MFB: An improved fix for bug #38224

author Ilia Alshanetsky <iliaa@php.net>

Thu, 27 Jul 2006 15:36:43 +0000 (15:36 +0000)

committer Ilia Alshanetsky <iliaa@php.net>

Thu, 27 Jul 2006 15:36:43 +0000 (15:36 +0000)
author Ilia Alshanetsky <iliaa@php.net>
Thu, 27 Jul 2006 15:36:43 +0000 (15:36 +0000)
committer Ilia Alshanetsky <iliaa@php.net>
Thu, 27 Jul 2006 15:36:43 +0000 (15:36 +0000)
diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c

index 4c2a0a03d9f3e0fe4accc1f3887738b9b70b7e5d..c4ae79310c4c61e0ae885149008f62f698142c1b 100644 (file)
--- a/ext/session/mod_files.c
+++ b/ext/session/mod_files.c
@@ -152,6 +152,7 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC)
                 
                 if (!ps_files_valid_key(key)) {
                         php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'");
+                       PS(invalid_session_id) = 1;
                         return;
                 }
                 if (!ps_files_path_create(buf, sizeof(buf), data, key))
diff --git a/ext/session/php_session.h b/ext/session/php_session.h

index 643be135dcc25791687f5bd34bea216425bb6aaf..9cc39126da83976285bef704c84d31f6042f1423 100644 (file)
--- a/ext/session/php_session.h
+++ b/ext/session/php_session.h
@@ -123,6 +123,7 @@ typedef struct _php_ps_globals {
         long hash_bits_per_character;
         int send_cookie;
         int define_sid;
+       zend_bool invalid_session_id;   /* allows the driver to report about an invalid session id and request id regeneration */
  } php_ps_globals;
  
  typedef php_ps_globals zend_ps_globals;
diff --git a/ext/session/session.c b/ext/session/session.c

index 4b60fb22476957b4a60b355c65c9ec7f1861e0b9..39b247ed8e9d2d400f4db3434f70eb6edd4bc809 100644 (file)
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -653,7 +653,6 @@ static void php_session_initialize(TSRMLS_D)
  {
         char *val;
         int vallen;
-       zend_bool make_new = 0;
  
         /* check session name for invalid characters */
         if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\")) {
@@ -679,7 +678,6 @@ new_session:
                 if (PS(use_cookies)) {
                         PS(send_cookie) = 1;
                 }
-               make_new = 1;
         }
         
         /* Read data */
@@ -689,10 +687,13 @@ new_session:
          * session information
          */
         php_session_track_init(TSRMLS_C);
+       PS(invalid_session_id) = 0;
         if (PS(mod)->s_read(&PS(mod_data), PS(id), &val, &vallen TSRMLS_CC) == SUCCESS) {
                 php_session_decode(val, vallen TSRMLS_CC);
                 efree(val);
-       } else if (!make_new) {
+       } else if (PS(invalid_session_id)) { /* address instances where the session read fails due to an invalid id */
+               PS(invalid_session_id) = 0;
+               efree(PS(id));
                 goto new_session;
         }
  }
author	Ilia Alshanetsky <iliaa@php.net>
	Thu, 27 Jul 2006 15:36:43 +0000 (15:36 +0000)
committer	Ilia Alshanetsky <iliaa@php.net>
	Thu, 27 Jul 2006 15:36:43 +0000 (15:36 +0000)
ext/session/mod_files.c		patch \| blob \| history
ext/session/php_session.h		patch \| blob \| history
ext/session/session.c		patch \| blob \| history