From a081be13fc46fe27209a12ee4e28d89e9487b3df Mon Sep 17 00:00:00 2001 From: Ilia Alshanetsky Date: Thu, 27 Jul 2006 15:36:43 +0000 Subject: [PATCH] MFB: An improved fix for bug #38224 --- ext/session/mod_files.c | 1 + ext/session/php_session.h | 1 + ext/session/session.c | 7 ++++--- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c index 4c2a0a03d9..c4ae79310c 100644 --- a/ext/session/mod_files.c +++ b/ext/session/mod_files.c @@ -152,6 +152,7 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC) if (!ps_files_valid_key(key)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'"); + PS(invalid_session_id) = 1; return; } if (!ps_files_path_create(buf, sizeof(buf), data, key)) diff --git a/ext/session/php_session.h b/ext/session/php_session.h index 643be135dc..9cc39126da 100644 --- a/ext/session/php_session.h +++ b/ext/session/php_session.h @@ -123,6 +123,7 @@ typedef struct _php_ps_globals { long hash_bits_per_character; int send_cookie; int define_sid; + zend_bool invalid_session_id; /* allows the driver to report about an invalid session id and request id regeneration */ } php_ps_globals; typedef php_ps_globals zend_ps_globals; diff --git a/ext/session/session.c b/ext/session/session.c index 4b60fb2247..39b247ed8e 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -653,7 +653,6 @@ static void php_session_initialize(TSRMLS_D) { char *val; int vallen; - zend_bool make_new = 0; /* check session name for invalid characters */ if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\")) { @@ -679,7 +678,6 @@ new_session: if (PS(use_cookies)) { PS(send_cookie) = 1; } - make_new = 1; } /* Read data */ @@ -689,10 +687,13 @@ new_session: * session information */ php_session_track_init(TSRMLS_C); + PS(invalid_session_id) = 0; if (PS(mod)->s_read(&PS(mod_data), PS(id), &val, &vallen TSRMLS_CC) == SUCCESS) { php_session_decode(val, vallen TSRMLS_CC); efree(val); - } else if (!make_new) { + } else if (PS(invalid_session_id)) { /* address instances where the session read fails due to an invalid id */ + PS(invalid_session_id) = 0; + efree(PS(id)); goto new_session; } } -- 2.50.1