Permalink
Browse files

Strict session

  • Loading branch information...
1 parent c793a65 commit 25e8fcc88fa20dc9d4c47184471003f436927cde Yasuo Ohgaki committed with smalyshev Jun 25, 2013
Showing with 240 additions and 93 deletions.
  1. +47 −34 ext/session/mod_files.c
  2. +1 −1 ext/session/mod_files.h
  3. +44 −2 ext/session/mod_mm.c
  4. +9 −1 ext/session/php_session.h
  5. +85 −39 ext/session/session.c
  6. +1 −0 ext/session/tests/003.phpt
  7. +1 −0 ext/session/tests/004.phpt
  8. +1 −0 ext/session/tests/005.phpt
  9. +1 −0 ext/session/tests/006.phpt
  10. +1 −0 ext/session/tests/009.phpt
  11. +1 −0 ext/session/tests/012.phpt
  12. +1 −0 ext/session/tests/013.phpt
  13. +1 −0 ext/session/tests/014.phpt
  14. +1 −0 ext/session/tests/015.phpt
  15. +4 −3 ext/session/tests/016.phpt
  16. +1 −0 ext/session/tests/018.phpt
  17. +1 −0 ext/session/tests/019.phpt
  18. +1 −0 ext/session/tests/020.phpt
  19. +1 −0 ext/session/tests/021.phpt
  20. +1 −0 ext/session/tests/023.phpt
  21. +1 −0 ext/session/tests/024.phpt
  22. +1 −0 ext/session/tests/025.phpt
  23. +1 −0 ext/session/tests/026.phpt
  24. +1 −0 ext/session/tests/027.phpt
  25. +1 −0 ext/session/tests/030.phpt
  26. +1 −0 ext/session/tests/bug41600.phpt
  27. +1 −2 ext/session/tests/bug60634.phpt
  28. +1 −2 ext/session/tests/bug60634_error_1.phpt
  29. +5 −2 ext/session/tests/bug60634_error_2.phpt
  30. +1 −2 ext/session/tests/bug60634_error_3.phpt
  31. +5 −2 ext/session/tests/bug60634_error_4.phpt
  32. +10 −0 ext/session/tests/rfc1867_sid_invalid.phpt
  33. +2 −0 ext/session/tests/session_commit_variation4.phpt
  34. +1 −1 ext/session/tests/session_save_path_variation2.phpt
  35. +2 −0 ext/session/tests/session_set_save_handler_error2.phpt
  36. +0 −1 ext/session/tests/session_set_save_handler_error3.phpt
  37. +0 −1 ext/session/tests/session_set_save_handler_error4.phpt
  38. +2 −0 ext/session/tests/session_write_close_variation4.phpt
View
81 ext/session/mod_files.c
@@ -61,40 +61,9 @@ typedef struct {
} ps_files;
ps_module ps_mod_files = {
- PS_MOD(files)
+ PS_MOD_SID(files)
};
-/* If you change the logic here, please also update the error message in
- * ps_files_open() appropriately */
-static int ps_files_valid_key(const char *key)
-{
- size_t len;
- const char *p;
- char c;
- int ret = 1;
-
- for (p = key; (c = *p); p++) {
- /* valid characters are a..z,A..Z,0..9 */
- if (!((c >= 'a' && c <= 'z')
- || (c >= 'A' && c <= 'Z')
- || (c >= '0' && c <= '9')
- || c == ','
- || c == '-')) {
- ret = 0;
- break;
- }
- }
-
- len = p - key;
-
- /* Somewhat arbitrary length limit here, but should be way more than
- anyone needs and avoids file-level warnings later on if we exceed MAX_PATH */
- if (len == 0 || len > 128) {
- ret = 0;
- }
-
- return ret;
-}
static char *ps_files_path_create(char *buf, size_t buflen, ps_files *data, const char *key)
{
@@ -155,11 +124,11 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC)
ps_files_close(data);
- if (!ps_files_valid_key(key)) {
+ if (php_session_valid_key(key) == FAILURE) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'");
- PS(invalid_session_id) = 1;
return;
}
+
if (!ps_files_path_create(buf, sizeof(buf), data, key)) {
return;
}
@@ -253,6 +222,21 @@ static int ps_files_cleanup_dir(const char *dirname, int maxlifetime TSRMLS_DC)
return (nrdels);
}
+static int ps_files_key_exists(ps_files *data, const char *key TSRMLS_DC)
+{
+ char buf[MAXPATHLEN];
+ struct stat sbuf;
+
+ if (!key || !ps_files_path_create(buf, sizeof(buf), data, key)) {
+ return FAILURE;
+ }
+ if (VCWD_STAT(buf, &sbuf)) {
+ return FAILURE;
+ }
+ return SUCCESS;
+}
+
+
#define PS_FILES_DATA ps_files *data = PS_GET_MOD_DATA()
PS_OPEN_FUNC(files)
@@ -342,6 +326,24 @@ PS_READ_FUNC(files)
struct stat sbuf;
PS_FILES_DATA;
+ /* If strict mode, check session id existence */
+ if (PS(use_strict_mode) &&
+ ps_files_key_exists(data, key TSRMLS_CC) == FAILURE) {
+ /* key points to PS(id), but cannot change here. */
+ if (key) {
+ efree(PS(id));
+ PS(id) = NULL;
+ }
+ PS(id) = PS(mod)->s_create_sid((void **)&data, NULL TSRMLS_CC);
+ if (!PS(id)) {
+ return FAILURE;
+ }
+ php_session_reset_id(TSRMLS_C);
+ if (PS(use_cookies)) {
+ PS(send_cookie) = 1;
+ }
+ }
+
ps_files_open(data, key TSRMLS_CC);
if (data->fd < 0) {
return FAILURE;
@@ -454,6 +456,17 @@ PS_GC_FUNC(files)
return SUCCESS;
}
+PS_CREATE_SID_FUNC(files)
+{
+ char *sid;
+ PS_FILES_DATA;
+
+ sid = php_session_create_id((void **)&data, newlen TSRMLS_CC);
+
+ return sid;
+}
+
+
/*
* Local variables:
* tab-width: 4
View
2 ext/session/mod_files.h
@@ -24,6 +24,6 @@
extern ps_module ps_mod_files;
#define ps_files_ptr &ps_mod_files
-PS_FUNCS(files);
+PS_FUNCS_SID(files);
#endif
View
46 ext/session/mod_mm.c
@@ -124,7 +124,7 @@ static ps_sd *ps_sd_new(ps_mm *data, const char *key)
if (!sd) {
TSRMLS_FETCH();
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "mm_malloc failed, avail %d, err %s", mm_available(data->mm), mm_error());
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "mm_malloc failed, avail %ld, err %s", mm_available(data->mm), mm_error());
return NULL;
}
@@ -208,8 +208,22 @@ static ps_sd *ps_sd_lookup(ps_mm *data, const char *key, int rw)
return ret;
}
+static int ps_mm_key_exists(ps_mm *data, const char *key TSRMLS_DC)
+{
+ ps_sd *sd;
+
+ if (!key) {
+ return FAILURE;
+ }
+ sd = ps_sd_lookup(data, key, 0);
+ if (sd) {
+ return SUCCESS;
+ }
+ return FAILURE;
+}
+
ps_module ps_mod_mm = {
- PS_MOD(mm)
+ PS_MOD_SID(mm)
};
#define PS_MM_DATA ps_mm *data = PS_GET_MOD_DATA()
@@ -341,6 +355,24 @@ PS_READ_FUNC(mm)
mm_lock(data->mm, MM_LOCK_RD);
+ /* If there is an ID and strict mode, verify existence */
+ if (PS(use_strict_mode)
+ && ps_mm_key_exists(data, key TSRMLS_CC) == FAILURE) {
+ /* key points to PS(id), but cannot change here. */
+ if (key) {
+ efree(PS(id));
+ PS(id) = NULL;
+ }
+ PS(id) = PS(mod)->s_create_sid((void **)&data, NULL TSRMLS_CC);
+ if (!PS(id)) {
+ return FAILURE;
+ }
+ php_session_reset_id(TSRMLS_C);
+ if (PS(use_cookies)) {
+ PS(send_cookie) = 1;
+ }
+ }
+
sd = ps_sd_lookup(data, key, 0);
if (sd) {
*vallen = sd->datalen;
@@ -444,6 +476,16 @@ PS_GC_FUNC(mm)
return SUCCESS;
}
+PS_CREATE_SID_FUNC(mm)
+{
+ char *sid;
+ PS_MM_DATA;
+
+ sid = php_session_create_id((void **)&data, newlen TSRMLS_CC);
+
+ return sid;
+}
+
#endif
/*
View
10 ext/session/php_session.h
@@ -29,6 +29,9 @@
#define PHP_SESSION_API 20020330
+/* To check php_session_valid_key()/php_session_reset_id() */
+#define PHP_SESSION_STRICT 1
+
#define PS_OPEN_ARGS void **mod_data, const char *save_path, const char *session_name TSRMLS_DC
#define PS_CLOSE_ARGS void **mod_data TSRMLS_DC
#define PS_READ_ARGS void **mod_data, const char *key, char **val, int *vallen TSRMLS_DC
@@ -75,7 +78,7 @@ typedef struct ps_module_struct {
#x, ps_open_##x, ps_close_##x, ps_read_##x, ps_write_##x, \
ps_delete_##x, ps_gc_##x, php_session_create_id
-/* SID enabled module handler definitions */
+/* SID creation enabled module handler definitions */
#define PS_FUNCS_SID(x) \
PS_OPEN_FUNC(x); \
PS_CLOSE_FUNC(x); \
@@ -175,6 +178,8 @@ typedef struct _php_ps_globals {
smart_str rfc1867_name; /* session.upload_progress.name */
long rfc1867_freq; /* session.upload_progress.freq */
double rfc1867_min_freq; /* session.upload_progress.min_freq */
+
+ zend_bool use_strict_mode; /* whether or not PHP accepts unknown session ids */
} php_ps_globals;
typedef php_ps_globals zend_ps_globals;
@@ -230,6 +235,9 @@ PHPAPI void php_session_start(TSRMLS_D);
PHPAPI ps_module *_php_find_ps_module(char *name TSRMLS_DC);
PHPAPI const ps_serializer *_php_find_ps_serializer(char *name TSRMLS_DC);
+PHPAPI int php_session_valid_key(const char *key);
+PHPAPI void php_session_reset_id(TSRMLS_D);
+
#define PS_ADD_VARL(name,namelen) do { \
php_add_session_var(name, namelen TSRMLS_CC); \
} while (0)
View
124 ext/session/session.c
@@ -86,6 +86,8 @@ zend_class_entry *php_session_id_iface_entry;
return FAILURE; \
}
+static void php_session_send_cookie(TSRMLS_D);
+
/* Dispatched by RINIT and by php_session_destroy */
static inline void php_rinit_session_globals(TSRMLS_D) /* {{{ */
{
@@ -126,7 +128,7 @@ static int php_session_destroy(TSRMLS_D) /* {{{ */
return FAILURE;
}
- if (PS(mod)->s_destroy(&PS(mod_data), PS(id) TSRMLS_CC) == FAILURE) {
+ if (PS(id) && PS(mod)->s_destroy(&PS(mod_data), PS(id) TSRMLS_CC) == FAILURE) {
retval = FAILURE;
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Session object destruction failed");
}
@@ -428,17 +430,45 @@ PHPAPI char *php_session_create_id(PS_CREATE_SID_ARGS) /* {{{ */
}
/* }}} */
-static void php_session_initialize(TSRMLS_D) /* {{{ */
+/* Default session id char validation function allowed by ps_modules.
+ * If you change the logic here, please also update the error message in
+ * ps_modules appropriately */
+PHPAPI int php_session_valid_key(const char *key) /* {{{ */
{
- char *val;
- int vallen;
+ size_t len;
+ const char *p;
+ char c;
+ int ret = SUCCESS;
+
+ for (p = key; (c = *p); p++) {
+ /* valid characters are a..z,A..Z,0..9 */
+ if (!((c >= 'a' && c <= 'z')
+ || (c >= 'A' && c <= 'Z')
+ || (c >= '0' && c <= '9')
+ || c == ','
+ || c == '-')) {
+ ret = FAILURE;
+ break;
+ }
+ }
- /* check session name for invalid characters */
- if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\")) {
- efree(PS(id));
- PS(id) = NULL;
+ len = p - key;
+
+ /* Somewhat arbitrary length limit here, but should be way more than
+ anyone needs and avoids file-level warnings later on if we exceed MAX_PATH */
+ if (len == 0 || len > 128) {
+ ret = FAILURE;
}
+ return ret;
+}
+/* }}} */
+
+static void php_session_initialize(TSRMLS_D) /* {{{ */
+{
+ char *val = NULL;
+ int vallen;
+
if (!PS(mod)) {
php_error_docref(NULL TSRMLS_CC, E_ERROR, "No storage module chosen - failed to initialize session");
return;
@@ -452,28 +482,38 @@ static void php_session_initialize(TSRMLS_D) /* {{{ */
/* If there is no ID, use session module to create one */
if (!PS(id)) {
-new_session:
PS(id) = PS(mod)->s_create_sid(&PS(mod_data), NULL TSRMLS_CC);
+ if (!PS(id)) {
+ php_error_docref(NULL TSRMLS_CC, E_ERROR, "Failed to create session ID: %s (path: %s)", PS(mod)->s_name, PS(save_path));
+ return;
+ }
if (PS(use_cookies)) {
PS(send_cookie) = 1;
}
}
+ php_session_reset_id(TSRMLS_C);
+ PS(session_status) = php_session_active;
+
/* Read data */
- /* Question: if you create a SID here, should you also try to read data?
- * I'm not sure, but while not doing so will remove one session operation
- * it could prove usefull for those sites which wish to have "default"
- * session information. */
php_session_track_init(TSRMLS_C);
- PS(invalid_session_id) = 0;
- if (PS(mod)->s_read(&PS(mod_data), PS(id), &val, &vallen TSRMLS_CC) == SUCCESS) {
+ if (PS(mod)->s_read(&PS(mod_data), PS(id), &val, &vallen TSRMLS_CC) == FAILURE) {
+ /* Some broken save handler implementation returns FAILURE for non-existent session ID */
+ /* It's better to rase error for this, but disabled error for better compatibility */
+ /*
+ php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Failed to read session data: %s (path: %s)", PS(mod)->s_name, PS(save_path));
+ */
+ }
+ if (val) {
php_session_decode(val, vallen TSRMLS_CC);
efree(val);
- } else if (PS(invalid_session_id)) { /* address instances where the session read fails due to an invalid id */
- PS(invalid_session_id) = 0;
- efree(PS(id));
- PS(id) = NULL;
- goto new_session;
+ }
+
+ if (!PS(use_cookies) && PS(send_cookie)) {
+ if (PS(use_trans_sid) && !PS(use_only_cookies)) {
+ PS(apply_trans_sid) = 1;
+ }
+ PS(send_cookie) = 0;
}
}
/* }}} */
@@ -748,6 +788,7 @@ PHP_INI_BEGIN()
STD_PHP_INI_BOOLEAN("session.cookie_httponly", "", PHP_INI_ALL, OnUpdateBool, cookie_httponly, php_ps_globals, ps_globals)
STD_PHP_INI_BOOLEAN("session.use_cookies", "1", PHP_INI_ALL, OnUpdateBool, use_cookies, php_ps_globals, ps_globals)
STD_PHP_INI_BOOLEAN("session.use_only_cookies", "1", PHP_INI_ALL, OnUpdateBool, use_only_cookies, php_ps_globals, ps_globals)
+ STD_PHP_INI_BOOLEAN("session.use_strict_mode", "0", PHP_INI_ALL, OnUpdateBool, use_strict_mode, php_ps_globals, ps_globals)
STD_PHP_INI_ENTRY("session.referer_check", "", PHP_INI_ALL, OnUpdateString, extern_referer_chk, php_ps_globals, ps_globals)
#if HAVE_DEV_URANDOM
STD_PHP_INI_ENTRY("session.entropy_file", "/dev/urandom", PHP_INI_ALL, OnUpdateString, entropy_file, php_ps_globals, ps_globals)
@@ -1297,10 +1338,15 @@ PHPAPI const ps_serializer *_php_find_ps_serializer(char *name TSRMLS_DC) /* {{{
convert_to_string((*ppid)); \
PS(id) = estrndup(Z_STRVAL_PP(ppid), Z_STRLEN_PP(ppid))
-static void php_session_reset_id(TSRMLS_D) /* {{{ */
+PHPAPI void php_session_reset_id(TSRMLS_D) /* {{{ */
{
int module_number = PS(module_number);
+ if (!PS(id)) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot set session ID - session ID is not initialized");
+ return;
+ }
+
if (PS(use_cookies) && PS(send_cookie)) {
php_session_send_cookie(TSRMLS_C);
PS(send_cookie) = 0;
@@ -1447,19 +1493,14 @@ PHPAPI void php_session_start(TSRMLS_D) /* {{{ */
}
}
- php_session_initialize(TSRMLS_C);
-
- if (!PS(use_cookies) && PS(send_cookie)) {
- if (PS(use_trans_sid) && !PS(use_only_cookies)) {
- PS(apply_trans_sid) = 1;
- }
- PS(send_cookie) = 0;
+ /* Finally check session id for dangarous characters
+ * Security note: session id may be embedded in HTML pages.*/
+ if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\")) {
+ efree(PS(id));
+ PS(id) = NULL;
}
- php_session_reset_id(TSRMLS_C);
-
- PS(session_status) = php_session_active;
-
+ php_session_initialize(TSRMLS_C);
php_session_cache_limiter(TSRMLS_C);
if ((PS(mod_data) || PS(mod_user_implemented)) && PS(gc_probability) > 0) {
@@ -1775,9 +1816,9 @@ static PHP_FUNCTION(session_save_path)
static PHP_FUNCTION(session_id)
{
char *name = NULL;
- int name_len;
+ int name_len, argc = ZEND_NUM_ARGS();
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|s", &name, &name_len) == FAILURE) {
+ if (zend_parse_parameters(argc TSRMLS_CC, "|s", &name, &name_len) == FAILURE) {
return;
}
@@ -1788,6 +1829,9 @@ static PHP_FUNCTION(session_id)
}
if (name) {
+ if (PS(use_strict_mode) && argc) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Set session ID while session.use_strict_mode is enabled");
+ }
if (PS(id)) {
efree(PS(id));
}
@@ -1822,11 +1866,13 @@ static PHP_FUNCTION(session_regenerate_id)
}
PS(id) = PS(mod)->s_create_sid(&PS(mod_data), NULL TSRMLS_CC);
-
- PS(send_cookie) = 1;
- php_session_reset_id(TSRMLS_C);
-
- RETURN_TRUE;
+ if (PS(id)) {
+ PS(send_cookie) = 1;
+ php_session_reset_id(TSRMLS_C);
+ RETURN_TRUE;
+ } else {
+ PS(id) = STR_EMPTY_ALLOC();
+ }
}
RETURN_FALSE;
}
View
1 ext/session/tests/003.phpt
@@ -4,6 +4,7 @@ session object deserialization
<?php include('skipif.inc'); ?>
--INI--
session.use_cookies=0
+session.use_strict_mode=0
session.cache_limiter=
session.serialize_handler=php
session.save_handler=files
View
1 ext/session/tests/004.phpt
@@ -4,6 +4,7 @@ session_set_save_handler test
<?php include('skipif.inc'); ?>
--INI--
session.use_cookies=0
+session.use_strict_mode=0
session.cache_limiter=
session.name=PHPSESSID
session.serialize_handler=php
View
1 ext/session/tests/005.phpt
@@ -4,6 +4,7 @@ custom save handler, multiple session_start()s, complex data structure test.
<?php include('skipif.inc'); ?>
--INI--
session.use_cookies=0
+session.use_strict_mode=0
session.cache_limiter=
session.name=PHPSESSID
session.serialize_handler=php
View
1 ext/session/tests/006.phpt
@@ -4,6 +4,7 @@ correct instantiation of references between variables in sessions
<?php include('skipif.inc'); ?>
--INI--
session.use_cookies=0
+session.use_strict_mode=0
session.cache_limiter=
session.serialize_handler=php
session.save_handler=files
View
1 ext/session/tests/009.phpt
@@ -4,6 +4,7 @@ unset($_SESSION["name"]); test
<?php include('skipif.inc'); ?>
--INI--
session.use_cookies=0
+session.use_strict_mode=0
session.cache_limiter=
session.serialize_handler=php
session.save_handler=files
View
1 ext/session/tests/012.phpt
@@ -4,6 +4,7 @@ registering $_SESSION should not segfault
<?php include('skipif.inc'); ?>
--INI--
session.use_cookies=0
+session.use_strict_mode=0
session.cache_limiter=
session.serialize_handler=php
session.save_handler=files
View
1 ext/session/tests/013.phpt
@@ -4,6 +4,7 @@ redefining SID should not cause warnings
<?php include('skipif.inc'); ?>
--INI--
session.use_cookies=0
+session.use_strict_mode=0
session.cache_limiter=
session.serialize_handler=php
session.save_handler=files
View
1 ext/session/tests/014.phpt
@@ -5,6 +5,7 @@ a script should not be able to modify session.use_trans_sid
--INI--
session.use_trans_sid=0
session.use_cookies=0
+session.use_strict_mode=0
session.cache_limiter=
session.name=PHPSESSID
session.serialize_handler=php
View
1 ext/session/tests/015.phpt
@@ -6,6 +6,7 @@ use_trans_sid should not affect SID
session.use_trans_sid=1
session.use_cookies=0
session.use_only_cookies=0
+session.use_strict_mode=0
session.cache_limiter=
arg_separator.output=&
session.name=PHPSESSID
View
7 ext/session/tests/016.phpt
@@ -16,10 +16,11 @@ session.serialize_handler=php
<?php
error_reporting(E_ALL);
-@session_start();
+session_start();
$HTTP_SESSION_VARS["test"] = 1;
-@session_write_close();
+session_write_close();
print "I live\n";
?>
---EXPECT--
+--EXPECTF--
+Warning: session_write_close(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (123;:/really\completely:::/invalid;;,23123;213) in %s on line %d
I live
View
1 ext/session/tests/018.phpt
@@ -5,6 +5,7 @@ rewriter correctly handles attribute names which contain dashes
--INI--
session.use_cookies=0
session.use_only_cookies=0
+session.use_strict_mode=0
session.cache_limiter=
session.use_trans_sid=1
session.name=PHPSESSID
View
1 ext/session/tests/019.phpt
@@ -4,6 +4,7 @@ serializing references test case using globals
<?php include('skipif.inc'); ?>
--INI--
session.use_cookies=0
+session.use_strict_mode=0
session.cache_limiter=
session.serialize_handler=php
session.save_handler=files
View
1 ext/session/tests/020.phpt
@@ -5,6 +5,7 @@ rewriter uses arg_separator.output for modifying URLs
--INI--
session.use_cookies=0
session.use_only_cookies=0
+session.use_strict_mode=0
session.cache_limiter=
session.use_trans_sid=1
arg_separator.output="&amp;"
View
1 ext/session/tests/021.phpt
@@ -5,6 +5,7 @@ rewriter handles form and fieldset tags correctly
--INI--
session.use_cookies=0
session.use_only_cookies=0
+session.use_strict_mode=0
session.cache_limiter=
session.use_trans_sid=1
url_rewriter.tags="a=href,area=href,frame=src,input=src,form=,fieldset="
View
1 ext/session/tests/023.phpt
@@ -4,6 +4,7 @@ session object deserialization
<?php include('skipif.inc'); ?>
--INI--
session.use_cookies=0
+session.use_strict_mode=0
session.cache_limiter=
session.serialize_handler=php
session.save_handler=files
View
1 ext/session/tests/024.phpt
@@ -4,6 +4,7 @@ session_set_save_handler test
<?php include('skipif.inc'); ?>
--INI--
session.use_cookies=0
+session.use_strict_mode=0
session.cache_limiter=
session.name=PHPSESSID
session.serialize_handler=php
View
1 ext/session/tests/025.phpt
@@ -4,6 +4,7 @@ custom save handler, multiple session_start()s, complex data structure test.
<?php include('skipif.inc'); ?>
--INI--
session.use_cookies=0
+session.use_strict_mode=0
session.cache_limiter=
session.name=PHPSESSID
session.serialize_handler=php
View
1 ext/session/tests/026.phpt
@@ -4,6 +4,7 @@ correct instantiation of references between variables in sessions
<?php include('skipif.inc'); ?>
--INI--
session.use_cookies=0
+session.use_strict_mode=0
session.cache_limiter=
session.serialize_handler=php
session.save_handler=files
View
1 ext/session/tests/027.phpt
@@ -4,6 +4,7 @@ unset($_SESSION["name"]); should work
<?php include('skipif.inc'); ?>
--INI--
session.use_cookies=0
+session.use_strict_mode=0
session.cache_limiter=
session.serialize_handler=php
session.save_handler=files
View
1 ext/session/tests/030.phpt
@@ -4,6 +4,7 @@ redefining SID should not cause warnings
<?php include('skipif.inc'); ?>
--INI--
session.use_cookies=0
+session.use_strict_mode=0
session.cache_limiter=
session.serialize_handler=php
session.save_handler=files
View
1 ext/session/tests/bug41600.phpt
@@ -5,6 +5,7 @@ Bug #41600 (url rewriter tags doesn't work with namespaced tags)
--INI--
session.use_cookies=0
session.use_only_cookies=0
+session.use_strict_mode=0
session.cache_limiter=
session.use_trans_sid=1
arg_separator.output="&amp;"
View
3 ext/session/tests/bug60634.phpt
@@ -1,7 +1,5 @@
--TEST--
Bug #60634 (Segmentation fault when trying to die() in SessionHandler::write())
---XFAIL--
-Long term low priority bug, working on it
--INI--
session.save_path=
session.name=PHPSESSID
@@ -44,3 +42,4 @@ echo "um, hi\n";
?>
--EXPECTF--
write: goodbye cruel world
+close: goodbye cruel world
View
3 ext/session/tests/bug60634_error_1.phpt
@@ -1,7 +1,5 @@
--TEST--
Bug #60634 (Segmentation fault when trying to die() in SessionHandler::write()) - fatal error in write during exec
---XFAIL--
-Long term low priority bug, working on it
--INI--
session.save_path=
session.name=PHPSESSID
@@ -47,3 +45,4 @@ echo "um, hi\n";
write: goodbye cruel world
Fatal error: Call to undefined function undefined_function() in %s on line %d
+close: goodbye cruel world
View
7 ext/session/tests/bug60634_error_2.phpt
@@ -1,7 +1,5 @@
--TEST--
Bug #60634 (Segmentation fault when trying to die() in SessionHandler::write()) - exception in write during exec
---XFAIL--
-Long term low priority bug, working on it
--INI--
session.save_path=
session.name=PHPSESSID
@@ -47,3 +45,8 @@ echo "um, hi\n";
write: goodbye cruel world
Fatal error: Uncaught exception 'Exception' in %s
+Stack trace:
+#0 [internal function]: write('%s', '')
+#1 %s(%d): session_write_close()
+#2 {main}
+ thrown in %s on line %d
View
3 ext/session/tests/bug60634_error_3.phpt
@@ -1,7 +1,5 @@
--TEST--
Bug #60634 (Segmentation fault when trying to die() in SessionHandler::write()) - fatal error in write after exec
---XFAIL--
-Long term low priority bug, working on it
--INI--
session.save_path=
session.name=PHPSESSID
@@ -46,3 +44,4 @@ session_start();
write: goodbye cruel world
Fatal error: Call to undefined function undefined_function() in %s on line %d
+close: goodbye cruel world
View
7 ext/session/tests/bug60634_error_4.phpt
@@ -1,7 +1,5 @@
--TEST--
Bug #60634 (Segmentation fault when trying to die() in SessionHandler::write()) - exception in write after exec
---XFAIL--
-Long term low priority bug, working on it
--INI--
session.save_path=
session.name=PHPSESSID
@@ -46,3 +44,8 @@ session_start();
write: goodbye cruel world
Fatal error: Uncaught exception 'Exception' in %s
+Stack trace:
+#0 [internal function]: write('%s', '')
+#1 {main}
+ thrown in %s on line %d
+close: goodbye cruel world
View
10 ext/session/tests/rfc1867_sid_invalid.phpt
@@ -46,6 +46,16 @@ session_destroy();
?>
--EXPECTF--
Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
+
+Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
+
+Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct () in Unknown on line 0
+
+Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
+
+Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
+
+Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct () in Unknown on line 0
string(%d) "%s"
bool(true)
array(2) {
View
2 ext/session/tests/session_commit_variation4.phpt
@@ -2,6 +2,8 @@
Test session_commit() function : variation
--SKIPIF--
<?php include('skipif.inc'); ?>
+--INI--
+session.use_strict_mode=0
--FILE--
<?php
View
2 ext/session/tests/session_save_path_variation2.phpt
@@ -32,7 +32,7 @@ ob_end_flush();
*** Testing session_save_path() : variation ***
string(5) "/blah"
-Warning: session_start(): open(%s, O_RDWR) failed: No such file or directory (2) in %s on line %d
+Warning: session_start(): open(/blah/%s, O_RDWR) failed: No such file or directory (2) in %s on line %d
bool(true)
string(5) "/blah"
bool(true)
View
2 ext/session/tests/session_set_save_handler_error2.phpt
@@ -2,6 +2,8 @@
Test session_set_save_handler() function : error functionality
--SKIPIF--
<?php include('skipif.inc'); ?>
+--INI--
+error_reporting=0
--FILE--
<?php
View
1 ext/session/tests/session_set_save_handler_error3.phpt
@@ -40,4 +40,3 @@ Stack trace:
#1 %s(%d): session_start()
#2 {main}
thrown in %s on line %d
-
View
1 ext/session/tests/session_set_save_handler_error4.phpt
@@ -39,4 +39,3 @@ Warning: session_set_save_handler(): Argument 4 is not a valid callback in %s on
Warning: session_set_save_handler(): Argument 5 is not a valid callback in %s on line %d
Warning: session_set_save_handler(): Argument 6 is not a valid callback in %s on line %d
-
View
2 ext/session/tests/session_write_close_variation4.phpt
@@ -2,6 +2,8 @@
Test session_write_close() function : variation
--SKIPIF--
<?php include('skipif.inc'); ?>
+--INI--
+session.use_strict_mode=0
--FILE--
<?php

0 comments on commit 25e8fcc

Please sign in to comment.