From: Ilia Alshanetsky <iliaa@php.net>
Date: Thu, 27 Jul 2006 15:33:16 +0000 (+0000)
Subject: An improved fix for bug #38224
X-Git-Tag: php-5.2.0RC2~175
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=96324fb67ff399c071d2af73db82f292c7af9ec6;p=php

An improved fix for bug #38224
---

diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c
index 4c2a0a03d9..c4ae79310c 100644
--- a/ext/session/mod_files.c
+++ b/ext/session/mod_files.c
@@ -152,6 +152,7 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC)
 		
 		if (!ps_files_valid_key(key)) {
 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'");
+			PS(invalid_session_id) = 1;
 			return;
 		}
 		if (!ps_files_path_create(buf, sizeof(buf), data, key))
diff --git a/ext/session/php_session.h b/ext/session/php_session.h
index bc3dbcbf7e..772255618b 100644
--- a/ext/session/php_session.h
+++ b/ext/session/php_session.h
@@ -125,6 +125,7 @@ typedef struct _php_ps_globals {
 	long hash_bits_per_character;
 	int send_cookie;
 	int define_sid;
+	zend_bool invalid_session_id;	/* allows the driver to report about an invalid session id and request id regeneration */
 } php_ps_globals;
 
 typedef php_ps_globals zend_ps_globals;
diff --git a/ext/session/session.c b/ext/session/session.c
index 65c52f6ddb..6d79ae1ec9 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -745,7 +745,6 @@ static void php_session_initialize(TSRMLS_D)
 {
 	char *val;
 	int vallen;
-	zend_bool make_new = 0;
 
 	/* check session name for invalid characters */
 	if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\")) {
@@ -771,7 +770,6 @@ new_session:
 		if (PS(use_cookies)) {
 			PS(send_cookie) = 1;
 		}
-		make_new = 1;
 	}
 	
 	/* Read data */
@@ -781,10 +779,13 @@ new_session:
 	 * session information
 	 */
 	php_session_track_init(TSRMLS_C);
+	PS(invalid_session_id) = 0;
 	if (PS(mod)->s_read(&PS(mod_data), PS(id), &val, &vallen TSRMLS_CC) == SUCCESS) {
 		php_session_decode(val, vallen TSRMLS_CC);
 		efree(val);
-	} else if (!make_new) {
+	} else if (PS(invalid_session_id)) { /* address instances where the session read fails due to an invalid id */
+		PS(invalid_session_id) = 0;
+		efree(PS(id));
 		goto new_session;
 	}
 }