Skip to content

[pull] master from php:master #715

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pull merged 4 commits into from
Feb 6, 2026
Merged

[pull] master from php:master #715

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
a2c6e6f
ext/session: remove PS_ENCODE_VARS
Girgias Feb 5, 2026
b657def
ext/session: remove unused macros
Girgias Feb 5, 2026
3a142e7
ext/session: remove unused progress parameter in early_find_sid_in()
Girgias Feb 5, 2026
31b0055
ext/session: add const qualifiers
Girgias Feb 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 3 additions & 21 deletions ext/session/php_session.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -273,38 +273,20 @@ PHPAPI const ps_serializer *_php_find_ps_serializer(const char *name);
PHPAPI zend_result php_session_valid_key(const char *key);
PHPAPI zend_result php_session_reset_id(void);

#define PS_ADD_VARL(name) do { \
php_add_session_var(name); \
} while (0)

#define PS_ADD_VAR(name) PS_ADD_VARL(name)

#define PS_DEL_VARL(name) do { \
if (!Z_ISNULL(PS(http_session_vars))) { \
zend_hash_del(Z_ARRVAL(PS(http_session_vars)), name); \
} \
} while (0)


#define PS_ENCODE_VARS \
zend_string *key; \
zend_ulong num_key; \
zval *struc;

/* Do not use a return statement in `code` because that may leak memory.
* Break out of the loop instead. */
#define PS_ENCODE_LOOP(code) do { \
zval _zv; \
/* protect against user interference */ \
ZVAL_COPY(&_zv, Z_REFVAL(PS(http_session_vars))); \
HashTable *_ht = Z_ARRVAL(_zv); \
ZEND_HASH_FOREACH_KEY(_ht, num_key, key) { \
ZEND_HASH_FOREACH_KEY(Z_ARRVAL(_zv), zend_ulong num_key, zend_string * key) { \
if (key == NULL) { \
php_error_docref(NULL, E_WARNING, \
"Skipping numeric key " ZEND_LONG_FMT, num_key);\
continue; \
} \
if ((struc = php_get_session_var(key))) { \
zval *struc = php_get_session_var(key); \
if (struc) { \
code; \
} \
} ZEND_HASH_FOREACH_END(); \
Expand Down
66 changes: 28 additions & 38 deletions ext/session/session.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ zend_class_entry *php_session_update_timestamp_iface_entry;

static zend_result php_session_send_cookie(void);
static zend_result php_session_abort(void);
static void proposed_session_id_to_session_id(zval *proposed_session_id);
static void proposed_session_id_to_session_id(const zval *proposed_session_id);

/* Initialized in MINIT, readonly otherwise. */
static int my_module_number = 0;
Expand Down Expand Up @@ -286,7 +286,7 @@ static ZEND_COLD void php_session_cancel_decode(void)
php_error_docref(NULL, E_WARNING, "Failed to decode session object. Session has been destroyed");
}

static zend_result php_session_decode(zend_string *data)
static zend_result php_session_decode(const zend_string *data)
{
ZEND_ASSERT(PS(serializer));
zend_result result = SUCCESS;
Expand Down Expand Up @@ -567,8 +567,6 @@ static void php_session_save_current_state(bool write)

static void php_session_normalize_vars(void)
{
PS_ENCODE_VARS;

IF_SESSION_VARS() {
PS_ENCODE_LOOP(
if (Z_TYPE_P(struc) == IS_PTR) {
Expand Down Expand Up @@ -655,17 +653,17 @@ static PHP_INI_MH(OnUpdateSaveDir)

/* Only do the open_basedir check at runtime */
if (stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) {
char *p;

if (memchr(ZSTR_VAL(new_value), '\0', ZSTR_LEN(new_value)) != NULL) {
return FAILURE;
}

/* we do not use zend_memrchr() since path can contain ; itself */
if ((p = strchr(ZSTR_VAL(new_value), ';'))) {
char *p2;
const char *p = strchr(ZSTR_VAL(new_value), ';');
if (p) {
p++;
if ((p2 = strchr(p, ';'))) {

const char *p2 = strchr(p, ';');
if (p2) {
p = p2 + 1;
}
} else {
Expand Down Expand Up @@ -988,7 +986,6 @@ PS_SERIALIZER_ENCODE_FUNC(php_binary)
{
smart_str buf = {0};
php_serialize_data_t var_hash;
PS_ENCODE_VARS;

PHP_VAR_SERIALIZE_INIT(var_hash);

Expand Down Expand Up @@ -1052,7 +1049,6 @@ PS_SERIALIZER_ENCODE_FUNC(php)
smart_str buf = {0};
php_serialize_data_t var_hash;
bool fail = false;
PS_ENCODE_VARS;

PHP_VAR_SERIALIZE_INIT(var_hash);

Expand Down Expand Up @@ -1197,7 +1193,7 @@ PHPAPI zend_result php_session_update_timestamp(PS_UPDATE_TIMESTAMP_ARGS) {
****************** */

typedef struct {
char *name;
const char *name;
void (*func)(void);
} php_session_cache_limiter_t;

Expand Down Expand Up @@ -1472,8 +1468,6 @@ PHPAPI const ps_serializer *_php_find_ps_serializer(const char *name)

static bool should_invalidate_session_for_external_referer(void)
{
zval *referer_data;

/* No external referer check configured */
if (!PS(id) || PS(extern_referer_chk)[0] == '\0') {
return false;
Expand All @@ -1485,7 +1479,7 @@ static bool should_invalidate_session_for_external_referer(void)
}

/* Get HTTP_REFERER header */
referer_data = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), ZEND_STRL("HTTP_REFERER"));
const zval *referer_data = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), ZEND_STRL("HTTP_REFERER"));
if (!referer_data || Z_TYPE_P(referer_data) != IS_STRING || Z_STRLEN_P(referer_data) == 0) {
return false;
}
Expand All @@ -1496,7 +1490,7 @@ static bool should_invalidate_session_for_external_referer(void)

static void try_find_session_id_in_global(const char *global_name, size_t global_name_len)
{
zval *global_data, *potential_session_id;
zval *global_data;

if (PS(id)) {
return;
Expand All @@ -1512,7 +1506,7 @@ static void try_find_session_id_in_global(const char *global_name, size_t global
return;
}

potential_session_id = zend_hash_find(Z_ARRVAL_P(global_data), PS(session_name));
const zval *potential_session_id = zend_hash_find(Z_ARRVAL_P(global_data), PS(session_name));
if (potential_session_id) {
proposed_session_id_to_session_id(potential_session_id);
}
Expand Down Expand Up @@ -1541,7 +1535,7 @@ static bool php_can_change_session_setting(const char *setting_name, bool check_

static void try_find_session_id_in_cookies(void)
{
zval *cookie_data, *potential_session_id;
zval *cookie_data;

if (!PS(use_cookies) || PS(id)) {
return;
Expand All @@ -1557,15 +1551,15 @@ static void try_find_session_id_in_cookies(void)
return;
}

potential_session_id = zend_hash_find(Z_ARRVAL_P(cookie_data), PS(session_name));
const zval *potential_session_id = zend_hash_find(Z_ARRVAL_P(cookie_data), PS(session_name));
if (potential_session_id) {
proposed_session_id_to_session_id(potential_session_id);
PS(send_cookie) = false;
PS(define_sid) = false;
}
}

static void proposed_session_id_to_session_id(zval *proposed_session_id) {
static void proposed_session_id_to_session_id(const zval *proposed_session_id) {
ZVAL_DEREF(proposed_session_id);
if (Z_TYPE_P(proposed_session_id) == IS_STRING) {
PS(id) = zend_string_copy(Z_STR_P(proposed_session_id));
Expand Down Expand Up @@ -1658,7 +1652,7 @@ PHPAPI zend_result php_session_reset_id(void)

PHPAPI zend_result php_session_start(void)
{
char *value;
const char *value;

switch (PS(session_status)) {
case php_session_active:
Expand Down Expand Up @@ -2835,18 +2829,14 @@ static zend_result php_rinit_session(bool auto_start)

PS(mod) = NULL;
{
char *value;

value = zend_ini_string(ZEND_STRL("session.save_handler"), false);
const char *value = zend_ini_string(ZEND_STRL("session.save_handler"), false);
if (value) {
PS(mod) = _php_find_ps_module(value);
}
}

if (PS(serializer) == NULL) {
char *value;

value = zend_ini_string(ZEND_STRL("session.serialize_handler"), false);
const char *value = zend_ini_string(ZEND_STRL("session.serialize_handler"), false);
if (value) {
PS(serializer) = _php_find_ps_serializer(value);
}
Expand Down Expand Up @@ -3051,7 +3041,7 @@ static PHP_MINFO_FUNCTION(session)
* Upload hook handling *
************************ */

static bool early_find_sid_in(zval *dest, int where, php_session_rfc1867_progress *progress)
static bool early_find_sid_in(zval *dest, int where)
{
zval *potential_session_id;

Expand All @@ -3074,7 +3064,7 @@ static void php_session_rfc1867_early_find_sid(php_session_rfc1867_progress *pro

if (PS(use_cookies)) {
sapi_module.treat_data(PARSE_COOKIE, NULL, NULL);
if (early_find_sid_in(&progress->sid, TRACK_VARS_COOKIE, progress)) {
if (early_find_sid_in(&progress->sid, TRACK_VARS_COOKIE)) {
progress->apply_trans_sid = false;
return;
}
Expand All @@ -3083,10 +3073,10 @@ static void php_session_rfc1867_early_find_sid(php_session_rfc1867_progress *pro
return;
}
sapi_module.treat_data(PARSE_GET, NULL, NULL);
early_find_sid_in(&progress->sid, TRACK_VARS_GET, progress);
early_find_sid_in(&progress->sid, TRACK_VARS_GET);
}

static bool php_check_cancel_upload(php_session_rfc1867_progress *progress)
static bool php_check_cancel_upload(const php_session_rfc1867_progress *progress)
{
zval *progress_ary, *cancel_upload;

Expand Down Expand Up @@ -3136,7 +3126,7 @@ static void php_session_rfc1867_update(php_session_rfc1867_progress *progress, b
php_session_flush(true);
}

static void php_session_rfc1867_cleanup(php_session_rfc1867_progress *progress)
static void php_session_rfc1867_cleanup(const php_session_rfc1867_progress *progress)
{
php_session_initialize();
PS(session_status) = php_session_active;
Expand Down Expand Up @@ -3164,14 +3154,14 @@ static zend_result php_session_rfc1867_callback(unsigned int event, void *event_

switch(event) {
case MULTIPART_EVENT_START: {
multipart_event_start *data = (multipart_event_start *) event_data;
const multipart_event_start *data = event_data;
progress = ecalloc(1, sizeof(php_session_rfc1867_progress));
progress->content_length = data->content_length;
PS(rfc1867_progress) = progress;
}
break;
case MULTIPART_EVENT_FORMDATA: {
multipart_event_formdata *data = (multipart_event_formdata *) event_data;
const multipart_event_formdata *data = event_data;
size_t value_len;

if (Z_TYPE(progress->sid) && progress->key.s) {
Expand Down Expand Up @@ -3204,7 +3194,7 @@ static zend_result php_session_rfc1867_callback(unsigned int event, void *event_
}
break;
case MULTIPART_EVENT_FILE_START: {
multipart_event_file_start *data = (multipart_event_file_start *) event_data;
const multipart_event_file_start *data = event_data;

/* Do nothing when $_POST["PHP_SESSION_UPLOAD_PROGRESS"] is not set
* or when we have no session id */
Expand Down Expand Up @@ -3265,7 +3255,7 @@ static zend_result php_session_rfc1867_callback(unsigned int event, void *event_
}
break;
case MULTIPART_EVENT_FILE_DATA: {
multipart_event_file_data *data = (multipart_event_file_data *) event_data;
const multipart_event_file_data *data = event_data;

if (!Z_TYPE(progress->sid) || !progress->key.s) {
break;
Expand All @@ -3278,7 +3268,7 @@ static zend_result php_session_rfc1867_callback(unsigned int event, void *event_
}
break;
case MULTIPART_EVENT_FILE_END: {
multipart_event_file_end *data = (multipart_event_file_end *) event_data;
const multipart_event_file_end *data = event_data;

if (!Z_TYPE(progress->sid) || !progress->key.s) {
break;
Expand All @@ -3297,7 +3287,7 @@ static zend_result php_session_rfc1867_callback(unsigned int event, void *event_
}
break;
case MULTIPART_EVENT_END: {
multipart_event_end *data = (multipart_event_end *) event_data;
const multipart_event_end *data = event_data;

if (Z_TYPE(progress->sid) && progress->key.s) {
if (PS(rfc1867_cleanup)) {
Expand Down