Fix Bug #73461

author Yasuo Ohgaki <yohgaki@php.net>

Thu, 10 Nov 2016 07:03:41 +0000 (16:03 +0900)

committer Joe Watkins <krakjoe@php.net>

Wed, 16 Nov 2016 05:08:28 +0000 (05:08 +0000)
author Yasuo Ohgaki <yohgaki@php.net>
Thu, 10 Nov 2016 07:03:41 +0000 (16:03 +0900)
committer Joe Watkins <krakjoe@php.net>
Wed, 16 Nov 2016 05:08:28 +0000 (05:08 +0000)
diff --git a/ext/session/mod_user.c b/ext/session/mod_user.c

index 0cdbaf96f9d585a4b59626786b8db2b60ef3843f..0a54204cc9d2b81d28428a5bbc3615ff4e209204 100644 (file)
--- a/ext/session/mod_user.c
+++ b/ext/session/mod_user.c
@@ -75,7 +75,15 @@ PS_OPEN_FUNC(user)
         zval args[2];
         STDVARS;
  
+       if (PS(in_save_handler)) {
+               PS(in_save_handler) = 0;
+               php_error_docref(NULL, E_WARNING, "Cannot call save handler function recursive manner");
+               return FAILURE;
+       }
+       PS(in_save_handler) = 1;
+
         if (Z_ISUNDEF(PSF(open))) {
+               PS(in_save_handler) = 0;
                 php_error_docref(NULL, E_WARNING,
                         "user session functions not defined");
  
@@ -88,6 +96,7 @@ PS_OPEN_FUNC(user)
         zend_try {
                 ps_call_handler(&PSF(open), 2, args, &retval);
         } zend_catch {
+               PS(in_save_handler) = 0;
                 PS(session_status) = php_session_none;
                 if (!Z_ISUNDEF(retval)) {
                         zval_ptr_dtor(&retval);
@@ -97,6 +106,7 @@ PS_OPEN_FUNC(user)
  
         PS(mod_user_implemented) = 1;
  
+       PS(in_save_handler) = 0;
         FINISH;
  }
  
@@ -105,8 +115,16 @@ PS_CLOSE_FUNC(user)
         zend_bool bailout = 0;
         STDVARS;
  
+       if (PS(in_save_handler)) {
+               PS(in_save_handler) = 0;
+               php_error_docref(NULL, E_WARNING, "Cannot call save handler function recursive manner");
+               return FAILURE;
+       }
+       PS(in_save_handler) = 1;
+
         if (!PS(mod_user_implemented)) {
                 /* already closed */
+               PS(in_save_handler) = 0;
                 return SUCCESS;
         }
  
@@ -119,12 +137,14 @@ PS_CLOSE_FUNC(user)
         PS(mod_user_implemented) = 0;
  
         if (bailout) {
+               PS(in_save_handler) = 0;
                 if (!Z_ISUNDEF(retval)) {
                         zval_ptr_dtor(&retval);
                 }
                 zend_bailout();
         }
  
+       PS(in_save_handler) = 0;
         FINISH;
  }
  
@@ -133,6 +153,13 @@ PS_READ_FUNC(user)
         zval args[1];
         STDVARS;
  
+       if (PS(in_save_handler)) {
+               PS(in_save_handler) = 0;
+               php_error_docref(NULL, E_WARNING, "Cannot call save handler function recursive manner");
+               return FAILURE;
+       }
+       PS(in_save_handler) = 1;
+
         ZVAL_STR_COPY(&args[0], key);
  
         ps_call_handler(&PSF(read), 1, args, &retval);
@@ -145,6 +172,7 @@ PS_READ_FUNC(user)
                 zval_ptr_dtor(&retval);
         }
  
+       PS(in_save_handler) = 0;
         return ret;
  }
  
@@ -153,11 +181,19 @@ PS_WRITE_FUNC(user)
         zval args[2];
         STDVARS;
  
+       if (PS(in_save_handler)) {
+               PS(in_save_handler) = 0;
+               php_error_docref(NULL, E_WARNING, "Cannot call save handler function recursive manner");
+               return FAILURE;
+       }
+       PS(in_save_handler) = 1;
+
         ZVAL_STR_COPY(&args[0], key);
         ZVAL_STR_COPY(&args[1], val);
  
         ps_call_handler(&PSF(write), 2, args, &retval);
  
+       PS(in_save_handler) = 0;
         FINISH;
  }
  
@@ -166,10 +202,18 @@ PS_DESTROY_FUNC(user)
         zval args[1];
         STDVARS;
  
+       if (PS(in_save_handler)) {
+               PS(in_save_handler) = 0;
+               php_error_docref(NULL, E_WARNING, "Cannot call save handler function recursive manner");
+               return FAILURE;
+       }
+       PS(in_save_handler) = 1;
+
         ZVAL_STR_COPY(&args[0], key);
  
         ps_call_handler(&PSF(destroy), 1, args, &retval);
  
+       PS(in_save_handler) = 0;
         FINISH;
  }
  
@@ -178,24 +222,41 @@ PS_GC_FUNC(user)
         zval args[1];
         zval retval;
  
+       if (PS(in_save_handler)) {
+               PS(in_save_handler) = 0;
+               php_error_docref(NULL, E_WARNING, "Cannot call save handler function recursive manner");
+               return FAILURE;
+       }
+       PS(in_save_handler) = 1;
+
         ZVAL_LONG(&args[0], maxlifetime);
  
         ps_call_handler(&PSF(gc), 1, args, &retval);
  
         if (Z_TYPE(retval) == IS_LONG) {
                 convert_to_long(&retval);
+               PS(in_save_handler) = 0;
                 return Z_LVAL(retval);
         }
         /* This is for older API compatibility */
         if (Z_TYPE(retval) == IS_TRUE) {
+               PS(in_save_handler) = 0;
                 return 1;
         }
+       PS(in_save_handler) = 0;
         /* Anything else is some kind of error */
         return -1; // Error
  }
  
  PS_CREATE_SID_FUNC(user)
  {
+       if (PS(in_save_handler)) {
+               PS(in_save_handler) = 0;
+               php_error_docref(NULL, E_WARNING, "Cannot call save handler function recursive manner");
+               return FAILURE;
+       }
+       PS(in_save_handler) = 1;
+
         /* maintain backwards compatibility */
         if (!Z_ISUNDEF(PSF(create_sid))) {
                 zend_string *id = NULL;
@@ -209,24 +270,35 @@ PS_CREATE_SID_FUNC(user)
                         }
                         zval_ptr_dtor(&retval);
                 } else {
+                       PS(in_save_handler) = 0;
                         zend_throw_error(NULL, "No session id returned by function");
                         return NULL;
                 }
  
                 if (!id) {
+                       PS(in_save_handler) = 0;
                         zend_throw_error(NULL, "Session id must be a string");
                         return NULL;
                 }
  
+               PS(in_save_handler) = 0;
                 return id;
         }
  
+       PS(in_save_handler) = 0;
         /* function as defined by PS_MOD */
         return php_session_create_id(mod_data);
  }
  
  PS_VALIDATE_SID_FUNC(user)
  {
+       if (PS(in_save_handler)) {
+               PS(in_save_handler) = 0;
+               php_error_docref(NULL, E_WARNING, "Cannot call save handler function recursive manner");
+               return FAILURE;
+       }
+       PS(in_save_handler) = 1;
+
         /* maintain backwards compatibility */
         if (!Z_ISUNDEF(PSF(validate_sid))) {
                 zval args[1];
@@ -236,9 +308,11 @@ PS_VALIDATE_SID_FUNC(user)
  
                 ps_call_handler(&PSF(validate_sid), 1, args, &retval);
  
+               PS(in_save_handler) = 0;
                 FINISH;
         }
  
+       PS(in_save_handler) = 0;
         /* dummy function defined by PS_MOD */
         return php_session_validate_sid(mod_data, key);
  }
@@ -248,6 +322,13 @@ PS_UPDATE_TIMESTAMP_FUNC(user)
         zval args[2];
         STDVARS;
  
+       if (PS(in_save_handler)) {
+               PS(in_save_handler) = 0;
+               php_error_docref(NULL, E_WARNING, "Cannot call save handler function recursive manner");
+               return FAILURE;
+       }
+       PS(in_save_handler) = 1;
+
         ZVAL_STR_COPY(&args[0], key);
         ZVAL_STR_COPY(&args[1], val);
  
@@ -258,6 +339,7 @@ PS_UPDATE_TIMESTAMP_FUNC(user)
                 ps_call_handler(&PSF(write), 2, args, &retval);
         }
  
+       PS(in_save_handler) = 0;
         FINISH;
  }
  
diff --git a/ext/session/php_session.h b/ext/session/php_session.h

index da5e48515a43ed5a9a3da27b68c65cae40712cb2..775527c2f61b389cdef826a45d6b107dce88bae4 100644 (file)
--- a/ext/session/php_session.h
+++ b/ext/session/php_session.h
@@ -205,6 +205,7 @@ typedef struct _php_ps_globals {
         zend_bool use_strict_mode; /* whether or not PHP accepts unknown session ids */
         zend_bool lazy_write; /* omit session write when it is possible */
         zend_string *session_vars; /* serialized original session data */
+       zend_bool in_save_handler; /* state that if session is in save handler or not */
  } php_ps_globals;
  
  typedef php_ps_globals zend_ps_globals;
diff --git a/ext/session/session.c b/ext/session/session.c

index 5484390c7e9f8a12165c3f7faf78cdbf7d65113c..bbc531aa730d14f71fe9f863f3c71fa488e58d07 100644 (file)
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -106,6 +106,7 @@ static inline void php_rinit_session_globals(void) /* {{{ */
         /* TODO: These could be moved to MINIT and removed. These should be initialized by php_rshutdown_session_globals() always when execution is finished. */
         PS(id) = NULL;
         PS(session_status) = php_session_none;
+       PS(in_save_handler) = 0;
         PS(mod_data) = NULL;
         PS(mod_user_is_open) = 0;
         PS(define_sid) = 1;
@@ -2035,7 +2036,7 @@ static PHP_FUNCTION(session_create_id)
                 }
         }
  
-       if (PS(session_status) == php_session_active) {
+       if (!PS(in_save_handler) && PS(session_status) == php_session_active) {
                 int limit = 3;
                 while (limit--) {
                         new_id = PS(mod)->s_create_sid(&PS(mod_data));
diff --git a/ext/session/tests/bug60634.phpt b/ext/session/tests/bug60634.phpt

index b2f507628729f5364e69dd443961baefac43d930..c21c6360a6a583d84fece3a632ce2c8be8a04cc9 100644 (file)
--- a/ext/session/tests/bug60634.phpt
+++ b/ext/session/tests/bug60634.phpt
@@ -40,16 +40,16 @@ session_write_close();
  echo "um, hi\n";
  
  /*
-FIXME: Since session module try to write/close session data in
-RSHUTDOWN, write() is executed twices. This is caused by undefined
-function error and zend_bailout(). Current session module codes
-depends on this behavior. These codes should be modified to remove
-multiple write().
-*/
+ * This test raises error in Unknown function because 2nd close write handler is
+ * called at request shutdown and session module detects recursive call like
+ * multiple save handler calls.
+ */
  
  ?>
  --EXPECTF--
  write: goodbye cruel world
-write: goodbye cruel world
-close: goodbye cruel world
  
+Warning: Unknown: Cannot call save handler function recursive manner in Unknown on line 0
+
+Warning: Unknown: Failed to write session data using user defined save handler. (session.save_path: ) in Unknown on line 0
+close: goodbye cruel world
diff --git a/ext/session/tests/bug60634_error_3.phpt b/ext/session/tests/bug60634_error_3.phpt

index b7840b04f9de2b7447458f3db4778869f92c64b1..b38899b8c12d4113a747c9a6881b5f4621c9984b 100644 (file)
--- a/ext/session/tests/bug60634_error_3.phpt
+++ b/ext/session/tests/bug60634_error_3.phpt
@@ -48,4 +48,5 @@ Stack trace:
  #0 [internal function]: write(%s, '')
  #1 {main}
    thrown in %s on line %d
-close: goodbye cruel world
+
+Warning: Unknown: Cannot call save handler function recursive manner in Unknown on line 0
diff --git a/ext/session/tests/bug60634_error_4.phpt b/ext/session/tests/bug60634_error_4.phpt

index 7970b35c7a8059f290be5726a96ef756982e6816..3ac624797475542510bf505995ab32de694c6154 100644 (file)
--- a/ext/session/tests/bug60634_error_4.phpt
+++ b/ext/session/tests/bug60634_error_4.phpt
@@ -48,5 +48,5 @@ Stack trace:
  #0 [internal function]: write('%s', '')
  #1 {main}
    thrown in %s on line %d
-close: goodbye cruel world
  
+Warning: Unknown: Cannot call save handler function recursive manner in Unknown on line 0
author	Yasuo Ohgaki <yohgaki@php.net>
	Thu, 10 Nov 2016 07:03:41 +0000 (16:03 +0900)
committer	Joe Watkins <krakjoe@php.net>
	Wed, 16 Nov 2016 05:08:28 +0000 (05:08 +0000)
ext/session/mod_user.c		patch \| blob \| history
ext/session/php_session.h		patch \| blob \| history
ext/session/session.c		patch \| blob \| history
ext/session/tests/bug60634.phpt		patch \| blob \| history
ext/session/tests/bug60634_error_3.phpt		patch \| blob \| history
ext/session/tests/bug60634_error_4.phpt		patch \| blob \| history