From: Ilia Alshanetsky Date: Mon, 22 Mar 2010 12:16:45 +0000 (+0000) Subject: Fixed bug #51338 (URL-Rewriter is still enabled if use_only_cookies is on). X-Git-Tag: php-5.2.14RC1~80 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7c3ca34410bafa4532b3db9fe0920dbf881a2335;p=php Fixed bug #51338 (URL-Rewriter is still enabled if use_only_cookies is on). --- diff --git a/NEWS b/NEWS index c7f7594363..1cc3b4a14b 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,8 @@ PHP NEWS - Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert) +- Fixed bug #51338 (URL-Rewriter is still enabled if use_only_cookies is + on). (Ilia, j dot jeising at gmail dot com) - Fixed bug #51269 (zlib.output_compression Overwrites Vary Header). (Adam) - Fixed bug #51237 (milter SAPI crash on startup). (igmar at palsenberg dot com) - Fixed bug #51213 (pdo_mssql is trimming value of the money column). (Ilia, diff --git a/ext/session/session.c b/ext/session/session.c index 59ffd73a3f..4318aba023 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -1261,7 +1261,11 @@ PHPAPI void php_session_start(TSRMLS_D) /* {{{ */ int nrand; int lensess; - PS(apply_trans_sid) = PS(use_trans_sid); + if (PS(use_only_cookies)) { + PS(apply_trans_sid) = 0; + } else { + PS(apply_trans_sid) = PS(use_trans_sid); + } switch (PS(session_status)) { case php_session_active: @@ -1363,7 +1367,7 @@ PHPAPI void php_session_start(TSRMLS_D) /* {{{ */ efree(PS(id)); PS(id) = NULL; PS(send_cookie) = 1; - if (PS(use_trans_sid)) { + if (PS(use_trans_sid) && !PS(use_only_cookies)) { PS(apply_trans_sid) = 1; } } @@ -1371,7 +1375,7 @@ PHPAPI void php_session_start(TSRMLS_D) /* {{{ */ php_session_initialize(TSRMLS_C); if (!PS(use_cookies) && PS(send_cookie)) { - if (PS(use_trans_sid)) { + if (PS(use_trans_sid) && !PS(use_only_cookies)) { PS(apply_trans_sid) = 1; } PS(send_cookie) = 0;