From: Yasuo Ohgaki <yohgaki@php.net>
Date: Thu, 22 Dec 2016 06:57:53 +0000 (+0900)
Subject: Fix bug #73100 - Improve bug fix. Forbid to set 'user' save handler other than set_sa... 
X-Git-Tag: php-7.2.0alpha1~761
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a93a51c3bf4ea1638ce0adc4a899cb93531b9f0d;p=php

Fix bug #73100 - Improve bug fix. Forbid to set 'user' save handler other than set_save_handler().
---

diff --git a/ext/session/php_session.h b/ext/session/php_session.h
index ceb4a1f4fd..abe4e441e4 100644
--- a/ext/session/php_session.h
+++ b/ext/session/php_session.h
@@ -204,7 +204,8 @@ typedef struct _php_ps_globals {
 
 	zend_bool use_strict_mode; /* whether or not PHP accepts unknown session ids */
 	zend_bool lazy_write; /* omit session write when it is possible */
-	zend_bool in_save_handler; /* state that if session is in save handler or not */
+	zend_bool in_save_handler; /* state if session is in save handler or not */
+	zend_bool set_handler;     /* state if session module i setting handler or not */
 	zend_string *session_vars; /* serialized original session data */
 } php_ps_globals;
 
diff --git a/ext/session/session.c b/ext/session/session.c
index f3aa6f2c3c..f005532ddd 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -113,6 +113,7 @@ static inline void php_rinit_session_globals(void) /* {{{ */
 	PS(id) = NULL;
 	PS(session_status) = php_session_none;
 	PS(in_save_handler) = 0;
+	PS(set_handler) = 0;
 	PS(mod_data) = NULL;
 	PS(mod_user_is_open) = 0;
 	PS(define_sid) = 1;
@@ -548,6 +549,13 @@ static PHP_INI_MH(OnUpdateSaveHandler) /* {{{ */
 		if (stage != ZEND_INI_STAGE_DEACTIVATE) {
 			php_error_docref(NULL, err_type, "Cannot find save handler '%s'", ZSTR_VAL(new_value));
 		}
+
+		return FAILURE;
+	}
+
+	/* "user" save handler should not be set by user */
+	if (!PS(set_handler) &&  tmp == ps_user_ptr) {
+		php_error_docref(NULL, E_RECOVERABLE_ERROR, "Cannot set 'user' save handler by ini_set() or sesion_module_name()");
 		return FAILURE;
 	}
 
@@ -1929,7 +1937,9 @@ static PHP_FUNCTION(session_set_save_handler)
 		if (PS(mod) && PS(session_status) != php_session_active && PS(mod) != &ps_mod_user) {
 			ini_name = zend_string_init("session.save_handler", sizeof("session.save_handler") - 1, 0);
 			ini_val = zend_string_init("user", sizeof("user") - 1, 0);
+			PS(set_handler) = 1;
 			zend_alter_ini_entry(ini_name, ini_val, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
+			PS(set_handler) = 0;
 			zend_string_release(ini_val);
 			zend_string_release(ini_name);
 		}
@@ -1962,7 +1972,9 @@ static PHP_FUNCTION(session_set_save_handler)
 	if (PS(mod) && PS(mod) != &ps_mod_user) {
 		ini_name = zend_string_init("session.save_handler", sizeof("session.save_handler") - 1, 0);
 		ini_val = zend_string_init("user", sizeof("user") - 1, 0);
+		PS(set_handler) = 1;
 		zend_alter_ini_entry(ini_name, ini_val, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
+		PS(set_handler) = 0;
 		zend_string_release(ini_val);
 		zend_string_release(ini_name);
 	}
diff --git a/ext/session/tests/bug60860.phpt b/ext/session/tests/bug60860.phpt
index 8cd43a83e2..5225649796 100644
--- a/ext/session/tests/bug60860.phpt
+++ b/ext/session/tests/bug60860.phpt
@@ -12,7 +12,8 @@ echo "ok\n";
 
 ?>
 --EXPECTF--
-Warning: session_start(): user session functions not defined in %s on line 3
+PHP Recoverable fatal error:  PHP Startup: Cannot set 'user' save handler by ini_set() or sesion_module_name() in Unknown on line 0
 
-Warning: session_start(): Failed to initialize storage module: user (path: ) in %s on line 3
+Recoverable fatal error: PHP Startup: Cannot set 'user' save handler by ini_set() or sesion_module_name() in Unknown on line 0
 ok
+
diff --git a/ext/session/tests/bug73100.phpt b/ext/session/tests/bug73100.phpt
index 8a3d8ca2b9..c7669c0830 100644
--- a/ext/session/tests/bug73100.phpt
+++ b/ext/session/tests/bug73100.phpt
@@ -10,6 +10,8 @@ ob_start();
 var_dump(session_start());
 session_module_name("user");
 var_dump(session_destroy());
+
+session_module_name("user");
 ?>
 ===DONE===
 --EXPECTF--
@@ -17,4 +19,6 @@ bool(true)
 
 Warning: session_module_name(): Cannot change save handler module when session is active in %s on line 4
 bool(true)
-===DONE===
+
+Recoverable fatal error: session_module_name(): Cannot set 'user' save handler by ini_set() or sesion_module_name() in %s on line 7
+
diff --git a/ext/session/tests/session_set_save_handler_class_014.phpt b/ext/session/tests/session_set_save_handler_class_014.phpt
index ea62beb0ff..54cf6f3e10 100644
--- a/ext/session/tests/session_set_save_handler_class_014.phpt
+++ b/ext/session/tests/session_set_save_handler_class_014.phpt
@@ -25,6 +25,7 @@ session_set_save_handler($handler);
 session_start();
 
 --EXPECTF--
-*** Testing session_set_save_handler() : calling default handler when save_handler=user ***
+PHP Recoverable fatal error:  PHP Startup: Cannot set 'user' save handler by ini_set() or sesion_module_name() in Unknown on line 0
 
-Fatal error: SessionHandler::open(): Cannot call default session handler in %s on line %d
+Recoverable fatal error: PHP Startup: Cannot set 'user' save handler by ini_set() or sesion_module_name() in Unknown on line 0
+*** Testing session_set_save_handler() : calling default handler when save_handler=user ***
\ No newline at end of file