Fix bug #73100 - Improve bug fix. Forbid to set 'user' save handler other than set_sa...

author Yasuo Ohgaki <yohgaki@php.net>

Thu, 22 Dec 2016 06:57:53 +0000 (15:57 +0900)

committer Yasuo Ohgaki <yohgaki@php.net>

Thu, 22 Dec 2016 07:04:28 +0000 (16:04 +0900)
author Yasuo Ohgaki <yohgaki@php.net>
Thu, 22 Dec 2016 06:57:53 +0000 (15:57 +0900)
committer Yasuo Ohgaki <yohgaki@php.net>
Thu, 22 Dec 2016 07:04:28 +0000 (16:04 +0900)
diff --git a/ext/session/php_session.h b/ext/session/php_session.h

index ceb4a1f4fd92be5aa1e49c191a54948dbb0b3a9b..abe4e441e4aff8189feb5c2cde4574c800c3515e 100644 (file)
--- a/ext/session/php_session.h
+++ b/ext/session/php_session.h
@@ -204,7 +204,8 @@ typedef struct _php_ps_globals {
  
         zend_bool use_strict_mode; /* whether or not PHP accepts unknown session ids */
         zend_bool lazy_write; /* omit session write when it is possible */
-       zend_bool in_save_handler; /* state that if session is in save handler or not */
+       zend_bool in_save_handler; /* state if session is in save handler or not */
+       zend_bool set_handler;     /* state if session module i setting handler or not */
         zend_string *session_vars; /* serialized original session data */
  } php_ps_globals;
  
diff --git a/ext/session/session.c b/ext/session/session.c

index f3aa6f2c3c6980b628a8e006c64e8e26f1d8958a..f005532ddde3c472479a3825a741fa5304d0385a 100644 (file)
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -113,6 +113,7 @@ static inline void php_rinit_session_globals(void) /* {{{ */
         PS(id) = NULL;
         PS(session_status) = php_session_none;
         PS(in_save_handler) = 0;
+       PS(set_handler) = 0;
         PS(mod_data) = NULL;
         PS(mod_user_is_open) = 0;
         PS(define_sid) = 1;
@@ -548,6 +549,13 @@ static PHP_INI_MH(OnUpdateSaveHandler) /* {{{ */
                 if (stage != ZEND_INI_STAGE_DEACTIVATE) {
                         php_error_docref(NULL, err_type, "Cannot find save handler '%s'", ZSTR_VAL(new_value));
                 }
+
+               return FAILURE;
+       }
+
+       /* "user" save handler should not be set by user */
+       if (!PS(set_handler) &&  tmp == ps_user_ptr) {
+               php_error_docref(NULL, E_RECOVERABLE_ERROR, "Cannot set 'user' save handler by ini_set() or sesion_module_name()");
                 return FAILURE;
         }
  
@@ -1929,7 +1937,9 @@ static PHP_FUNCTION(session_set_save_handler)
                 if (PS(mod) && PS(session_status) != php_session_active && PS(mod) != &ps_mod_user) {
                         ini_name = zend_string_init("session.save_handler", sizeof("session.save_handler") - 1, 0);
                         ini_val = zend_string_init("user", sizeof("user") - 1, 0);
+                       PS(set_handler) = 1;
                         zend_alter_ini_entry(ini_name, ini_val, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
+                       PS(set_handler) = 0;
                         zend_string_release(ini_val);
                         zend_string_release(ini_name);
                 }
@@ -1962,7 +1972,9 @@ static PHP_FUNCTION(session_set_save_handler)
         if (PS(mod) && PS(mod) != &ps_mod_user) {
                 ini_name = zend_string_init("session.save_handler", sizeof("session.save_handler") - 1, 0);
                 ini_val = zend_string_init("user", sizeof("user") - 1, 0);
+               PS(set_handler) = 1;
                 zend_alter_ini_entry(ini_name, ini_val, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
+               PS(set_handler) = 0;
                 zend_string_release(ini_val);
                 zend_string_release(ini_name);
         }
diff --git a/ext/session/tests/bug60860.phpt b/ext/session/tests/bug60860.phpt

index 8cd43a83e2f3bce8ad91ba690981ccfee7726d7c..5225649796532438939f95f8d1ab4b66cc03f2fc 100644 (file)
--- a/ext/session/tests/bug60860.phpt
+++ b/ext/session/tests/bug60860.phpt
@@ -12,7 +12,8 @@ echo "ok\n";
  
  ?>
  --EXPECTF--
-Warning: session_start(): user session functions not defined in %s on line 3
+PHP Recoverable fatal error:  PHP Startup: Cannot set 'user' save handler by ini_set() or sesion_module_name() in Unknown on line 0
  
-Warning: session_start(): Failed to initialize storage module: user (path: ) in %s on line 3
+Recoverable fatal error: PHP Startup: Cannot set 'user' save handler by ini_set() or sesion_module_name() in Unknown on line 0
  ok
+
diff --git a/ext/session/tests/bug73100.phpt b/ext/session/tests/bug73100.phpt

index 8a3d8ca2b95bfc585e05f45264f80cfb0b0971f6..c7669c083046de3da33aac7d4b94f47ec85fd802 100644 (file)
--- a/ext/session/tests/bug73100.phpt
+++ b/ext/session/tests/bug73100.phpt
@@ -10,6 +10,8 @@ ob_start();
  var_dump(session_start());
  session_module_name("user");
  var_dump(session_destroy());
+
+session_module_name("user");
  ?>
  ===DONE===
  --EXPECTF--
@@ -17,4 +19,6 @@ bool(true)
  
  Warning: session_module_name(): Cannot change save handler module when session is active in %s on line 4
  bool(true)
-===DONE===
+
+Recoverable fatal error: session_module_name(): Cannot set 'user' save handler by ini_set() or sesion_module_name() in %s on line 7
+
diff --git a/ext/session/tests/session_set_save_handler_class_014.phpt b/ext/session/tests/session_set_save_handler_class_014.phpt

index ea62beb0ff57eff2aec7ed93214f14229839372c..54cf6f3e10800bcfc636f04f35d48a1fbafc8473 100644 (file)
--- a/ext/session/tests/session_set_save_handler_class_014.phpt
+++ b/ext/session/tests/session_set_save_handler_class_014.phpt
@@ -25,6 +25,7 @@ session_set_save_handler($handler);
  session_start();
  
  --EXPECTF--
-*** Testing session_set_save_handler() : calling default handler when save_handler=user ***
+PHP Recoverable fatal error:  PHP Startup: Cannot set 'user' save handler by ini_set() or sesion_module_name() in Unknown on line 0
  
-Fatal error: SessionHandler::open(): Cannot call default session handler in %s on line %d
+Recoverable fatal error: PHP Startup: Cannot set 'user' save handler by ini_set() or sesion_module_name() in Unknown on line 0
+*** Testing session_set_save_handler() : calling default handler when save_handler=user ***
+\ No newline at end of file
author	Yasuo Ohgaki <yohgaki@php.net>
	Thu, 22 Dec 2016 06:57:53 +0000 (15:57 +0900)
committer	Yasuo Ohgaki <yohgaki@php.net>
	Thu, 22 Dec 2016 07:04:28 +0000 (16:04 +0900)
ext/session/php_session.h		patch \| blob \| history
ext/session/session.c		patch \| blob \| history
ext/session/tests/bug60860.phpt		patch \| blob \| history
ext/session/tests/bug73100.phpt		patch \| blob \| history
ext/session/tests/session_set_save_handler_class_014.phpt		patch \| blob \| history