From 7d91df4ab40481285ac3e7d3618457ac5801f7b7 Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Thu, 5 Feb 2026 21:23:42 +0000 Subject: [PATCH 1/8] ext/session: remove mod_user_class_name global --- ext/session/php_session.h | 1 - ext/session/session.c | 37 +++++-------------- .../tests/user_session_module/gh7787.phpt | 4 +- 3 files changed, 11 insertions(+), 31 deletions(-) diff --git a/ext/session/php_session.h b/ext/session/php_session.h index 9bf97cca02bf3..ace8c6998cd5b 100644 --- a/ext/session/php_session.h +++ b/ext/session/php_session.h @@ -174,7 +174,6 @@ typedef struct _php_ps_globals { zval ps_validate_sid; zval ps_update_timestamp; } mod_user_names; - zend_string *mod_user_class_name; bool mod_user_implemented; bool mod_user_is_open; bool auto_start; diff --git a/ext/session/session.c b/ext/session/session.c index 7578a038eadd0..1bb2f3a80b69a 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -177,11 +177,6 @@ static void php_rshutdown_session_globals(void) PS(session_vars) = NULL; } - if (PS(mod_user_class_name)) { - zend_string_release(PS(mod_user_class_name)); - PS(mod_user_class_name) = NULL; - } - php_session_cleanup_filename(); /* User save handlers may end up directly here by misuse, bugs in user script, etc. */ @@ -516,9 +511,7 @@ static void php_session_save_current_state(bool write) if (write) { IF_SESSION_VARS() { - zend_string *handler_class_name = PS(mod_user_class_name); - const char *handler_function_name = "write"; - + zval *handler_function = &PS(mod_user_names).ps_write; if (PS(mod_data) || PS(mod_user_implemented)) { zend_string *val; @@ -530,7 +523,7 @@ static void php_session_save_current_state(bool write) && zend_string_equals(val, PS(session_vars)) ) { ret = PS(mod)->s_update_timestamp(&PS(mod_data), PS(id), val, PS(gc_maxlifetime)); - handler_function_name = handler_class_name != NULL ? "updateTimestamp" : "update_timestamp"; + handler_function = &PS(mod_user_names).ps_update_timestamp; } else { ret = PS(mod)->s_write(&PS(mod_data), PS(id), val, PS(gc_maxlifetime)); } @@ -547,14 +540,12 @@ static void php_session_save_current_state(bool write) "is correct (%s)", PS(mod)->s_name, ZSTR_VAL(PS(save_path))); - } else if (handler_class_name != NULL) { - php_error_docref(NULL, E_WARNING, "Failed to write session data using user " - "defined save handler. (session.save_path: %s, handler: %s::%s)", ZSTR_VAL(PS(save_path)), - ZSTR_VAL(handler_class_name), handler_function_name); } else { + zend_string *callable_name = zend_get_callable_name(handler_function); php_error_docref(NULL, E_WARNING, "Failed to write session data using user " "defined save handler. (session.save_path: %s, handler: %s)", ZSTR_VAL(PS(save_path)), - handler_function_name); + ZSTR_VAL(callable_name)); + zend_string_release_ex(callable_name, false); } } } @@ -2115,11 +2106,6 @@ PHP_FUNCTION(session_set_save_handler) RETURN_FALSE; } - if (PS(mod_user_class_name)) { - zend_string_release(PS(mod_user_class_name)); - } - PS(mod_user_class_name) = zend_string_copy(Z_OBJCE_P(obj)->name); - /* Define mandatory handlers */ SESSION_SET_USER_HANDLER_OO_MANDATORY(ps_open, "open"); SESSION_SET_USER_HANDLER_OO_MANDATORY(ps_close, "close"); @@ -2154,7 +2140,8 @@ PHP_FUNCTION(session_set_save_handler) /* Validate ID handler */ SESSION_SET_USER_HANDLER_OO(ps_validate_sid, zend_string_copy(validate_sid_name)); /* Update Timestamp handler */ - SESSION_SET_USER_HANDLER_OO(ps_update_timestamp, zend_string_copy(update_timestamp_name)); + /* We need to provide a new string with the correct casing so that error messages work */ + SESSION_SET_USER_HANDLER_OO(ps_update_timestamp, ZSTR_INIT_LITERAL("updateTimestamp", false)); } else { /* For BC reasons we accept methods even if the class does not implement the interface */ if (zend_hash_find_ptr(object_methods, validate_sid_name)) { @@ -2163,7 +2150,8 @@ PHP_FUNCTION(session_set_save_handler) } if (zend_hash_find_ptr(object_methods, update_timestamp_name)) { /* For BC reasons we accept methods even if the class does not implement the interface */ - SESSION_SET_USER_HANDLER_OO(ps_update_timestamp, zend_string_copy(update_timestamp_name)); + /* We need to provide a new string with the correct casing so that error messages work */ + SESSION_SET_USER_HANDLER_OO(ps_update_timestamp, ZSTR_INIT_LITERAL("updateTimestamp", false)); } } zend_string_release_ex(validate_sid_name, false); @@ -2240,12 +2228,6 @@ PHP_FUNCTION(session_set_save_handler) RETURN_FALSE; } - /* If a custom session handler is already set, release relevant info */ - if (PS(mod_user_class_name)) { - zend_string_release(PS(mod_user_class_name)); - PS(mod_user_class_name) = NULL; - } - /* remove shutdown function */ remove_user_shutdown_function("session_shutdown", strlen("session_shutdown")); @@ -2906,7 +2888,6 @@ static PHP_GINIT_FUNCTION(ps) ps_globals->session_status = php_session_none; ps_globals->default_mod = NULL; ps_globals->mod_user_implemented = false; - ps_globals->mod_user_class_name = NULL; ps_globals->mod_user_is_open = false; ps_globals->session_vars = NULL; ps_globals->set_handler = false; diff --git a/ext/session/tests/user_session_module/gh7787.phpt b/ext/session/tests/user_session_module/gh7787.phpt index 85ce7bd887cb6..ee62e8f049635 100644 --- a/ext/session/tests/user_session_module/gh7787.phpt +++ b/ext/session/tests/user_session_module/gh7787.phpt @@ -84,6 +84,6 @@ Warning: session_write_close(): Failed to write session data using user defined Deprecated: session_set_save_handler(): Providing individual callbacks instead of an object implementing SessionHandlerInterface is deprecated in %s on line %d -Warning: session_write_close(): Failed to write session data using user defined save handler. (session.save_path: %S, handler: write) in %s on line %d +Warning: session_write_close(): Failed to write session data using user defined save handler. (session.save_path: %S, handler: {closure:%s:57}) in %s on line %d -Warning: session_write_close(): Failed to write session data using user defined save handler. (session.save_path: %S, handler: update_timestamp) in %s on line %d +Warning: session_write_close(): Failed to write session data using user defined save handler. (session.save_path: %S, handler: {closure:%s:62}) in %s on line %d From 13da50c280459694a3c4163a20ca1d157bb18f70 Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Fri, 6 Feb 2026 13:13:44 +0000 Subject: [PATCH 2/8] ext/session: refactor session_abort() By making the underlying function return a bool and not do duplicate checks --- ext/session/session.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/ext/session/session.c b/ext/session/session.c index 1bb2f3a80b69a..aa155414b9187 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -101,7 +101,7 @@ zend_class_entry *php_session_update_timestamp_iface_entry; #define APPLY_TRANS_SID (PS(use_trans_sid) && !PS(use_only_cookies)) static zend_result php_session_send_cookie(void); -static zend_result php_session_abort(void); +static bool php_session_abort(void); static void proposed_session_id_to_session_id(const zval *proposed_session_id); /* Initialized in MINIT, readonly otherwise. */ @@ -1735,16 +1735,16 @@ PHPAPI php_session_status php_get_session_status(void) return PS(session_status); } -static zend_result php_session_abort(void) +static bool php_session_abort(void) { if (PS(session_status) == php_session_active) { if (PS(mod_data) || PS(mod_user_implemented)) { PS(mod)->s_close(&PS(mod_data)); } PS(session_status) = php_session_none; - return SUCCESS; + return true; } - return FAILURE; + return false; } static zend_result php_session_reset(void) @@ -2738,11 +2738,7 @@ PHP_FUNCTION(session_abort) RETURN_THROWS(); } - if (PS(session_status) != php_session_active) { - RETURN_FALSE; - } - php_session_abort(); - RETURN_TRUE; + RETURN_BOOL(php_session_abort()); } /* Reset session data from saved session data */ From 8867c14f4bbeefe893672fdcb17f489cc33c5198 Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Fri, 6 Feb 2026 13:14:32 +0000 Subject: [PATCH 3/8] ext/session: refactor session_reset() By making the underlying function return a bool and not do duplicate checks --- ext/session/session.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/ext/session/session.c b/ext/session/session.c index aa155414b9187..260e553377132 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -1747,13 +1747,13 @@ static bool php_session_abort(void) return false; } -static zend_result php_session_reset(void) +static bool php_session_reset(void) { if (PS(session_status) == php_session_active && php_session_initialize() == SUCCESS) { - return SUCCESS; + return true; } - return FAILURE; + return false; } @@ -2748,11 +2748,7 @@ PHP_FUNCTION(session_reset) RETURN_THROWS(); } - if (PS(session_status) != php_session_active) { - RETURN_FALSE; - } - php_session_reset(); - RETURN_TRUE; + RETURN_BOOL(php_session_reset()); } PHP_FUNCTION(session_status) From 6f469cb115a8dabcd0e8c478cfbc26e73714a26a Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Fri, 6 Feb 2026 13:17:38 +0000 Subject: [PATCH 4/8] ext/session: refactor session_write_close() By making the underlying function return a bool and not do duplicate checks --- UPGRADING.INTERNALS | 3 +++ ext/session/php_session.h | 2 +- ext/session/session.c | 12 ++++-------- 3 files changed, 8 insertions(+), 9 deletions(-) diff --git a/UPGRADING.INTERNALS b/UPGRADING.INTERNALS index 27414f52b3754..60615cb67ba60 100644 --- a/UPGRADING.INTERNALS +++ b/UPGRADING.INTERNALS @@ -97,6 +97,9 @@ PHP 8.6 INTERNALS UPGRADE NOTES . Dropped session_options parameter from all methods in mysqlnd_auth. The same information is present in conn->options and should be used instead. +- ext/session: + . php_session_flush() now returns a bool rather than a zend_result. + - ext/standard: . _php_error_log() now has a formal return type of zend_result. . _php_error_log() now accepts zend_string* values instead of char*. diff --git a/ext/session/php_session.h b/ext/session/php_session.h index ace8c6998cd5b..bf6fcbdcf49d1 100644 --- a/ext/session/php_session.h +++ b/ext/session/php_session.h @@ -263,7 +263,7 @@ PHPAPI zend_result php_session_register_serializer(const char *name, zend_result (*decode)(PS_SERIALIZER_DECODE_ARGS)); PHPAPI zend_result php_session_start(void); -PHPAPI zend_result php_session_flush(bool write); +PHPAPI bool php_session_flush(bool write); PHPAPI php_session_status php_get_session_status(void); PHPAPI const ps_module *_php_find_ps_module(const char *name); diff --git a/ext/session/session.c b/ext/session/session.c index 260e553377132..92ed91fbf86f7 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -1720,14 +1720,14 @@ PHPAPI zend_result php_session_start(void) return SUCCESS; } -PHPAPI zend_result php_session_flush(bool write) +PHPAPI bool php_session_flush(bool write) { if (PS(session_status) == php_session_active) { php_session_save_current_state(write); PS(session_status) = php_session_none; - return SUCCESS; + return true; } - return FAILURE; + return false; } PHPAPI php_session_status php_get_session_status(void) @@ -2724,11 +2724,7 @@ PHP_FUNCTION(session_write_close) RETURN_THROWS(); } - if (PS(session_status) != php_session_active) { - RETURN_FALSE; - } - php_session_flush(true); - RETURN_TRUE; + RETURN_BOOL(php_session_flush(true)); } /* Abort session and end session. Session data will not be written */ From b7ba070702c67739770ce790b98020b69d09f1b7 Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Fri, 6 Feb 2026 16:11:36 +0000 Subject: [PATCH 5/8] ext/standard: throw ValueError if argument contains null byte in session_module_name() And fix error message to use 'must not' rather than 'cannot' --- UPGRADING | 4 ++++ ext/session/session.c | 7 +++--- ext/session/tests/bug73100.phpt | 2 +- .../tests/session_module_name_errors.phpt | 22 +++++++++++++++++++ 4 files changed, 30 insertions(+), 5 deletions(-) create mode 100644 ext/session/tests/session_module_name_errors.phpt diff --git a/UPGRADING b/UPGRADING index 830709b2ae23f..04ed537bace78 100644 --- a/UPGRADING +++ b/UPGRADING @@ -23,6 +23,10 @@ PHP 8.6 UPGRADE NOTES . Invalid values now throw in Phar::mungServer() instead of being silently ignored. +- Session: + . A ValueError is not thrown if $name is a string containing null bytes in + session_module_name(). + - Standard: . Invalid mode values now throw in array_filter() instead of being silently defaulted to 0. diff --git a/ext/session/session.c b/ext/session/session.c index 92ed91fbf86f7..e3e17a37fbf1d 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -1996,9 +1996,8 @@ PHP_FUNCTION(session_name) PHP_FUNCTION(session_module_name) { zend_string *name = NULL; - zend_string *ini_name; - if (zend_parse_parameters(ZEND_NUM_ARGS(), "|S!", &name) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS(), "|P!", &name) == FAILURE) { RETURN_THROWS(); } @@ -2015,7 +2014,7 @@ PHP_FUNCTION(session_module_name) if (name) { if (zend_string_equals_ci(name, ZSTR_KNOWN(ZEND_STR_USER))) { - zend_argument_value_error(1, "cannot be \"user\""); + zend_argument_value_error(1, "must not be \"user\""); RETURN_THROWS(); } if (!_php_find_ps_module(ZSTR_VAL(name))) { @@ -2029,7 +2028,7 @@ PHP_FUNCTION(session_module_name) } PS(mod_data) = NULL; - ini_name = ZSTR_INIT_LITERAL("session.save_handler", false); + zend_string *ini_name = ZSTR_INIT_LITERAL("session.save_handler", false); zend_alter_ini_entry(ini_name, name, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); zend_string_release_ex(ini_name, false); } diff --git a/ext/session/tests/bug73100.phpt b/ext/session/tests/bug73100.phpt index 21e698a14aba8..fc9984428726f 100644 --- a/ext/session/tests/bug73100.phpt +++ b/ext/session/tests/bug73100.phpt @@ -24,5 +24,5 @@ bool(true) Warning: session_module_name(): Session save handler module cannot be changed when a session is active (started from %s on line %d) in %s on line %d bool(true) -session_module_name(): Argument #1 ($module) cannot be "user" +session_module_name(): Argument #1 ($module) must not be "user" ===DONE=== diff --git a/ext/session/tests/session_module_name_errors.phpt b/ext/session/tests/session_module_name_errors.phpt new file mode 100644 index 0000000000000..f00171e6584ab --- /dev/null +++ b/ext/session/tests/session_module_name_errors.phpt @@ -0,0 +1,22 @@ +--TEST-- +session_module_name(): errors +--EXTENSIONS-- +session +--FILE-- +getMessage(), PHP_EOL; +} +try { + var_dump(session_module_name("fi\0le")); +} catch (Throwable $e) { + echo $e::class, ': ', $e->getMessage(), PHP_EOL; +} + +?> +--EXPECT-- +ValueError: session_module_name(): Argument #1 ($module) must not be "user" +ValueError: session_module_name(): Argument #1 ($module) must not contain any null bytes From d7cea0b20a505ffb46db54bd6a8168d7e96f0e6d Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Fri, 6 Feb 2026 17:29:20 +0000 Subject: [PATCH 6/8] ext/session: remove session_adapt_url() function This is unused and only exist for the deprecated (and dangerous) GET/POST session ID feature --- UPGRADING.INTERNALS | 1 + ext/session/php_session.h | 2 -- ext/session/session.c | 11 ----------- 3 files changed, 1 insertion(+), 13 deletions(-) diff --git a/UPGRADING.INTERNALS b/UPGRADING.INTERNALS index 60615cb67ba60..062e704fb7a08 100644 --- a/UPGRADING.INTERNALS +++ b/UPGRADING.INTERNALS @@ -99,6 +99,7 @@ PHP 8.6 INTERNALS UPGRADE NOTES - ext/session: . php_session_flush() now returns a bool rather than a zend_result. + . Removed session_adapt_url(). - ext/standard: . _php_error_log() now has a formal return type of zend_result. diff --git a/ext/session/php_session.h b/ext/session/php_session.h index bf6fcbdcf49d1..3b7acf151997e 100644 --- a/ext/session/php_session.h +++ b/ext/session/php_session.h @@ -248,8 +248,6 @@ PHPAPI zend_string *php_session_create_id(PS_CREATE_SID_ARGS); PHPAPI zend_result php_session_validate_sid(PS_VALIDATE_SID_ARGS); PHPAPI zend_result php_session_update_timestamp(PS_UPDATE_TIMESTAMP_ARGS); -PHPAPI void session_adapt_url(const char *url, size_t url_len, char **new_url, size_t *new_len); - PHPAPI zend_result php_session_destroy(void); PHPAPI void php_add_session_var(zend_string *name); PHPAPI zval *php_set_session_var(zend_string *name, zval *state_val, php_unserialize_data_t *var_hash); diff --git a/ext/session/session.c b/ext/session/session.c index e3e17a37fbf1d..550b2bd412945 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -1756,17 +1756,6 @@ static bool php_session_reset(void) return false; } - -/* This API is not used by any PHP modules including session currently. - session_adapt_url() may be used to set Session ID to target url without - starting "URL-Rewriter" output handler. */ -PHPAPI void session_adapt_url(const char *url, size_t url_len, char **new_url, size_t *new_len) -{ - if (APPLY_TRANS_SID && (PS(session_status) == php_session_active)) { - *new_url = php_url_scanner_adapt_single_url(url, url_len, ZSTR_VAL(PS(session_name)), ZSTR_VAL(PS(id)), new_len, true); - } -} - /* ******************************** * Userspace exported functions * ******************************** */ From d204134a1a4e820343ca028ed3f85d2059f4c329 Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Fri, 6 Feb 2026 17:36:40 +0000 Subject: [PATCH 7/8] ext/session: use known 1 char zend_string to update boolean INI setting --- ext/session/session.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ext/session/session.c b/ext/session/session.c index 550b2bd412945..1630c76cf4014 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -1896,7 +1896,7 @@ PHP_FUNCTION(session_set_cookie_params) } if (!secure_null) { ini_name = ZSTR_INIT_LITERAL("session.cookie_secure", false); - result = zend_alter_ini_entry_chars(ini_name, secure ? "1" : "0", 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); + result = zend_alter_ini_entry(ini_name, secure ? ZSTR_CHAR('1') : ZSTR_CHAR('0'), PHP_INI_USER, PHP_INI_STAGE_RUNTIME); zend_string_release_ex(ini_name, false); if (result == FAILURE) { RETVAL_FALSE; @@ -1905,7 +1905,7 @@ PHP_FUNCTION(session_set_cookie_params) } if (!partitioned_null) { ini_name = ZSTR_INIT_LITERAL("session.cookie_partitioned", false); - result = zend_alter_ini_entry_chars(ini_name, partitioned ? "1" : "0", 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); + result = zend_alter_ini_entry(ini_name, partitioned ? ZSTR_CHAR('1') : ZSTR_CHAR('0'), PHP_INI_USER, PHP_INI_STAGE_RUNTIME); zend_string_release_ex(ini_name, false); if (result == FAILURE) { RETVAL_FALSE; @@ -1914,7 +1914,7 @@ PHP_FUNCTION(session_set_cookie_params) } if (!httponly_null) { ini_name = ZSTR_INIT_LITERAL("session.cookie_httponly", false); - result = zend_alter_ini_entry_chars(ini_name, httponly ? "1" : "0", 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); + result = zend_alter_ini_entry(ini_name, httponly ? ZSTR_CHAR('1') : ZSTR_CHAR('0'), PHP_INI_USER, PHP_INI_STAGE_RUNTIME); zend_string_release_ex(ini_name, false); if (result == FAILURE) { RETVAL_FALSE; From 32d07c33781b181b15ce0f9804a8a3c74942cf29 Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Fri, 6 Feb 2026 17:51:48 +0000 Subject: [PATCH 8/8] ext/session: use zend_strings for open handler --- UPGRADING.INTERNALS | 4 ++++ ext/session/mod_files.c | 17 ++++++++++------- ext/session/mod_user.c | 7 +++---- ext/session/mod_user_class.c | 5 ++--- ext/session/php_session.h | 2 +- ext/session/session.c | 4 ++-- 6 files changed, 22 insertions(+), 17 deletions(-) diff --git a/UPGRADING.INTERNALS b/UPGRADING.INTERNALS index 062e704fb7a08..1d8734d9fb076 100644 --- a/UPGRADING.INTERNALS +++ b/UPGRADING.INTERNALS @@ -100,6 +100,10 @@ PHP 8.6 INTERNALS UPGRADE NOTES - ext/session: . php_session_flush() now returns a bool rather than a zend_result. . Removed session_adapt_url(). + . PS_OPEN_ARGS is now defined as + `void **mod_data, zend_string *save_path, zend_string *session_name` + rather than + `void **mod_data, const char *save_path, const char *session_name` - ext/standard: . _php_error_log() now has a formal return type of zend_result. diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c index 869bb1052c6df..87bcb7e3690fc 100644 --- a/ext/session/mod_files.c +++ b/ext/session/mod_files.c @@ -369,19 +369,22 @@ PS_OPEN_FUNC(files) int argc = 0; size_t dirdepth = 0; int filemode = 0600; + const char *used_save_path; - if (*save_path == '\0') { + if (ZSTR_LEN(save_path) == 0) { /* if save path is an empty string, determine the temporary dir */ - save_path = php_get_temporary_directory(); + used_save_path = php_get_temporary_directory(); - if (php_check_open_basedir(save_path)) { + if (php_check_open_basedir(used_save_path)) { return FAILURE; } + } else { + used_save_path = ZSTR_VAL(save_path); } /* split up input parameter */ - last = save_path; - p = strchr(save_path, ';'); + last = used_save_path; + p = strchr(used_save_path, ';'); while (p) { argv[argc++] = last; last = ++p; @@ -407,14 +410,14 @@ PS_OPEN_FUNC(files) return FAILURE; } } - save_path = argv[argc - 1]; + used_save_path = argv[argc - 1]; data = ecalloc(1, sizeof(*data)); data->fd = -1; data->dirdepth = dirdepth; data->filemode = filemode; - data->basedir = zend_string_init(save_path, strlen(save_path), /* persistent */ false); + data->basedir = zend_string_init(used_save_path, strlen(used_save_path), /* persistent */ false); if (PS_GET_MOD_DATA()) { ps_close_files(mod_data); diff --git a/ext/session/mod_user.c b/ext/session/mod_user.c index 5783ca625a4a6..90b91926a62c3 100644 --- a/ext/session/mod_user.c +++ b/ext/session/mod_user.c @@ -83,12 +83,11 @@ PS_OPEN_FUNC(user) { zval args[2]; zval retval; - zend_result ret = FAILURE; ZEND_ASSERT(!Z_ISUNDEF(PSF(open))); - ZVAL_STRING(&args[0], (char*)save_path); - ZVAL_STRING(&args[1], (char*)session_name); + ZVAL_STR(&args[0], zend_string_dup(save_path, false)); + ZVAL_STR(&args[1], zend_string_dup(session_name, false)); zend_try { ps_call_handler(&PSF(open), 2, args, &retval); @@ -102,7 +101,7 @@ PS_OPEN_FUNC(user) PS(mod_user_implemented) = true; - ret = verify_bool_return_type_userland_calls(&retval); + zend_result ret = verify_bool_return_type_userland_calls(&retval); zval_ptr_dtor(&retval); return ret; } diff --git a/ext/session/mod_user_class.c b/ext/session/mod_user_class.c index 1735423e902c4..618cc6bd67965 100644 --- a/ext/session/mod_user_class.c +++ b/ext/session/mod_user_class.c @@ -36,11 +36,10 @@ PHP_METHOD(SessionHandler, open) { - char *save_path = NULL, *session_name = NULL; - size_t save_path_len, session_name_len; + zend_string *save_path, *session_name; zend_result ret; - if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss", &save_path, &save_path_len, &session_name, &session_name_len) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS(), "SS", &save_path, &session_name) == FAILURE) { RETURN_THROWS(); } diff --git a/ext/session/php_session.h b/ext/session/php_session.h index 3b7acf151997e..8c857d29a5fc0 100644 --- a/ext/session/php_session.h +++ b/ext/session/php_session.h @@ -26,7 +26,7 @@ #define PHP_SESSION_VERSION PHP_VERSION /* save handler macros */ -#define PS_OPEN_ARGS void **mod_data, const char *save_path, const char *session_name +#define PS_OPEN_ARGS void **mod_data, zend_string *save_path, zend_string *session_name #define PS_CLOSE_ARGS void **mod_data #define PS_READ_ARGS void **mod_data, zend_string *key, zend_string **val, zend_long maxlifetime #define PS_WRITE_ARGS void **mod_data, zend_string *key, zend_string *val, zend_long maxlifetime diff --git a/ext/session/session.c b/ext/session/session.c index 1630c76cf4014..da4e57ff9a1d3 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -424,7 +424,7 @@ static zend_result php_session_initialize(void) } /* Open session handler first */ - if (PS(mod)->s_open(&PS(mod_data), ZSTR_VAL(PS(save_path)), ZSTR_VAL(PS(session_name))) == FAILURE + if (PS(mod)->s_open(&PS(mod_data), PS(save_path), PS(session_name)) == FAILURE /* || PS(mod_data) == NULL */ /* FIXME: open must set valid PS(mod_data) with success */ ) { php_session_abort(); @@ -2351,7 +2351,7 @@ PHP_FUNCTION(session_regenerate_id) zend_string_release_ex(PS(id), false); PS(id) = NULL; - if (PS(mod)->s_open(&PS(mod_data), ZSTR_VAL(PS(save_path)), ZSTR_VAL(PS(session_name))) == FAILURE) { + if (PS(mod)->s_open(&PS(mod_data), PS(save_path), PS(session_name)) == FAILURE) { PS(session_status) = php_session_none; if (!EG(exception)) { zend_throw_error(NULL, "Failed to open session: %s (path: %s)", PS(mod)->s_name, ZSTR_VAL(PS(save_path)));