diff options
Diffstat (limited to 'session.c')
| -rw-r--r-- | session.c | 16 |
1 files changed, 8 insertions, 8 deletions
| @@ -59,7 +59,7 @@ static int suhosin_get_session_var(char *name, size_t namelen, zval ***state_var | |||
| 59 | if (SESSION_G(http_session_vars) && SESSION_G(http_session_vars)->type == IS_ARRAY) { | 59 | if (SESSION_G(http_session_vars) && SESSION_G(http_session_vars)->type == IS_ARRAY) { |
| 60 | ret = zend_hash_find(Z_ARRVAL_P(SESSION_G(http_session_vars)), name, namelen + 1, (void **) state_var); | 60 | ret = zend_hash_find(Z_ARRVAL_P(SESSION_G(http_session_vars)), name, namelen + 1, (void **) state_var); |
| 61 | 61 | ||
| 62 | #if PHP_VERSION_ID < 50400 | 62 | #if 0 //PHP_VERSION_ID < 50400 |
| 63 | /* If register_globals is enabled, and | 63 | /* If register_globals is enabled, and |
| 64 | * if there is an entry for the slot in $_SESSION, and | 64 | * if there is an entry for the slot in $_SESSION, and |
| 65 | * if that entry is still set to NULL, and | 65 | * if that entry is still set to NULL, and |
| @@ -123,7 +123,7 @@ static void suhosin_send_cookie(TSRMLS_D) | |||
| 123 | 123 | ||
| 124 | /* The following is requires to be 100% compatible to PHP | 124 | /* The following is requires to be 100% compatible to PHP |
| 125 | versions where the hash extension is not available by default */ | 125 | versions where the hash extension is not available by default */ |
| 126 | #if (PHP_MAJOR_VERSION >= 5 && PHP_MINOR_VERSION >= 3) | 126 | #if 1 //(PHP_MAJOR_VERSION >= 5 && PHP_MINOR_VERSION >= 3) |
| 127 | if (zend_hash_find(EG(ini_directives), "session.hash_bits_per_character", sizeof("session.hash_bits_per_character"), (void **) &ini_entry) == SUCCESS) { | 127 | if (zend_hash_find(EG(ini_directives), "session.hash_bits_per_character", sizeof("session.hash_bits_per_character"), (void **) &ini_entry) == SUCCESS) { |
| 128 | #ifndef ZTS | 128 | #ifndef ZTS |
| 129 | base = (char *) ini_entry->mh_arg2; | 129 | base = (char *) ini_entry->mh_arg2; |
| @@ -155,7 +155,7 @@ static int suhosin_hook_s_read(void **mod_data, const char *key, char **val, int | |||
| 155 | /* protect dumb session handlers */ | 155 | /* protect dumb session handlers */ |
| 156 | if (key == NULL || !key[0] || | 156 | if (key == NULL || !key[0] || |
| 157 | (*mod_data == NULL | 157 | (*mod_data == NULL |
| 158 | #if PHP_VERSION_ID >= 50400 | 158 | #if 1 //PHP_VERSION_ID >= 50400 |
| 159 | && !SESSION_G(mod_user_implemented) | 159 | && !SESSION_G(mod_user_implemented) |
| 160 | #endif | 160 | #endif |
| 161 | )) { | 161 | )) { |
| @@ -169,7 +169,7 @@ regenerate: | |||
| 169 | goto regenerate; | 169 | goto regenerate; |
| 170 | } | 170 | } |
| 171 | } | 171 | } |
| 172 | #if (PHP_MAJOR_VERSION < 5) || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 2) | 172 | #if 0 //(PHP_MAJOR_VERSION < 5) || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 2) |
| 173 | else if (strpbrk(KEY, "\r\n\t <>'\"\\")) { | 173 | else if (strpbrk(KEY, "\r\n\t <>'\"\\")) { |
| 174 | suhosin_log(S_SESSION, "session id ('%s') contains invalid chars - regenerating", KEY); | 174 | suhosin_log(S_SESSION, "session id ('%s') contains invalid chars - regenerating", KEY); |
| 175 | if (!SUHOSIN_G(simulation)) { | 175 | if (!SUHOSIN_G(simulation)) { |
| @@ -209,7 +209,7 @@ static int suhosin_hook_s_write(void **mod_data, const char *key, const char *va | |||
| 209 | /* protect dumb session handlers */ | 209 | /* protect dumb session handlers */ |
| 210 | if (key == NULL || !key[0] || val == NULL || strlen(key) > SUHOSIN_G(session_max_id_length) || | 210 | if (key == NULL || !key[0] || val == NULL || strlen(key) > SUHOSIN_G(session_max_id_length) || |
| 211 | (*mod_data == NULL | 211 | (*mod_data == NULL |
| 212 | #if PHP_VERSION_ID >= 50400 | 212 | #if 1 //PHP_VERSION_ID >= 50400 |
| 213 | && !SESSION_G(mod_user_implemented) | 213 | && !SESSION_G(mod_user_implemented) |
| 214 | #endif | 214 | #endif |
| 215 | )) { | 215 | )) { |
| @@ -257,7 +257,7 @@ static int suhosin_hook_s_destroy(void **mod_data, const char *key TSRMLS_DC) | |||
| 257 | /* protect dumb session handlers */ | 257 | /* protect dumb session handlers */ |
| 258 | if (key == NULL || !key[0] || strlen(key) > SUHOSIN_G(session_max_id_length) || | 258 | if (key == NULL || !key[0] || strlen(key) > SUHOSIN_G(session_max_id_length) || |
| 259 | (*mod_data == NULL | 259 | (*mod_data == NULL |
| 260 | #if PHP_VERSION_ID >= 50400 | 260 | #if 1 //PHP_VERSION_ID >= 50400 |
| 261 | && !SESSION_G(mod_user_implemented) | 261 | && !SESSION_G(mod_user_implemented) |
| 262 | #endif | 262 | #endif |
| 263 | )) { | 263 | )) { |
| @@ -343,7 +343,7 @@ void suhosin_hook_session(TSRMLS_D) | |||
| 343 | return; | 343 | return; |
| 344 | } | 344 | } |
| 345 | /* retrieve globals from module entry struct if possible */ | 345 | /* retrieve globals from module entry struct if possible */ |
| 346 | #if PHP_VERSION_ID >= 50200 | 346 | #if 1 //PHP_VERSION_ID >= 50200 |
| 347 | #ifdef ZTS | 347 | #ifdef ZTS |
| 348 | if (session_globals_id == 0) { | 348 | if (session_globals_id == 0) { |
| 349 | session_globals_id = *module->globals_id_ptr; | 349 | session_globals_id = *module->globals_id_ptr; |
| @@ -401,7 +401,7 @@ void suhosin_hook_session(TSRMLS_D) | |||
| 401 | suhosin_hook_session_module(TSRMLS_C); | 401 | suhosin_hook_session_module(TSRMLS_C); |
| 402 | 402 | ||
| 403 | /* Protect the PHP serializer from ! attacks */ | 403 | /* Protect the PHP serializer from ! attacks */ |
| 404 | # if PHP_MAJOR_VERSION > 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 2) | 404 | #if 1 //PHP_MAJOR_VERSION > 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 2) |
| 405 | serializer = (ps_serializer *) SESSION_G(serializer); | 405 | serializer = (ps_serializer *) SESSION_G(serializer); |
| 406 | if (serializer != NULL && strcmp(serializer->name, "php")==0) { | 406 | if (serializer != NULL && strcmp(serializer->name, "php")==0) { |
| 407 | serializer->encode = suhosin_session_encode; | 407 | serializer->encode = suhosin_session_encode; |