diff options
Diffstat (limited to 'ext/session/session.c')
| -rw-r--r-- | ext/session/session.c | 67 |
1 files changed, 58 insertions, 9 deletions
diff --git a/ext/session/session.c b/ext/session/session.c index a3d565d895..38aee7d680 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -2,7 +2,7 @@ +----------------------------------------------------------------------+ | PHP Version 5 | +----------------------------------------------------------------------+ - | Copyright (c) 1997-2013 The PHP Group | + | Copyright (c) 1997-2014 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | @@ -492,18 +492,26 @@ static void php_session_initialize(TSRMLS_D) /* {{{ */ } } - php_session_reset_id(TSRMLS_C); - PS(session_status) = php_session_active; + /* Set session ID for compatibility for older/3rd party save handlers */ + if (!PS(use_strict_mode)) { + php_session_reset_id(TSRMLS_C); + PS(session_status) = php_session_active; + } /* Read data */ php_session_track_init(TSRMLS_C); if (PS(mod)->s_read(&PS(mod_data), PS(id), &val, &vallen TSRMLS_CC) == FAILURE) { /* Some broken save handler implementation returns FAILURE for non-existent session ID */ - /* It's better to rase error for this, but disabled error for better compatibility */ + /* It's better to raise error for this, but disabled error for better compatibility */ /* php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Failed to read session data: %s (path: %s)", PS(mod)->s_name, PS(save_path)); */ } + /* Set session ID if session read didn't activated session */ + if (PS(use_strict_mode) && PS(session_status) != php_session_active) { + php_session_reset_id(TSRMLS_C); + PS(session_status) = php_session_active; + } if (val) { PHP_MD5_CTX context; @@ -682,11 +690,10 @@ static PHP_INI_MH(OnUpdateSaveDir) /* {{{ */ static PHP_INI_MH(OnUpdateName) /* {{{ */ { /* Numeric session.name won't work at all */ - if (PG(modules_activated) && - (!new_value_length || is_numeric_string(new_value, new_value_length, NULL, NULL, 0))) { + if ((!new_value_length || is_numeric_string(new_value, new_value_length, NULL, NULL, 0))) { int err_type; - if (stage == ZEND_INI_STAGE_RUNTIME) { + if (stage == ZEND_INI_STAGE_RUNTIME || stage == ZEND_INI_STAGE_ACTIVATE || stage == ZEND_INI_STAGE_STARTUP) { err_type = E_WARNING; } else { err_type = E_ERROR; @@ -1290,6 +1297,49 @@ static int php_session_cache_limiter(TSRMLS_D) /* {{{ */ #define COOKIE_SECURE "; secure" #define COOKIE_HTTPONLY "; HttpOnly" +/* + * Remove already sent session ID cookie. + * It must be directly removed from SG(sapi_header) because sapi_add_header_ex() + * removes all of matching cookie. i.e. It deletes all of Set-Cookie headers. + */ +static void php_session_remove_cookie(TSRMLS_D) { + sapi_header_struct *header; + zend_llist *l = &SG(sapi_headers).headers; + zend_llist_element *next; + zend_llist_element *current; + char *session_cookie, *e_session_name; + int session_cookie_len, len = sizeof("Set-Cookie")-1; + + e_session_name = php_url_encode(PS(session_name), strlen(PS(session_name)), NULL); + spprintf(&session_cookie, 0, "Set-Cookie: %s=", e_session_name); + efree(e_session_name); + + session_cookie_len = strlen(session_cookie); + current = l->head; + while (current) { + header = (sapi_header_struct *)(current->data); + next = current->next; + if (header->header_len > len && header->header[len] == ':' + && !strncmp(header->header, session_cookie, session_cookie_len)) { + if (current->prev) { + current->prev->next = next; + } else { + l->head = next; + } + if (next) { + next->prev = current->prev; + } else { + l->tail = current->prev; + } + sapi_free_header(header); + efree(current); + --l->count; + } + current = next; + } + efree(session_cookie); +} + static void php_session_send_cookie(TSRMLS_D) /* {{{ */ { smart_str ncookie = {0}; @@ -1358,8 +1408,7 @@ static void php_session_send_cookie(TSRMLS_D) /* {{{ */ smart_str_0(&ncookie); - /* 'replace' must be 0 here, else a previous Set-Cookie - header, probably sent with setcookie() will be replaced! */ + php_session_remove_cookie(TSRMLS_C); /* remove already sent session ID cookie */ sapi_add_header_ex(ncookie.c, ncookie.len, 0, 0 TSRMLS_CC); } /* }}} */ |