feb  9 06:47:46 2005
+++ php-src/NEWSThu Feb 10 14:40:53 2005
@@ -106,6 +106,8 @@
   entries). (Andrei)
 - Fixed bug #28444 (Cannot access undefined property for object with overloaded
   property access). (Dmitry)
+- Fixed bug #28324 (HTTP_SESSION_VARS appear when register_long_arrays is 
+  Off). (Tony)
 - Fixed bug #28227 (PHP CGI depends upon non-standard SCRIPT_FILENAME). 
   (lukem at NetBSD dot org)
 - Fixed bug #28074 (FastCGI: stderr should be written in a FCGI stderr stream).
http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.391.2.8r2=1.391.2.9ty=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.391.2.8 
php-src/ext/session/session.c:1.391.2.9
--- php-src/ext/session/session.c:1.391.2.8 Fri Jan 21 11:04:25 2005
+++ php-src/ext/session/session.c   Thu Feb 10 14:40:53 2005
@@ -17,7 +17,7 @@
+--+
  */
 
-/* $Id: session.c,v 1.391.2.8 2005/01/21 16:04:25 sesser Exp $ */
+/* $Id: session.c,v 1.391.2.9 2005/02/10 19:40:53 tony2001 Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include config.h
@@ -536,7 +536,9 @@
array_init(session_vars);
PS(http_session_vars) = session_vars;
 
-   ZEND_SET_GLOBAL_VAR_WITH_LENGTH(HTTP_SESSION_VARS, 
sizeof(HTTP_SESSION_VARS), PS(http_session_vars), 2, 1);
+   if (PG(register_long_arrays)) {
+   ZEND_SET_GLOBAL_VAR_WITH_LENGTH(HTTP_SESSION_VARS, 
sizeof(HTTP_SESSION_VARS), PS(http_session_vars), 2, 1);
+   }
ZEND_SET_GLOBAL_VAR_WITH_LENGTH(_SESSION, sizeof(_SESSION), 
PS(http_session_vars), 2, 1);
 }
 

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src(PHP_5_0) / NEWS /ext/session session.c

[PHP-CVS] cvs: php-src(PHP_5_0) / NEWS /ext/session session.c

[PHP-CVS] cvs: php-src(PHP_5_0) / NEWS /ext/session session.c

3 matches

Site Navigation

Mail list logo

Footer information