@@ -1082,9 +1082,10 @@ PHPAPI int php_session_register_module(const ps_module *ptr) /* {{{ */
1082
1082
/* }}} */
1083
1083
1084
1084
/* Dummy PS module function */
1085
- /* We consider any ID valid, so we return FAILURE to indicate that a session doesn't exist */
1085
+ /* We consider any ID valid (thus also implying that a session with such an ID exists),
1086
+ thus we always return SUCCESS */
1086
1087
PHPAPI int php_session_validate_sid (PS_VALIDATE_SID_ARGS ) {
1087
- return FAILURE ;
1088
+ return SUCCESS ;
1088
1089
}
1089
1090
1090
1091
/* Dummy PS module function */
@@ -2259,18 +2260,24 @@ PHP_FUNCTION(session_regenerate_id)
2259
2260
}
2260
2261
RETURN_THROWS ();
2261
2262
}
2262
- if (PS (use_strict_mode ) && PS (mod )-> s_validate_sid &&
2263
- PS (mod )-> s_validate_sid (& PS (mod_data ), PS (id )) == SUCCESS ) {
2264
- zend_string_release_ex (PS (id ), 0 );
2265
- PS (id ) = PS (mod )-> s_create_sid (& PS (mod_data ));
2266
- if (!PS (id )) {
2267
- PS (mod )-> s_close (& PS (mod_data ));
2268
- PS (session_status ) = php_session_none ;
2269
- if (!EG (exception )) {
2270
- zend_throw_error (NULL , "Failed to create session ID by collision: %s (path: %s)" , PS (mod )-> s_name , PS (save_path ));
2263
+ if (PS (use_strict_mode )) {
2264
+ if ((!PS (mod_user_implemented ) && PS (mod )-> s_validate_sid ) || !Z_ISUNDEF (PS (mod_user_names ).name .ps_validate_sid )) {
2265
+ int limit = 3 ;
2266
+ /* Try to generate non-existing ID */
2267
+ while (limit -- && PS (mod )-> s_validate_sid (& PS (mod_data ), PS (id )) == SUCCESS ) {
2268
+ zend_string_release_ex (PS (id ), 0 );
2269
+ PS (id ) = PS (mod )-> s_create_sid (& PS (mod_data ));
2270
+ if (!PS (id )) {
2271
+ PS (mod )-> s_close (& PS (mod_data ));
2272
+ PS (session_status ) = php_session_none ;
2273
+ if (!EG (exception )) {
2274
+ zend_throw_error (NULL , "Failed to create session ID by collision: %s (path: %s)" , PS (mod )-> s_name , PS (save_path ));
2275
+ }
2276
+ RETURN_THROWS ();
2277
+ }
2271
2278
}
2272
- RETURN_THROWS ();
2273
2279
}
2280
+ // TODO warn that ID cannot be verified? else { }
2274
2281
}
2275
2282
/* Read is required to make new session data at this point. */
2276
2283
if (PS (mod )-> s_read (& PS (mod_data ), PS (id ), & data , PS (gc_maxlifetime )) == FAILURE ) {
@@ -2297,7 +2304,6 @@ PHP_FUNCTION(session_regenerate_id)
2297
2304
/* }}} */
2298
2305
2299
2306
/* {{{ Generate new session ID. Intended for user save handlers. */
2300
- /* This is not used yet */
2301
2307
PHP_FUNCTION (session_create_id )
2302
2308
{
2303
2309
zend_string * prefix = NULL , * new_id ;
@@ -2321,7 +2327,7 @@ PHP_FUNCTION(session_create_id)
2321
2327
int limit = 3 ;
2322
2328
while (limit -- ) {
2323
2329
new_id = PS (mod )-> s_create_sid (& PS (mod_data ));
2324
- if (!PS (mod )-> s_validate_sid ) {
2330
+ if (!PS (mod )-> s_validate_sid || ( PS ( mod_user_implemented ) && Z_ISUNDEF ( PS ( mod_user_names ). name . ps_validate_sid )) ) {
2325
2331
break ;
2326
2332
} else {
2327
2333
/* Detect collision and retry */
0 commit comments