Merge branch 'master' of https://github.com/php/php-src

1 files changed, 32 insertions, 21 deletions

diff --git a/ext/session/session.c b/ext/session/session.c
index f5a399b75f..22a7ec125d 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -103,6 +103,7 @@ static void php_session_abort(void);
 static inline void php_rinit_session_globals(void) /* {{{ */
 {
 	/* Do NOT init PS(mod_user_names) here! */
+	/* TODO: These could be moved to MINIT and removed. These should be initialized by php_rshutdown_session_globals() always when execution is finished. */
 	PS(id) = NULL;
 	PS(session_status) = php_session_none;
 	PS(mod_data) = NULL;
@@ -130,10 +131,15 @@ static inline void php_rshutdown_session_globals(void) /* {{{ */
 		zend_string_release(PS(id));
 		PS(id) = NULL;
 	}
+
 	if (PS(session_vars)) {
 		zend_string_release(PS(session_vars));
 		PS(session_vars) = NULL;
 	}
+
+	/* User save handlers may end up directly here by misuse, bugs in user script, etc. */
+	/* Set session status to prevent error while restoring save handler INI value. */
+	PS(session_status) = php_session_none;
 }
 /* }}} */
 
@@ -522,7 +528,10 @@ static void php_session_initialize(void) /* {{{ */
 	}
 
 	/* If there is no ID, use session module to create one */
-	if (!PS(id)) {
+	if (!PS(id) || !ZSTR_VAL(PS(id))[0]) {
+		if (PS(id)) {
+			zend_string_release(PS(id));
+		}
 		PS(id) = PS(mod)->s_create_sid(&PS(mod_data));
 		if (!PS(id)) {
 			php_session_abort();
@@ -602,11 +611,16 @@ static void php_session_save_current_state(int write) /* {{{ */
 			}
 
 			if ((ret == FAILURE) && !EG(exception)) {
-				php_error_docref(NULL, E_WARNING, "Failed to write session data (%s). Please "
-								 "verify that the current setting of session.save_path "
-								 "is correct (%s)",
-								 PS(mod)->s_name,
-								 PS(save_path));
+				if (!PS(mod_user_implemented)) {
+					php_error_docref(NULL, E_WARNING, "Failed to write session data (%s). Please "
+									 "verify that the current setting of session.save_path "
+									 "is correct (%s)",
+									 PS(mod)->s_name,
+									 PS(save_path));
+				} else {
+					php_error_docref(NULL, E_WARNING, "Failed to write session data using user "
+									 "defined save handler. (session.save_path: %s)", PS(save_path));
+				}
 			}
 		}
 	}
@@ -1107,7 +1121,7 @@ static ps_serializer ps_serializers[MAX_SERIALIZERS + 1] = {
 
 PHPAPI int php_session_register_serializer(const char *name, zend_string *(*encode)(PS_SERIALIZER_ENCODE_ARGS), int (*decode)(PS_SERIALIZER_DECODE_ARGS)) /* {{{ */
 {
-	int ret = -1;
+	int ret = FAILURE;
 	int i;
 
 	for (i = 0; i < MAX_SERIALIZERS; i++) {
@@ -1116,7 +1130,7 @@ PHPAPI int php_session_register_serializer(const char *name, zend_string *(*enco
 			ps_serializers[i].encode = encode;
 			ps_serializers[i].decode = decode;
 			ps_serializers[i + 1].name = NULL;
-			ret = 0;
+			ret = SUCCESS;
 			break;
 		}
 	}
@@ -1138,13 +1152,13 @@ static ps_module *ps_modules[MAX_MODULES + 1] = {
 
 PHPAPI int php_session_register_module(ps_module *ptr) /* {{{ */
 {
-	int ret = -1;
+	int ret = FAILURE;
 	int i;
 
 	for (i = 0; i < MAX_MODULES; i++) {
 		if (!ps_modules[i]) {
 			ps_modules[i] = ptr;
-			ret = 0;
+			ret = SUCCESS;
 			break;
 		}
 	}
@@ -1659,8 +1673,8 @@ PHPAPI void php_session_start(void) /* {{{ */
 static void php_session_flush(int write) /* {{{ */
 {
 	if (PS(session_status) == php_session_active) {
-		PS(session_status) = php_session_none;
 		php_session_save_current_state(write);
+		PS(session_status) = php_session_none;
 	}
 }
 /* }}} */
@@ -1668,10 +1682,10 @@ static void php_session_flush(int write) /* {{{ */
 static void php_session_abort(void) /* {{{ */
 {
 	if (PS(session_status) == php_session_active) {
-		PS(session_status) = php_session_none;
 		if (PS(mod_data) || PS(mod_user_implemented)) {
 			PS(mod)->s_close(&PS(mod_data));
 		}
+		PS(session_status) = php_session_none;
 	}
 }
 /* }}} */
@@ -2046,13 +2060,13 @@ static PHP_FUNCTION(session_regenerate_id)
 		return;
 	}
 
-	if (SG(headers_sent) && PS(use_cookies)) {
-		php_error_docref(NULL, E_WARNING, "Cannot regenerate session id - headers already sent");
+	if (PS(session_status) != php_session_active) {
+		php_error_docref(NULL, E_WARNING, "Cannot regenerate session id - session is not active");
 		RETURN_FALSE;
 	}
 
-	if (PS(session_status) != php_session_active) {
-		php_error_docref(NULL, E_WARNING, "Cannot regenerate session id - session is not active");
+	if (SG(headers_sent) && PS(use_cookies)) {
+		php_error_docref(NULL, E_WARNING, "Cannot regenerate session id - headers already sent");
 		RETURN_FALSE;
 	}
 
@@ -2104,6 +2118,7 @@ static PHP_FUNCTION(session_regenerate_id)
 		zend_string_release(PS(id));
 		PS(id) = PS(mod)->s_create_sid(&PS(mod_data));
 		if (!PS(id)) {
+			PS(mod)->s_close(&PS(mod_data));
 			PS(session_status) = php_session_none;
 			php_error_docref(NULL, E_RECOVERABLE_ERROR, "Failed to create session ID by collision: %s (path: %s)", PS(mod)->s_name, PS(save_path));
 			RETURN_FALSE;
@@ -2111,6 +2126,7 @@ static PHP_FUNCTION(session_regenerate_id)
 	}
 	/* Read is required to make new session data at this point. */
 	if (PS(mod)->s_read(&PS(mod_data), PS(id), &data, PS(gc_maxlifetime)) == FAILURE) {
+		PS(mod)->s_close(&PS(mod_data));
 		PS(session_status) = php_session_none;
 		php_error_docref(NULL, E_RECOVERABLE_ERROR, "Failed to create(read) session ID: %s (path: %s)", PS(mod)->s_name, PS(save_path));
 		RETURN_FALSE;
@@ -2282,11 +2298,6 @@ static PHP_FUNCTION(session_start)
 		RETURN_FALSE;
 	}
 
-	if (PS(id) && !(ZSTR_LEN(PS(id)))) {
-		php_error_docref(NULL, E_WARNING, "Cannot start session with empty session ID");
-		RETURN_FALSE;
-	}
-
 	/* set options */
 	if (options) {
 		ZEND_HASH_FOREACH_KEY_VAL(Z_ARRVAL_P(options), num_idx, str_idx, value) {