From cc797d4fc3e6de1a21cbe91f810767cc491c7696 Mon Sep 17 00:00:00 2001 From: Yasuo Ohgaki Date: Thu, 1 Sep 2016 07:47:04 +0900 Subject: [PATCH] Fix bug #72940 properly. Reduce needless branches --- ext/session/session.c | 79 +++++++++++++++++++++---------------------- 1 file changed, 38 insertions(+), 41 deletions(-) diff --git a/ext/session/session.c b/ext/session/session.c index a47e78cdb2..4a61ae945f 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -1636,50 +1636,47 @@ PHPAPI void php_session_start(void) /* {{{ */ PS(define_sid) = 0; } } - - if (PS(define_sid) && !PS(id) && (data = zend_hash_str_find(&EG(symbol_table), "_GET", sizeof("_GET") - 1))) { - ZVAL_DEREF(data); - if (Z_TYPE_P(data) == IS_ARRAY && (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), lensess))) { - ppid2sid(ppid); + /* Initilize session ID from non cookie values */ + if (!PS(use_only_cookies)) { + if (!PS(id) && (data = zend_hash_str_find(&EG(symbol_table), "_GET", sizeof("_GET") - 1))) { + ZVAL_DEREF(data); + if (Z_TYPE_P(data) == IS_ARRAY && (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), lensess))) { + ppid2sid(ppid); + } } - } - - if (PS(define_sid) && !PS(id) && (data = zend_hash_str_find(&EG(symbol_table), "_POST", sizeof("_POST") - 1))) { - ZVAL_DEREF(data); - if (Z_TYPE_P(data) == IS_ARRAY && (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), lensess))) { - ppid2sid(ppid); + if (!PS(id) && (data = zend_hash_str_find(&EG(symbol_table), "_POST", sizeof("_POST") - 1))) { + ZVAL_DEREF(data); + if (Z_TYPE_P(data) == IS_ARRAY && (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), lensess))) { + ppid2sid(ppid); + } } - } - - /* Check the REQUEST_URI symbol for a string of the form - * '=' to allow URLs of the form - * http://yoursite/=/script.php */ - if (PS(define_sid) && !PS(id) && - zend_is_auto_global_str("_SERVER", sizeof("_SERVER") - 1) == SUCCESS && - (data = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), "REQUEST_URI", sizeof("REQUEST_URI") - 1)) && - Z_TYPE_P(data) == IS_STRING && - (p = strstr(Z_STRVAL_P(data), PS(session_name))) && - p[lensess] == '=' - ) { - char *q; - p += lensess + 1; - if ((q = strpbrk(p, "/?\\"))) { - PS(id) = zend_string_init(p, q - p, 0); + /* Check the REQUEST_URI symbol for a string of the form + * '=' to allow URLs of the form + * http://yoursite/=/script.php */ + if (!PS(id) && zend_is_auto_global_str("_SERVER", sizeof("_SERVER") - 1) == SUCCESS && + (data = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), "REQUEST_URI", sizeof("REQUEST_URI") - 1)) && + Z_TYPE_P(data) == IS_STRING && + (p = strstr(Z_STRVAL_P(data), PS(session_name))) && + p[lensess] == '=' + ) { + char *q; + p += lensess + 1; + if ((q = strpbrk(p, "/?\\"))) { + PS(id) = zend_string_init(p, q - p, 0); + } + } + /* Check whether the current request was referred to by + * an external site which invalidates the previously found id. */ + if (PS(id) && PS(extern_referer_chk)[0] != '\0' && + !Z_ISUNDEF(PG(http_globals)[TRACK_VARS_SERVER]) && + (data = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), "HTTP_REFERER", sizeof("HTTP_REFERER") - 1)) && + Z_TYPE_P(data) == IS_STRING && + Z_STRLEN_P(data) != 0 && + strstr(Z_STRVAL_P(data), PS(extern_referer_chk)) == NULL + ) { + zend_string_release(PS(id)); + PS(id) = NULL; } - } - - /* Check whether the current request was referred to by - * an external site which invalidates the previously found id. */ - if (PS(define_sid) && PS(id) && - PS(extern_referer_chk)[0] != '\0' && - !Z_ISUNDEF(PG(http_globals)[TRACK_VARS_SERVER]) && - (data = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), "HTTP_REFERER", sizeof("HTTP_REFERER") - 1)) && - Z_TYPE_P(data) == IS_STRING && - Z_STRLEN_P(data) != 0 && - strstr(Z_STRVAL_P(data), PS(extern_referer_chk)) == NULL - ) { - zend_string_release(PS(id)); - PS(id) = NULL; } } -- 2.40.0