Merge branch 'PHP-5.6' of https://git.php.net/repository/php-src into PHP-5.6

author: krakjoe <joe.watkins@live.co.uk> 2014-02-02 13:42:01 +0000
committer: krakjoe <joe.watkins@live.co.uk> 2014-02-02 13:42:01 +0000
commit: a4a120d66aaf44cd0dc71f39a49998b924c2ef0e (patch)
tree: f48300cf85374f82a437a42f3a2d4ed88867f34d /ext/session/session.c
parent: 8a7e2f8dd2116ff6ada654e301c593accf337250 (diff)
parent: 05c309f2d85bcc33e95415d7f50d7748a7c27498 (diff)
download: php-git-a4a120d66aaf44cd0dc71f39a49998b924c2ef0e.tar.gz
1 files changed, 58 insertions, 9 deletions
diff --git a/ext/session/session.c b/ext/session/session.c
index a3d565d895..38aee7d680 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -2,7 +2,7 @@
    +----------------------------------------------------------------------+
    | PHP Version 5                                                        |
    +----------------------------------------------------------------------+
-   | Copyright (c) 1997-2013 The PHP Group                                |
+   | Copyright (c) 1997-2014 The PHP Group                                |
    +----------------------------------------------------------------------+
    | This source file is subject to version 3.01 of the PHP license,      |
    | that is bundled with this package in the file LICENSE, and is        |
@@ -492,18 +492,26 @@ static void php_session_initialize(TSRMLS_D) /* {{{ */
 		}
 	}
 
-	php_session_reset_id(TSRMLS_C);
-	PS(session_status) = php_session_active;
+	/* Set session ID for compatibility for older/3rd party save handlers */
+	if (!PS(use_strict_mode)) {
+		php_session_reset_id(TSRMLS_C);
+		PS(session_status) = php_session_active;
+	}
 
 	/* Read data */
 	php_session_track_init(TSRMLS_C);
 	if (PS(mod)->s_read(&PS(mod_data), PS(id), &val, &vallen TSRMLS_CC) == FAILURE) {
 		/* Some broken save handler implementation returns FAILURE for non-existent session ID */
-		/* It's better to rase error for this, but disabled error for better compatibility */
+		/* It's better to raise error for this, but disabled error for better compatibility */
 		/*
 		php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Failed to read session data: %s (path: %s)", PS(mod)->s_name, PS(save_path));
 		*/
 	}
+	/* Set session ID if session read didn't activated session */
+	if (PS(use_strict_mode) && PS(session_status) != php_session_active) {
+		php_session_reset_id(TSRMLS_C);
+		PS(session_status) = php_session_active;
+	}
 	if (val) {
 		PHP_MD5_CTX context;
 
@@ -682,11 +690,10 @@ static PHP_INI_MH(OnUpdateSaveDir) /* {{{ */
 static PHP_INI_MH(OnUpdateName) /* {{{ */
 {
 	/* Numeric session.name won't work at all */
-	if (PG(modules_activated) &&
-		(!new_value_length || is_numeric_string(new_value, new_value_length, NULL, NULL, 0))) {
+	if ((!new_value_length || is_numeric_string(new_value, new_value_length, NULL, NULL, 0))) {
 		int err_type;
 
-		if (stage == ZEND_INI_STAGE_RUNTIME) {
+		if (stage == ZEND_INI_STAGE_RUNTIME || stage == ZEND_INI_STAGE_ACTIVATE || stage == ZEND_INI_STAGE_STARTUP) {
 			err_type = E_WARNING;
 		} else {
 			err_type = E_ERROR;
@@ -1290,6 +1297,49 @@ static int php_session_cache_limiter(TSRMLS_D) /* {{{ */
 #define COOKIE_SECURE	"; secure"
 #define COOKIE_HTTPONLY	"; HttpOnly"
 
+/*
+ * Remove already sent session ID cookie.
+ * It must be directly removed from SG(sapi_header) because sapi_add_header_ex()
+ * removes all of matching cookie. i.e. It deletes all of Set-Cookie headers.
+ */
+static void php_session_remove_cookie(TSRMLS_D) {
+	sapi_header_struct *header;
+	zend_llist *l = &SG(sapi_headers).headers;
+	zend_llist_element *next;
+	zend_llist_element *current;
+	char *session_cookie, *e_session_name;
+	int session_cookie_len, len = sizeof("Set-Cookie")-1;
+
+	e_session_name = php_url_encode(PS(session_name), strlen(PS(session_name)), NULL);
+	spprintf(&session_cookie, 0, "Set-Cookie: %s=", e_session_name);
+	efree(e_session_name);
+
+	session_cookie_len = strlen(session_cookie);
+	current = l->head;
+	while (current) {
+		header = (sapi_header_struct *)(current->data);
+		next = current->next;
+		if (header->header_len > len && header->header[len] == ':'
+			&& !strncmp(header->header, session_cookie, session_cookie_len)) {
+			if (current->prev) {
+				current->prev->next = next;
+			} else {
+				l->head = next;
+			}
+			if (next) {
+				next->prev = current->prev;
+			} else {
+				l->tail = current->prev;
+			}
+			sapi_free_header(header);
+			efree(current);
+			--l->count;
+		}
+		current = next;
+	}
+	efree(session_cookie);
+}
+
 static void php_session_send_cookie(TSRMLS_D) /* {{{ */
 {
 	smart_str ncookie = {0};
@@ -1358,8 +1408,7 @@ static void php_session_send_cookie(TSRMLS_D) /* {{{ */
 
 	smart_str_0(&ncookie);
 
-	/*	'replace' must be 0 here, else a previous Set-Cookie
-		header, probably sent with setcookie() will be replaced! */
+	php_session_remove_cookie(TSRMLS_C); /* remove already sent session ID cookie */
 	sapi_add_header_ex(ncookie.c, ncookie.len, 0, 0 TSRMLS_CC);
 }
 /* }}} */
author	krakjoe <joe.watkins@live.co.uk>	2014-02-02 13:42:01 +0000
committer	krakjoe <joe.watkins@live.co.uk>	2014-02-02 13:42:01 +0000
commit	a4a120d66aaf44cd0dc71f39a49998b924c2ef0e (patch)
tree	f48300cf85374f82a437a42f3a2d4ed88867f34d /ext/session/session.c
parent	8a7e2f8dd2116ff6ada654e301c593accf337250 (diff)
parent	05c309f2d85bcc33e95415d7f50d7748a7c27498 (diff)
download	php-git-a4a120d66aaf44cd0dc71f39a49998b924c2ef0e.tar.gz