From 072ef62f6eacce76bb4975bf0cd209f192978c9e Mon Sep 17 00:00:00 2001 From: dreamsxin Date: Wed, 8 Mar 2017 10:40:10 +0800 Subject: [PATCH] Add warning for change session id when session is active --- ext/session/session.c | 5 +++ ext/session/tests/session_id_error2.phpt | 15 ++++----- ext/session/tests/session_id_error3.phpt | 40 ++++++++++++------------ 3 files changed, 33 insertions(+), 27 deletions(-) diff --git a/ext/session/session.c b/ext/session/session.c index f359c1faf9..84da1073f0 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -2040,6 +2040,11 @@ static PHP_FUNCTION(session_id) RETURN_FALSE; } + if (name && PS(session_status) == php_session_active) { + php_error_docref(NULL, E_WARNING, "Cannot change session id when session is active"); + RETURN_FALSE; + } + if (PS(id)) { /* keep compatibility for "\0" characters ??? * see: ext/session/tests/session_id_error3.phpt */ diff --git a/ext/session/tests/session_id_error2.phpt b/ext/session/tests/session_id_error2.phpt index 05284e797b..0d256564b6 100644 --- a/ext/session/tests/session_id_error2.phpt +++ b/ext/session/tests/session_id_error2.phpt @@ -7,20 +7,20 @@ Test session_id() function : error functionality ob_start(); -/* +/* * Prototype : string session_id([string $id]) * Description : Get and/or set the current session id - * Source code : ext/session/session.c + * Source code : ext/session/session.c */ echo "*** Testing session_id() : error functionality ***\n"; -var_dump(session_id()); -var_dump(session_start()); var_dump(session_id("test")); var_dump(session_id()); var_dump(session_id("1234567890")); var_dump(session_id()); +var_dump(session_start()); +var_dump(session_id("1234567890")); var_dump(session_destroy()); var_dump(session_id()); @@ -30,12 +30,13 @@ ob_end_flush(); --EXPECTF-- *** Testing session_id() : error functionality *** string(0) "" -bool(true) -string(%d) "%s" string(4) "test" string(4) "test" string(10) "1234567890" bool(true) + +Warning: session_id(): Cannot change session id when session is active in %s on line %d +bool(false) +bool(true) string(0) "" Done - diff --git a/ext/session/tests/session_id_error3.phpt b/ext/session/tests/session_id_error3.phpt index fc291389d9..e6404eb70e 100644 --- a/ext/session/tests/session_id_error3.phpt +++ b/ext/session/tests/session_id_error3.phpt @@ -15,40 +15,40 @@ ob_start(); echo "*** Testing session_id() : error functionality ***\n"; -@session_start(); var_dump(session_id()); var_dump(session_id("!")); var_dump(session_id()); +@session_start(); @session_destroy(); -@session_start(); var_dump(session_id()); var_dump(session_id("?><")); var_dump(session_id()); +@session_start(); @session_destroy(); -@session_start(); var_dump(session_id()); -var_dump(session_id("£$%^&*()")); +var_dump(session_id("\xa3$%^&*()")); var_dump(session_id()); +@session_start(); @session_destroy(); -@session_start(); var_dump(session_id()); var_dump(session_id("\r\n")); var_dump(session_id()); +@session_start(); @session_destroy(); -@session_start(); var_dump(session_id()); var_dump(session_id("\0")); var_dump(session_id()); +@session_start(); @session_destroy(); -@session_start(); var_dump(session_id()); -var_dump(session_id("¬``@~:{>?><,./[]+--")); +var_dump(session_id("\xac``@~:{>?><,./[]+--")); var_dump(session_id()); +@session_start(); @session_destroy(); echo "Done"; @@ -56,24 +56,24 @@ ob_end_flush(); ?> --EXPECTF-- *** Testing session_id() : error functionality *** -string(%d) "%s" -string(%d) "%s" +string(0) "" +string(0) "" string(1) "!" -string(%d) "%s" -string(%d) "%s" +string(0) "" +string(0) "" string(3) "?><" -string(%d) "%s" -string(%d) "%s" +string(0) "" +string(0) "" string(8) "£$%^&*()" -string(%d) "%s" -string(%d) "%s" +string(0) "" +string(0) "" string(2) " " -string(%d) "%s" -string(%d) "%s" string(0) "" -string(%d) "%s" -string(%d) "%s" +string(0) "" +string(0) "" +string(0) "" +string(0) "" string(19) "¬``@~:{>?><,./[]+--" Done -- 2.50.1