From: Thies C. Arntzen Date: Thu, 17 Jan 2002 18:56:11 +0000 (+0000) Subject: @ - Don't touch any globals in session_unset() if register_globals is set X-Git-Tag: PRE_ISSET_PATCH~177 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=53f8b2d28b2d38da4eb6e08069c13fa85aa7a0ed;p=php @ - Don't touch any globals in session_unset() if register_globals is set @ to off. (Thies) guys, shoot me if i'm wrong, but when we have set register_globals to off we should _not_ touch any global variables at any time, right? so all session register/unregister should only work on $HTTP_SESSION_VARS and $_SESSION. this patch fixes at least one spot where we were touching globals even with register_globals set to off. --- diff --git a/ext/session/session.c b/ext/session/session.c index 88d5d2574a..69836bff53 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -1374,13 +1374,15 @@ PHP_FUNCTION(session_unset) if (PS(session_status) == php_session_none) RETURN_FALSE; - - for (zend_hash_internal_pointer_reset(&PS(vars)); - zend_hash_get_current_key(&PS(vars), &variable, &num_key, 0) == HASH_KEY_IS_STRING; - zend_hash_move_forward(&PS(vars))) { - if (zend_hash_find(&EG(symbol_table), variable, strlen(variable) + 1, (void **) &tmp) - == SUCCESS) - zend_hash_del(&EG(symbol_table), variable, strlen(variable) + 1); + + if (PG(register_globals)) { + for (zend_hash_internal_pointer_reset(&PS(vars)); + zend_hash_get_current_key(&PS(vars), &variable, &num_key, 0) == HASH_KEY_IS_STRING; + zend_hash_move_forward(&PS(vars))) { + if (zend_hash_find(&EG(symbol_table), variable, strlen(variable) + 1, (void **) &tmp) + == SUCCESS) + zend_hash_del(&EG(symbol_table), variable, strlen(variable) + 1); + } } /* Clean $HTTP_SESSION_VARS. */