fixed session encryption in php8 + related test cases

6 files changed, 57 insertions, 13 deletions

diff --git a/src/tests/session_encryption/crypt_session_corrupted_session.phpt b/src/tests/session_encryption/crypt_session_corrupted_session.phpt
index 6f9c287..db3f949 100644
--- a/src/tests/session_encryption/crypt_session_corrupted_session.phpt
+++ b/src/tests/session_encryption/crypt_session_corrupted_session.phpt
@@ -6,7 +6,7 @@ Set a custom session handler
 <?php if (PHP_VERSION_ID >= 70400) print "skip"; ?>
 --INI--
 sp.configuration_file={PWD}/config/config_crypt_session.ini
-session.save_path = "/tmp"
+session.save_path="/tmp"
 --ENV--
 return <<<EOF
 REMOTE_ADDR=127.0.0.1
diff --git a/src/tests/session_encryption/crypt_session_invalid_simul.phpt b/src/tests/session_encryption/crypt_session_invalid_simul.phpt
index cbb80dc..80edb8a 100644
--- a/src/tests/session_encryption/crypt_session_invalid_simul.phpt
+++ b/src/tests/session_encryption/crypt_session_invalid_simul.phpt
@@ -1,9 +1,12 @@
 --TEST--
 SESSION crypt and bad decrypt
 --SKIPIF--
-<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+<?php if (!extension_loaded("snuffleupagus") || PHP_VERSION_ID < 70400) print "skip"; ?>
 --INI--
 sp.configuration_file={PWD}/config/config_crypt_session_simul.ini
+display_errors=0
+log_errors=1
+error_log="{PWD}"/crypt_session_invalid_simul.tmp
 --ENV--
 return <<<EOF
 REMOTE_ADDR=127.0.0.1
@@ -19,9 +22,13 @@ putenv("REMOTE_ADDR=127.0.0.2");
 session_id($id);                        // Recover the session with the previous session_id
 session_start();                        // Re start the session, It will read and decrypt the non empty session
 var_dump($_SESSION);            // Dump the session
+
+echo file_get_contents(dirname(__FILE__) . "/crypt_session_invalid_simul.tmp");
+unlink(dirname(__FILE__) . "/crypt_session_invalid_simul.tmp");
+
 ?>
 --EXPECTF--
-array(1) {
-  ["toto"]=>
-  string(4) "tata"
+array(0) {
 }
+%aPHP Warning:  [snuffleupagus][127.0.0.2][cookie_encryption][simulation] Something went wrong with the decryption of the session. Using the cookie 'as is' instead of decrypting it in %a/crypt_session_invalid_simul.php on line 9
+%aPHP Warning:  session_start(): Failed to decode session object. Session has been destroyed in %a/crypt_session_invalid_simul.php on line 9
diff --git a/src/tests/session_encryption/crypt_session_invalid_simul_php73.phpt b/src/tests/session_encryption/crypt_session_invalid_simul_php73.phpt
new file mode 100644
index 0000000..4d1f747
--- /dev/null
+++ b/src/tests/session_encryption/crypt_session_invalid_simul_php73.phpt
@@ -0,0 +1,33 @@
+--TEST--
+SESSION crypt and bad decrypt
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus") || PHP_VERSION_ID >= 70400) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_crypt_session_simul.ini
+display_errors=0
+log_errors=1
+error_log="{PWD}"/crypt_session_invalid_simul.tmp
+--ENV--
+return <<<EOF
+REMOTE_ADDR=127.0.0.1
+EOF;
+--FILE--
+<?php
+// Do it like that to write (encrypt) the session and then to read (decrypt) the session
+session_start();                        // Start new_session , it will read an empty session
+$_SESSION["toto"] = "tata"; // Encrypt and write the session
+$id = session_id();             // Get the session_id to use it later
+session_write_close();          // Close the session
+putenv("REMOTE_ADDR=127.0.0.2");
+session_id($id);                        // Recover the session with the previous session_id
+session_start();                        // Re start the session, It will read and decrypt the non empty session
+var_dump($_SESSION);            // Dump the session
+
+echo file_get_contents(dirname(__FILE__) . "/crypt_session_invalid_simul.tmp");
+unlink(dirname(__FILE__) . "/crypt_session_invalid_simul.tmp");
+
+?>
+--EXPECTF--
+array(0) {
+}
+%aPHP Warning:  [snuffleupagus][127.0.0.2][cookie_encryption][simulation] Something went wrong with the decryption of the session. Using the cookie 'as is' instead of decrypting it in %a/crypt_session_invalid_simul%a.php on line 9
diff --git a/src/tests/session_encryption/crypt_session_read_uncrypt.phpt b/src/tests/session_encryption/crypt_session_read_uncrypt.phpt
index 5e81b52..e2e1737 100644
--- a/src/tests/session_encryption/crypt_session_read_uncrypt.phpt
+++ b/src/tests/session_encryption/crypt_session_read_uncrypt.phpt
@@ -4,25 +4,28 @@ SESSION crypt/decrypt valid
 <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
 --INI--
 sp.configuration_file={PWD}/config/config_crypt_session_simul.ini
+session.save_path="{PWD}"
+display_errors=0
+log_errors=1
+error_log="{PWD}"/crypt_session_read_uncrypt.tmp
 --ENV--
 return <<<EOF
 REMOTE_ADDR=127.0.0.1
 EOF;
 --FILE--
 <?php
-$current_path = dirname(getcwd()) . "/src/tests/" ;
-ini_set("session.save_path", $current_path);
-
 session_start();
 $id = session_id();                                                                                     // Get the session_id to use it later
-$filename_sess = $current_path . "sess_" . $id;
-file_put_contents($filename_sess, "toto|s:4:\"tata\";");                        // Write a unencrypted session
+$filename_sess = dirname(__FILE__) . "/sess_" . $id;
+file_put_contents($filename_sess, "toto|s:4:\"tata\";");                        // Write unencrypted session
 session_write_close();                                                                                  // Close the session
 
 session_id($id);
 session_start();                                                                                                // Try to read the unencrypted session, it will fail to decrypt but it must return the session
 var_dump($_SESSION);
-echo "OK";
+echo "OK\n";
+echo file_get_contents(dirname(__FILE__) . "/crypt_session_read_uncrypt.tmp");
+unlink(dirname(__FILE__) . "/crypt_session_read_uncrypt.tmp");
 unlink($filename_sess);
 ?>
 --EXPECTF--
@@ -31,3 +34,4 @@ array(1) {
   string(4) "tata"
 }
 OK
+%aPHP Warning:  [snuffleupagus][127.0.0.1][cookie_encryption][simulation] Buffer underflow tentative detected in cookie encryption handling for the session. Using the cookie 'as is' instead of decrypting it in %a/crypt_session_read_uncrypt.php on line 9
diff --git a/src/tests/session_encryption/set_custom_session_handler.phpt b/src/tests/session_encryption/set_custom_session_handler.phpt
index 725ee43..1b81a04 100644
--- a/src/tests/session_encryption/set_custom_session_handler.phpt
+++ b/src/tests/session_encryption/set_custom_session_handler.phpt
@@ -4,7 +4,7 @@ Set a custom session handler
 <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
 --INI--
 sp.configuration_file={PWD}/config/config_crypt_session.ini
-session.save_path = "/tmp"
+session.save_path="/tmp"
 --ENV--
 return <<<EOF
 REMOTE_ADDR=127.0.0.1
diff --git a/src/tests/session_encryption/set_custom_session_handler2.phpt b/src/tests/session_encryption/set_custom_session_handler2.phpt
index 8cc6786..58b6595 100644
--- a/src/tests/session_encryption/set_custom_session_handler2.phpt
+++ b/src/tests/session_encryption/set_custom_session_handler2.phpt
@@ -4,7 +4,7 @@ Set a custom session handler, twice
 <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
 --INI--
 sp.configuration_file={PWD}/config/config_crypt_session.ini
-session.save_path = "/tmp"
+session.save_path="/tmp"
 --ENV--
 return <<<EOF
 REMOTE_ADDR=127.0.0.1