@ - Don't touch any globals in session_unset() if register_globals is set

@   to off. (Thies)

guys, shoot me if i'm wrong, but when we have set register_globals to off we
should _not_ touch any global variables at any time, right? so all session
register/unregister should only work on $HTTP_SESSION_VARS and $_SESSION. this
patch fixes at least one spot where we were touching globals even with
register_globals set to off.

diff --git a/ext/session/session.c b/ext/session/session.c
index 88d5d2574a78b300482095e8696b2276f76c0e50..69836bff5309ae28b4a0b573ae8f756f0ed981b8 100644 (file)
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -1374,13 +1374,15 @@ PHP_FUNCTION(session_unset)
        
        if (PS(session_status) == php_session_none)
                RETURN_FALSE;
-       
-       for (zend_hash_internal_pointer_reset(&PS(vars));
-                       zend_hash_get_current_key(&PS(vars), &variable, &num_key, 0) == HASH_KEY_IS_STRING;
-                       zend_hash_move_forward(&PS(vars))) {
-               if (zend_hash_find(&EG(symbol_table), variable, strlen(variable) + 1, (void **) &tmp)
-                               == SUCCESS)
-                       zend_hash_del(&EG(symbol_table), variable, strlen(variable) + 1);
+
+       if (PG(register_globals)) {
+               for (zend_hash_internal_pointer_reset(&PS(vars));
+                               zend_hash_get_current_key(&PS(vars), &variable, &num_key, 0) == HASH_KEY_IS_STRING;
+                               zend_hash_move_forward(&PS(vars))) {
+                       if (zend_hash_find(&EG(symbol_table), variable, strlen(variable) + 1, (void **) &tmp)
+                                       == SUCCESS)
+                               zend_hash_del(&EG(symbol_table), variable, strlen(variable) + 1);
+               }
        }
 
        /* Clean $HTTP_SESSION_VARS. */