diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c index 621c4e1..a21e0ca 100644 --- a/ext/session/mod_files.c +++ b/ext/session/mod_files.c @@ -61,40 +61,9 @@ typedef struct { } ps_files; ps_module ps_mod_files = { - PS_MOD(files) + PS_MOD_SID(files) }; -/* If you change the logic here, please also update the error message in - * ps_files_open() appropriately */ -static int ps_files_valid_key(const char *key) -{ - size_t len; - const char *p; - char c; - int ret = 1; - - for (p = key; (c = *p); p++) { - /* valid characters are a..z,A..Z,0..9 */ - if (!((c >= 'a' && c <= 'z') - || (c >= 'A' && c <= 'Z') - || (c >= '0' && c <= '9') - || c == ',' - || c == '-')) { - ret = 0; - break; - } - } - - len = p - key; - - /* Somewhat arbitrary length limit here, but should be way more than - anyone needs and avoids file-level warnings later on if we exceed MAX_PATH */ - if (len == 0 || len > 128) { - ret = 0; - } - - return ret; -} static char *ps_files_path_create(char *buf, size_t buflen, ps_files *data, const char *key) { @@ -155,11 +124,12 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC) ps_files_close(data); - if (!ps_files_valid_key(key)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'"); + if (php_session_validate_key(key) == FAILURE) { PS(invalid_session_id) = 1; + php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'"); return; } + if (!ps_files_path_create(buf, sizeof(buf), data, key)) { return; } @@ -253,6 +223,51 @@ static int ps_files_cleanup_dir(const char *dirname, int maxlifetime TSRMLS_DC) return (nrdels); } +static int ps_files_validate_sid(ps_files *data, char *key TSRMLS_DC) +{ + char buf[MAXPATHLEN]; + int fd; + + if (php_session_validate_key(key) == FAILURE) { + PS(invalid_session_id) = 1; + php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'"); + return FAILURE; + } + + if (!ps_files_path_create(buf, sizeof(buf), data, key)) { + PS(invalid_session_id) = 1; + return FAILURE; + } + + fd = VCWD_OPEN_MODE(buf, O_RDWR | O_BINARY, data->filemode); + + if (fd != -1) { + close(fd); + return SUCCESS; + } + + PS(invalid_session_id) = 1; + return FAILURE; +} + +static int ps_files_check_collision(ps_files *data, char *key TSRMLS_DC) +{ + char buf[MAXPATHLEN]; + struct stat sbuf; + + if (!ps_files_path_create(buf, sizeof(buf), data, key)) { + PS(invalid_session_id) = 1; + return FAILURE; + } + + if (!VCWD_STAT(buf, &sbuf)) { + PS(invalid_session_id) = 1; + return FAILURE; + } + return SUCCESS; +} + + #define PS_FILES_DATA ps_files *data = PS_GET_MOD_DATA() PS_OPEN_FUNC(files) @@ -263,6 +278,7 @@ PS_OPEN_FUNC(files) int argc = 0; size_t dirdepth = 0; int filemode = 0600; + int cnt = 0; if (*save_path == '\0') { /* if save path is an empty string, determine the temporary dir */ @@ -316,6 +332,29 @@ PS_OPEN_FUNC(files) } PS_SET_MOD_DATA(data); + /* If there is an ID and strict mode, verify it */ + if (PS(id) && PS(use_strict_mode) + && ps_files_validate_sid(data, PS(id) TSRMLS_CC) == FAILURE) { + efree(PS(id)); + PS(id) = NULL; + } + + /* If there is no ID, use session module to create one */ + while(!PS(id)) { + PS(id) = PS(mod)->s_create_sid((void **)&data, NULL TSRMLS_CC); + if (cnt++ > 3) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to create session ID more than twice. Check your save_path."); + return FAILURE; + } + if (!PS(id) || ps_files_check_collision(data, PS(id) TSRMLS_CC) == FAILURE) { + continue; + } + PS(invalid_session_id) = 0; + if (PS(use_cookies)) { + PS(send_cookie) = 1; + } + } + return SUCCESS; } @@ -342,7 +381,7 @@ PS_READ_FUNC(files) struct stat sbuf; PS_FILES_DATA; - ps_files_open(data, key TSRMLS_CC); + ps_files_open(data, PS(id) TSRMLS_CC); if (data->fd < 0) { return FAILURE; } @@ -454,6 +493,24 @@ PS_GC_FUNC(files) return SUCCESS; } +PS_CREATE_SID_FUNC(files) +{ + char *sid; + PS_FILES_DATA; + + sid = php_session_create_id((void **)&data, newlen TSRMLS_CC); + + if (!sid) { + int newlen, old_hash; + old_hash = PS(hash_func); + PS(hash_func) = PS_HASH_FUNC_SHA1; /* use SHA1 so that it never fails */ + PS(id) = php_session_create_id((void **)&data, &newlen TSRMLS_CC); + PS(hash_func) = old_hash; + } + return sid; +} + + /* * Local variables: * tab-width: 4 diff --git a/ext/session/mod_files.h b/ext/session/mod_files.h index 43ac47f..3cdcad4 100644 --- a/ext/session/mod_files.h +++ b/ext/session/mod_files.h @@ -24,6 +24,6 @@ extern ps_module ps_mod_files; #define ps_files_ptr &ps_mod_files -PS_FUNCS(files); +PS_FUNCS_SID(files); #endif diff --git a/ext/session/mod_mm.c b/ext/session/mod_mm.c index b99dd82..cfa9a3b 100644 --- a/ext/session/mod_mm.c +++ b/ext/session/mod_mm.c @@ -124,7 +124,7 @@ static ps_sd *ps_sd_new(ps_mm *data, const char *key) if (!sd) { TSRMLS_FETCH(); - php_error_docref(NULL TSRMLS_CC, E_WARNING, "mm_malloc failed, avail %d, err %s", mm_available(data->mm), mm_error()); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "mm_malloc failed, avail %ld, err %s", mm_available(data->mm), mm_error()); return NULL; } @@ -208,8 +208,38 @@ static ps_sd *ps_sd_lookup(ps_mm *data, const char *key, int rw) return ret; } +static int ps_mm_validate_sid(ps_mm *data, const char *key) +{ + ps_sd *sd; + + if (php_session_validate_key(key) == FAILURE) { + PS(invalid_session_id) = 1; + php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'"); + return FAILURE; + } + + sd = ps_sd_lookup(data, key, 0); + if (sd) { + return FAILURE; + } + PS(invalid_session_id) = 1; + return SUCCESS; +} + +static int ps_mm_check_collision(ps_mm *data, const char *key) +{ + ps_sd *sd; + + sd = ps_sd_lookup(data, key, 0); + if (sd) { + PS(invalid_session_id) = 1; + return FAILURE; + } + return SUCCESS; +} + ps_module ps_mod_mm = { - PS_MOD(mm) + PS_MOD_SID(mm) }; #define PS_MM_DATA ps_mm *data = PS_GET_MOD_DATA() @@ -257,6 +287,7 @@ static void ps_mm_destroy(ps_mm *data) free(data); } + PHP_MINIT_FUNCTION(ps_mm) { int save_path_len = strlen(PS(save_path)); @@ -314,6 +345,9 @@ PHP_MSHUTDOWN_FUNCTION(ps_mm) PS_OPEN_FUNC(mm) { + int cnt = 0; + PS_MM_DATA; + ps_mm_debug(("open: ps_mm_instance=%p\n", ps_mm_instance)); if (!ps_mm_instance) { @@ -321,6 +355,29 @@ PS_OPEN_FUNC(mm) } PS_SET_MOD_DATA(ps_mm_instance); + /* If there is an ID and strict mode, verify it */ + if (PS(id) && PS(use_strict_mode) + && ps_mm_validate_sid(data, PS(id) TSRMLS_CC) == FAILURE) { + efree(PS(id)); + PS(id) = NULL; + } + + /* If there is no ID, use session module to create one */ + while(!PS(id)) { + PS(id) = PS(mod)->s_create_sid((void **)&data, NULL TSRMLS_CC); + if (cnt++ > 3) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to create session ID more than twice. Check your save_path."); + return FAILURE; + } + if (!PS(id) || ps_mm_check_collision(data, PS(id) TSRMLS_CC) == FAILURE) { + continue; + } + PS(invalid_session_id) = 0; + if (PS(use_cookies)) { + PS(send_cookie) = 1; + } + } + return SUCCESS; } @@ -442,6 +499,24 @@ PS_GC_FUNC(mm) return SUCCESS; } +PS_CREATE_SID_FUNC(mm) +{ + char *sid; + PS_MM_DATA; + + sid = php_session_create_id((void **)&data, newlen); + + if (!sid) { + int newlen, old_hash; + old_hash = PS(hash_func); + PS(hash_func) = PS_HASH_FUNC_SHA1; /* use SHA1 so that it never fails */ + PS(id) = php_session_create_id((void **)&data, &newlen TSRMLS_CC); + PS(hash_func) = old_hash; + } + + return sid; +} + #endif /* diff --git a/ext/session/mod_mm.h b/ext/session/mod_mm.h index adec504..98f7d09 100644 --- a/ext/session/mod_mm.h +++ b/ext/session/mod_mm.h @@ -31,7 +31,7 @@ PHP_MSHUTDOWN_FUNCTION(ps_mm); extern ps_module ps_mod_mm; #define ps_mm_ptr &ps_mod_mm -PS_FUNCS(mm); +PS_FUNCS_SID(mm); #endif #endif diff --git a/ext/session/mod_user.c b/ext/session/mod_user.c index 2ff5302..eb14bb5 100644 --- a/ext/session/mod_user.c +++ b/ext/session/mod_user.c @@ -79,6 +79,7 @@ static zval *ps_call_handler(zval *func, int argc, zval **argv TSRMLS_DC) PS_OPEN_FUNC(user) { zval *args[2]; + int cnt = 0; STDVARS; if (PSF(open) == NULL) { @@ -94,6 +95,25 @@ PS_OPEN_FUNC(user) retval = ps_call_handler(PSF(open), 2, args TSRMLS_CC); PS(mod_user_implemented) = 1; + /* If there is no SID, use session module to create one. + * mod_user do not validate SID, nor check SID collision. + * Users are responsible to do that. + */ + while(!PS(id)) { + PS(id) = php_session_create_id((void **)mod_data, NULL TSRMLS_CC); + if (cnt++ > 3) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to create session ID more than twice. Check your save_path."); + return FAILURE; + } + PS(invalid_session_id) = 0; + } + + if (PS(use_strict_mode) && php_session_validate_key(PS(id)) == FAILURE) { + PS(invalid_session_id) = 1; + php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'"); + return FAILURE; + } + FINISH; } @@ -117,7 +137,7 @@ PS_READ_FUNC(user) zval *args[1]; STDVARS; - SESS_ZVAL_STRING((char*)key, args[0]); + SESS_ZVAL_STRING(PS(id), args[0]); retval = ps_call_handler(PSF(read), 1, args TSRMLS_CC); diff --git a/ext/session/mod_user.h b/ext/session/mod_user.h index ea1980a..a25fa6d 100644 --- a/ext/session/mod_user.h +++ b/ext/session/mod_user.h @@ -24,6 +24,6 @@ extern ps_module ps_mod_user; #define ps_user_ptr &ps_mod_user -PS_FUNCS(user); +PS_FUNCS_SID(user); #endif diff --git a/ext/session/mod_user_class.c b/ext/session/mod_user_class.c index 70d2f40..3a5daee 100644 --- a/ext/session/mod_user_class.c +++ b/ext/session/mod_user_class.c @@ -39,7 +39,7 @@ PHP_METHOD(SessionHandler, open) { char *save_path = NULL, *session_name = NULL; - int save_path_len, session_name_len; + int save_path_len, session_name_len, cnt = 0; PS_SANITY_CHECK; @@ -49,6 +49,25 @@ PHP_METHOD(SessionHandler, open) PS(mod_user_is_open) = 1; RETVAL_BOOL(SUCCESS == PS(default_mod)->s_open(&PS(mod_data), save_path, session_name TSRMLS_CC)); + + /* If there is no SID, use session module to create one. + * mod_user do not validate SID, nor check SID collision. + * Users are responsible to do that. + */ + while(!PS(id)) { + PS(id) = php_session_create_id(&PS(mod_data), NULL TSRMLS_CC); + if (cnt++ > 3) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to create session ID more than twice. Check your save_path."); + return; + } + PS(invalid_session_id) = 0; + } + + if (PS(use_strict_mode) && php_session_validate_key(PS(id)) == FAILURE) { + PS(invalid_session_id) = 1; + php_error_docref(NULL TSRMLS_CC, E_WARNING, "The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'"); + return; + } } /* }}} */ @@ -80,7 +99,7 @@ PHP_METHOD(SessionHandler, read) return; } - if (PS(default_mod)->s_read(&PS(mod_data), key, &val, &val_len TSRMLS_CC) == FAILURE) { + if (PS(default_mod)->s_read(&PS(mod_data), PS(id), &val, &val_len TSRMLS_CC) == FAILURE) { RETVAL_FALSE; return; } diff --git a/ext/session/php_session.h b/ext/session/php_session.h index ba0195b..c2398e6 100644 --- a/ext/session/php_session.h +++ b/ext/session/php_session.h @@ -39,6 +39,8 @@ /* default create id function */ PHPAPI char *php_session_create_id(PS_CREATE_SID_ARGS); +/* default session id validation function */ +PHPAPI int php_session_validate_key(const char *key); typedef struct ps_module_struct { const char *s_name; @@ -75,7 +77,7 @@ typedef struct ps_module_struct { #x, ps_open_##x, ps_close_##x, ps_read_##x, ps_write_##x, \ ps_delete_##x, ps_gc_##x, php_session_create_id -/* SID enabled module handler definitions */ +/* SID creation enabled module handler definitions */ #define PS_FUNCS_SID(x) \ PS_OPEN_FUNC(x); \ PS_CLOSE_FUNC(x); \ @@ -89,6 +91,12 @@ typedef struct ps_module_struct { #x, ps_open_##x, ps_close_##x, ps_read_##x, ps_write_##x, \ ps_delete_##x, ps_gc_##x, ps_create_sid_##x +enum { + PS_HASH_FUNC_MD5, + PS_HASH_FUNC_SHA1, + PS_HASH_FUNC_OTHER +}; + typedef enum { php_session_disabled, php_session_none, @@ -174,6 +182,8 @@ typedef struct _php_ps_globals { smart_str rfc1867_name; /* session.upload_progress.name */ long rfc1867_freq; /* session.upload_progress.freq */ double rfc1867_min_freq; /* session.upload_progress.min_freq */ + + zend_bool use_strict_mode; /* whether or not PHP accepts unknown session ids */ } php_ps_globals; typedef php_ps_globals zend_ps_globals; diff --git a/ext/session/session.c b/ext/session/session.c index 7a8199d..78b46d8 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -231,12 +231,6 @@ static void php_session_decode(const char *val, int vallen TSRMLS_DC) /* {{{ */ static char hexconvtab[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ,-"; -enum { - PS_HASH_FUNC_MD5, - PS_HASH_FUNC_SHA1, - PS_HASH_FUNC_OTHER -}; - /* returns a pointer to the byte after the last valid character in out */ static char *bin_to_readable(char *in, size_t inlen, char *out, char nbits) /* {{{ */ { @@ -425,6 +419,41 @@ PHPAPI char *php_session_create_id(PS_CREATE_SID_ARGS) /* {{{ */ } /* }}} */ +/* Default char validation function allowed by ps_modules. + * If you change the logic here, please also update the error message in + * ps_modules appropriately */ +PHPAPI int php_session_validate_key(const char *key) /* {{{ */ +{ + size_t len; + const char *p; + char c; + int ret = SUCCESS; + + for (p = key; (c = *p); p++) { + /* valid characters are a..z,A..Z,0..9 */ + if (!((c >= 'a' && c <= 'z') + || (c >= 'A' && c <= 'Z') + || (c >= '0' && c <= '9') + || c == ',' + || c == '-')) { + ret = FAILURE; + break; + } + } + + len = p - key; + + /* Somewhat arbitrary length limit here, but should be way more than + anyone needs and avoids file-level warnings later on if we exceed MAX_PATH */ + if (len == 0 || len > 128) { + ret = FAILURE; + } + + return ret; +} +/* }}} */ + + static void php_session_initialize(TSRMLS_D) /* {{{ */ { char *val; @@ -447,9 +476,12 @@ static void php_session_initialize(TSRMLS_D) /* {{{ */ return; } - /* If there is no ID, use session module to create one */ + /* If there is no ID, use session module to create one. + * This code must exist for third party PS module compatibility. + * Third party PS modules should validate PS(id) in open function + * to prevent session adoption and collision. + */ if (!PS(id)) { -new_session: PS(id) = PS(mod)->s_create_sid(&PS(mod_data), NULL TSRMLS_CC); if (PS(use_cookies)) { PS(send_cookie) = 1; @@ -462,16 +494,13 @@ new_session: * it could prove usefull for those sites which wish to have "default" * session information. */ php_session_track_init(TSRMLS_C); - PS(invalid_session_id) = 0; if (PS(mod)->s_read(&PS(mod_data), PS(id), &val, &vallen TSRMLS_CC) == SUCCESS) { php_session_decode(val, vallen TSRMLS_CC); efree(val); - } else if (PS(invalid_session_id)) { /* address instances where the session read fails due to an invalid id */ - PS(invalid_session_id) = 0; - efree(PS(id)); - PS(id) = NULL; - goto new_session; } + /* We should not address read failure here, since it may cause infinate + * loop by db/storage/network/etc errors depending on save handler's implementation. + */ } /* }}} */ @@ -720,6 +749,7 @@ PHP_INI_BEGIN() STD_PHP_INI_BOOLEAN("session.cookie_httponly", "", PHP_INI_ALL, OnUpdateBool, cookie_httponly, php_ps_globals, ps_globals) STD_PHP_INI_BOOLEAN("session.use_cookies", "1", PHP_INI_ALL, OnUpdateBool, use_cookies, php_ps_globals, ps_globals) STD_PHP_INI_BOOLEAN("session.use_only_cookies", "1", PHP_INI_ALL, OnUpdateBool, use_only_cookies, php_ps_globals, ps_globals) + STD_PHP_INI_BOOLEAN("session.use_strict_mode", "1", PHP_INI_ALL, OnUpdateBool, use_strict_mode, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.referer_check", "", PHP_INI_ALL, OnUpdateString, extern_referer_chk, php_ps_globals, ps_globals) #if HAVE_DEV_URANDOM STD_PHP_INI_ENTRY("session.entropy_file", "/dev/urandom", PHP_INI_ALL, OnUpdateString, entropy_file, php_ps_globals, ps_globals) @@ -1720,9 +1750,9 @@ static PHP_FUNCTION(session_save_path) static PHP_FUNCTION(session_id) { char *name = NULL; - int name_len; + int name_len, argc = ZEND_NUM_ARGS(); - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|s", &name, &name_len) == FAILURE) { + if (zend_parse_parameters(argc TSRMLS_CC, "|s", &name, &name_len) == FAILURE) { return; } @@ -1733,10 +1763,14 @@ static PHP_FUNCTION(session_id) } if (name) { - if (PS(id)) { - efree(PS(id)); + if (PS(use_strict_mode) && argc) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot set session ID when session.use_strict_mode is enabled"); + } else { + if (PS(id)) { + efree(PS(id)); + } + PS(id) = estrndup(name, name_len); } - PS(id) = estrndup(name, name_len); } } /* }}} */ diff --git a/ext/session/tests/003.phpt b/ext/session/tests/003.phpt index 03c3b95..8725f06 100644 --- a/ext/session/tests/003.phpt +++ b/ext/session/tests/003.phpt @@ -4,6 +4,7 @@ session object deserialization --INI-- session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.serialize_handler=php session.save_handler=files diff --git a/ext/session/tests/004.phpt b/ext/session/tests/004.phpt index aeb2c8b..4547c65 100644 --- a/ext/session/tests/004.phpt +++ b/ext/session/tests/004.phpt @@ -4,6 +4,7 @@ session_set_save_handler test --INI-- session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.name=PHPSESSID session.serialize_handler=php diff --git a/ext/session/tests/005.phpt b/ext/session/tests/005.phpt index a970e6b..796d9c3 100644 --- a/ext/session/tests/005.phpt +++ b/ext/session/tests/005.phpt @@ -4,6 +4,7 @@ custom save handler, multiple session_start()s, complex data structure test. --INI-- session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.name=PHPSESSID session.serialize_handler=php diff --git a/ext/session/tests/006.phpt b/ext/session/tests/006.phpt index 03fca10..dba6894 100644 --- a/ext/session/tests/006.phpt +++ b/ext/session/tests/006.phpt @@ -4,6 +4,7 @@ correct instantiation of references between variables in sessions --INI-- session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.serialize_handler=php session.save_handler=files diff --git a/ext/session/tests/009.phpt b/ext/session/tests/009.phpt index d73bc23..6d8d11c 100644 --- a/ext/session/tests/009.phpt +++ b/ext/session/tests/009.phpt @@ -4,6 +4,7 @@ unset($_SESSION["name"]); test --INI-- session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.serialize_handler=php session.save_handler=files diff --git a/ext/session/tests/012.phpt b/ext/session/tests/012.phpt index 8708011..c555d2c 100644 --- a/ext/session/tests/012.phpt +++ b/ext/session/tests/012.phpt @@ -4,6 +4,7 @@ registering $_SESSION should not segfault --INI-- session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.serialize_handler=php session.save_handler=files diff --git a/ext/session/tests/013.phpt b/ext/session/tests/013.phpt index 8d0f284..32909eb 100644 --- a/ext/session/tests/013.phpt +++ b/ext/session/tests/013.phpt @@ -4,6 +4,7 @@ redefining SID should not cause warnings --INI-- session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.serialize_handler=php session.save_handler=files diff --git a/ext/session/tests/014.phpt b/ext/session/tests/014.phpt index 73bc28e..cbf22b1 100644 --- a/ext/session/tests/014.phpt +++ b/ext/session/tests/014.phpt @@ -5,6 +5,7 @@ a script should not be able to modify session.use_trans_sid --INI-- session.use_trans_sid=0 session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.name=PHPSESSID session.serialize_handler=php diff --git a/ext/session/tests/015.phpt b/ext/session/tests/015.phpt index 7d7b737..527b86b 100644 --- a/ext/session/tests/015.phpt +++ b/ext/session/tests/015.phpt @@ -6,6 +6,7 @@ use_trans_sid should not affect SID session.use_trans_sid=1 session.use_cookies=0 session.use_only_cookies=0 +session.use_strict_mode=0 session.cache_limiter= arg_separator.output=& session.name=PHPSESSID diff --git a/ext/session/tests/018.phpt b/ext/session/tests/018.phpt index def1f41..5ec132b 100644 --- a/ext/session/tests/018.phpt +++ b/ext/session/tests/018.phpt @@ -5,6 +5,7 @@ rewriter correctly handles attribute names which contain dashes --INI-- session.use_cookies=0 session.use_only_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.use_trans_sid=1 session.name=PHPSESSID diff --git a/ext/session/tests/019.phpt b/ext/session/tests/019.phpt index 3ee8ccd..0f06add 100644 --- a/ext/session/tests/019.phpt +++ b/ext/session/tests/019.phpt @@ -4,6 +4,7 @@ serializing references test case using globals --INI-- session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.serialize_handler=php session.save_handler=files diff --git a/ext/session/tests/020.phpt b/ext/session/tests/020.phpt index f43bac5..7b18424 100644 --- a/ext/session/tests/020.phpt +++ b/ext/session/tests/020.phpt @@ -5,6 +5,7 @@ rewriter uses arg_seperator.output for modifying URLs --INI-- session.use_cookies=0 session.use_only_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.use_trans_sid=1 arg_separator.output="&" diff --git a/ext/session/tests/021.phpt b/ext/session/tests/021.phpt index 1ad3c5d..e199972 100644 --- a/ext/session/tests/021.phpt +++ b/ext/session/tests/021.phpt @@ -5,6 +5,7 @@ rewriter handles form and fieldset tags correctly --INI-- session.use_cookies=0 session.use_only_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.use_trans_sid=1 url_rewriter.tags="a=href,area=href,frame=src,input=src,form=,fieldset=" diff --git a/ext/session/tests/023.phpt b/ext/session/tests/023.phpt index 42b1e5b..592b4a8 100644 --- a/ext/session/tests/023.phpt +++ b/ext/session/tests/023.phpt @@ -4,6 +4,7 @@ session object deserialization --INI-- session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.serialize_handler=php session.save_handler=files diff --git a/ext/session/tests/024.phpt b/ext/session/tests/024.phpt index 2ad2606..2b273e2 100644 --- a/ext/session/tests/024.phpt +++ b/ext/session/tests/024.phpt @@ -4,6 +4,7 @@ session_set_save_handler test --INI-- session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.name=PHPSESSID session.serialize_handler=php diff --git a/ext/session/tests/025.phpt b/ext/session/tests/025.phpt index 4fd095f..a9ad8fb 100644 --- a/ext/session/tests/025.phpt +++ b/ext/session/tests/025.phpt @@ -4,6 +4,7 @@ custom save handler, multiple session_start()s, complex data structure test. --INI-- session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.name=PHPSESSID session.serialize_handler=php diff --git a/ext/session/tests/026.phpt b/ext/session/tests/026.phpt index 06c135d..44f0ae0 100644 --- a/ext/session/tests/026.phpt +++ b/ext/session/tests/026.phpt @@ -4,6 +4,7 @@ correct instantiation of references between variables in sessions --INI-- session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.serialize_handler=php session.save_handler=files diff --git a/ext/session/tests/027.phpt b/ext/session/tests/027.phpt index 600a992..6382852 100644 --- a/ext/session/tests/027.phpt +++ b/ext/session/tests/027.phpt @@ -4,6 +4,7 @@ unset($_SESSION["name"]); should work --INI-- session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.serialize_handler=php session.save_handler=files diff --git a/ext/session/tests/030.phpt b/ext/session/tests/030.phpt index 8d0f284..32909eb 100644 --- a/ext/session/tests/030.phpt +++ b/ext/session/tests/030.phpt @@ -4,6 +4,7 @@ redefining SID should not cause warnings --INI-- session.use_cookies=0 +session.use_strict_mode=0 session.cache_limiter= session.serialize_handler=php session.save_handler=files diff --git a/ext/session/tests/bug41600.phpt b/ext/session/tests/bug41600.phpt index 690347a..5380ee7 100644 --- a/ext/session/tests/bug41600.phpt +++ b/ext/session/tests/bug41600.phpt @@ -7,6 +7,7 @@ session.use_cookies=0 session.use_only_cookies=0 session.cache_limiter= session.use_trans_sid=1 +session.use_strict_mode=0 arg_separator.output="&" session.name=PHPSESSID session.serialize_handler=php diff --git a/ext/session/tests/rfc1867.phpt b/ext/session/tests/rfc1867.phpt index dc44e8b..fb0f506 100644 --- a/ext/session/tests/rfc1867.phpt +++ b/ext/session/tests/rfc1867.phpt @@ -9,6 +9,7 @@ session.save_path= session.name=PHPSESSID session.use_cookies=1 session.use_only_cookies=0 +session.use_strict_mode=0 session.upload_progress.enabled=1 session.upload_progress.cleanup=0 session.upload_progress.prefix=upload_progress_ diff --git a/ext/session/tests/rfc1867_cleanup.phpt b/ext/session/tests/rfc1867_cleanup.phpt index f70b395..c41a7d1 100644 --- a/ext/session/tests/rfc1867_cleanup.phpt +++ b/ext/session/tests/rfc1867_cleanup.phpt @@ -9,6 +9,7 @@ session.save_path= session.name=PHPSESSID session.use_cookies=1 session.use_only_cookies=0 +session.use_strict_mode=0 session.upload_progress.enabled=1 session.upload_progress.cleanup=1 session.upload_progress.prefix=upload_progress_ diff --git a/ext/session/tests/rfc1867_disabled.phpt b/ext/session/tests/rfc1867_disabled.phpt index 4490055..751d590 100644 --- a/ext/session/tests/rfc1867_disabled.phpt +++ b/ext/session/tests/rfc1867_disabled.phpt @@ -9,6 +9,7 @@ session.save_path= session.name=PHPSESSID session.use_cookies=1 session.use_only_cookies=0 +session.use_strict_mode=0 session.upload_progress.enabled=0 session.upload_progress.cleanup=0 session.upload_progress.prefix=upload_progress_ diff --git a/ext/session/tests/rfc1867_disabled_2.phpt b/ext/session/tests/rfc1867_disabled_2.phpt index e878f46..d83b1d9 100644 --- a/ext/session/tests/rfc1867_disabled_2.phpt +++ b/ext/session/tests/rfc1867_disabled_2.phpt @@ -9,6 +9,7 @@ session.save_path= session.name=PHPSESSID session.use_cookies=1 session.use_only_cookies=0 +session.use_strict_mode=0 session.upload_progress.enabled=1 session.upload_progress.cleanup=0 session.upload_progress.prefix=upload_progress_ diff --git a/ext/session/tests/rfc1867_inter.phpt b/ext/session/tests/rfc1867_inter.phpt index 7686371..8e3c136 100644 --- a/ext/session/tests/rfc1867_inter.phpt +++ b/ext/session/tests/rfc1867_inter.phpt @@ -9,6 +9,7 @@ session.save_path= session.name=PHPSESSID session.use_cookies=1 session.use_only_cookies=0 +session.use_strict_mode=0 session.upload_progress.enabled=1 session.upload_progress.cleanup=0 session.upload_progress.prefix=upload_progress_ diff --git a/ext/session/tests/rfc1867_no_name.phpt b/ext/session/tests/rfc1867_no_name.phpt index c1dda81..75928dd 100644 --- a/ext/session/tests/rfc1867_no_name.phpt +++ b/ext/session/tests/rfc1867_no_name.phpt @@ -9,6 +9,7 @@ session.save_path= session.name=PHPSESSID session.use_cookies=1 session.use_only_cookies=0 +session.use_strict_mode=0 session.upload_progress.enabled=1 session.upload_progress.cleanup=0 session.upload_progress.prefix=upload_progress_ diff --git a/ext/session/tests/rfc1867_sid_cookie.phpt b/ext/session/tests/rfc1867_sid_cookie.phpt index 735a5ac..34256f1 100644 --- a/ext/session/tests/rfc1867_sid_cookie.phpt +++ b/ext/session/tests/rfc1867_sid_cookie.phpt @@ -9,6 +9,7 @@ session.save_path= session.name=PHPSESSID session.use_cookies=1 session.use_only_cookies=0 +session.use_strict_mode=0 session.upload_progress.enabled=1 session.upload_progress.cleanup=0 session.upload_progress.prefix=upload_progress_ diff --git a/ext/session/tests/rfc1867_sid_get.phpt b/ext/session/tests/rfc1867_sid_get.phpt index cc5a793..fb48fd8 100644 --- a/ext/session/tests/rfc1867_sid_get.phpt +++ b/ext/session/tests/rfc1867_sid_get.phpt @@ -9,6 +9,7 @@ session.save_path= session.name=PHPSESSID session.use_cookies=1 session.use_only_cookies=0 +session.use_strict_mode=0 session.upload_progress.enabled=1 session.upload_progress.cleanup=0 session.upload_progress.prefix=upload_progress_ diff --git a/ext/session/tests/rfc1867_sid_get_2.phpt b/ext/session/tests/rfc1867_sid_get_2.phpt index 1d22e59..a25d10c 100644 --- a/ext/session/tests/rfc1867_sid_get_2.phpt +++ b/ext/session/tests/rfc1867_sid_get_2.phpt @@ -9,6 +9,7 @@ session.save_path= session.name=PHPSESSID session.use_cookies=0 session.use_only_cookies=0 +session.use_strict_mode=0 session.upload_progress.enabled=1 session.upload_progress.cleanup=0 session.upload_progress.prefix=upload_progress_ diff --git a/ext/session/tests/rfc1867_sid_invalid.phpt b/ext/session/tests/rfc1867_sid_invalid.phpt index b28a2e3..c39dd3c 100644 --- a/ext/session/tests/rfc1867_sid_invalid.phpt +++ b/ext/session/tests/rfc1867_sid_invalid.phpt @@ -9,8 +9,9 @@ session.save_path= session.name=PHPSESSID session.use_cookies=1 session.use_only_cookies=0 +session.use_strict_mode=1 session.auto_start=0 -session.upload_progress.enabled=1 +session.upload_progress.enabled=0 session.upload_progress.cleanup=0 session.upload_progress.prefix=upload_progress_ session.upload_progress.name=PHP_SESSION_UPLOAD_PROGRESS @@ -45,7 +46,6 @@ var_dump($_SESSION["upload_progress_" . basename(__FILE__)]); session_destroy(); ?> --EXPECTF-- -Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0 string(%d) "%s" bool(true) array(2) { diff --git a/ext/session/tests/rfc1867_sid_only_cookie.phpt b/ext/session/tests/rfc1867_sid_only_cookie.phpt index 9a01056..10620b8 100644 --- a/ext/session/tests/rfc1867_sid_only_cookie.phpt +++ b/ext/session/tests/rfc1867_sid_only_cookie.phpt @@ -9,6 +9,7 @@ session.save_path= session.name=PHPSESSID session.use_cookies=1 session.use_only_cookies=1 +session.use_strict_mode=0 session.upload_progress.enabled=1 session.upload_progress.cleanup=0 session.upload_progress.prefix=upload_progress_ diff --git a/ext/session/tests/rfc1867_sid_post.phpt b/ext/session/tests/rfc1867_sid_post.phpt index 7c1eb2d..d35215e 100644 --- a/ext/session/tests/rfc1867_sid_post.phpt +++ b/ext/session/tests/rfc1867_sid_post.phpt @@ -9,6 +9,7 @@ session.save_path= session.name=PHPSESSID session.use_cookies=1 session.use_only_cookies=0 +session.use_strict_mode=0 session.upload_progress.enabled=1 session.upload_progress.cleanup=0 session.upload_progress.prefix=upload_progress_ diff --git a/ext/session/tests/session_commit_variation4.phpt b/ext/session/tests/session_commit_variation4.phpt index 57f4253..69854a6 100644 --- a/ext/session/tests/session_commit_variation4.phpt +++ b/ext/session/tests/session_commit_variation4.phpt @@ -2,6 +2,8 @@ Test session_commit() function : variation --SKIPIF-- +--INI-- +session.use_strict_mode=0 --FILE-- +--INI-- +session.use_strict_mode=0 --FILE-- +--INI-- +session.use_strict_mode=0 --FILE-- +--INI-- +session.use_strict_mode=0 --FILE-- +--INI-- +session.use_strict_mode=0 --FILE-- --FILE-- --INI-- +session.use_strict_mode=0 session.gc_probability=1 session.gc_divisor=1 session.gc_maxlifetime=0 diff --git a/ext/session/tests/session_write_close_variation4.phpt b/ext/session/tests/session_write_close_variation4.phpt index 249c155..9076dcf 100644 --- a/ext/session/tests/session_write_close_variation4.phpt +++ b/ext/session/tests/session_write_close_variation4.phpt @@ -2,6 +2,8 @@ Test session_write_close() function : variation --SKIPIF-- +--INI-- +session.use_strict_mode=0 --FILE--