From 2d9885c8cbbc2199bac4801eaef7c18c76f28033 Mon Sep 17 00:00:00 2001 From: Sara Golemon Date: Thu, 15 May 2014 14:00:15 -0700 Subject: [PATCH] Fix handling of session user module custom handlers. According to the documentation, returning TRUE from user based session handlers should indicate success, while returning FALSE should indicate failure. The existing logic relied on casting the return value to an integer and returning that from the function. However, the internal handlers use SUCCESS/FAILURE where SUCCESS == 0, and FAILURE == -1, so the following behavior map occurs: return false; => return 0; => return SUCCESS return true; => return 1; => return Since the session API checks against FAILURE, both boolean responses wind up appearing like "not FAILURE". This diff reasserts boolean responses to behave as documented and introduces some special handling for integer responses of 0 and -1 so that code can be written for older and newer versions of PHP. --- NEWS | 1 + ext/session/mod_user.c | 22 ++++++++++++++++------ 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/NEWS b/NEWS index 50ae046786..1badfb8579 100644 --- a/NEWS +++ b/NEWS @@ -12,6 +12,7 @@ PHP NEWS - Standard: . Removed call_user_method() and call_user_method_array() functions. (Kalle) + . Fix user session handlers (See rfc:session.user.return-value). (Sara) - XSL: . Fixed bug #64776 (The XSLT extension is not thread safe). (Mike) diff --git a/ext/session/mod_user.c b/ext/session/mod_user.c index 5573d4cdfd..6720987580 100644 --- a/ext/session/mod_user.c +++ b/ext/session/mod_user.c @@ -68,12 +68,22 @@ static zval *ps_call_handler(zval *func, int argc, zval **argv TSRMLS_DC) #define PSF(a) PS(mod_user_names).name.ps_##a -#define FINISH \ - if (retval) { \ - convert_to_long(retval); \ - ret = Z_LVAL_P(retval); \ - zval_ptr_dtor(&retval); \ - } \ +#define FINISH \ + if (retval) { \ + if (Z_TYPE_P(retval) == IS_BOOL) { \ + ret = Z_BVAL_P(retval) ? SUCCESS : FAILURE; \ + } else if ((Z_TYPE_P(retval) == IS_LONG) && (Z_LVAL_P(retval) == -1)) { \ + /* BC for clever users - Deprecate me */ \ + ret = FAILURE; \ + } else if ((Z_TYPE_P(retval) == IS_LONG) && (Z_LVAL_P(retval) == 0)) { \ + /* BC for clever users - Deprecate me */ \ + ret = SUCCESS; \ + } else { \ + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Session callback expects true/false return value"); \ + ret = FAILURE; \ + } \ + zval_ptr_dtor(&retval); \ + } \ return ret PS_OPEN_FUNC(user) -- 2.40.0