Merge branch 'PHP-8.1' into PHP-8.2

Girgias · Girgias · commit 3579ddaaceb1 · 2022-09-27T15:58:30.000+01:00
* PHP-8.1: Fix GH-9583: session_create_id() fails with user defined save handler that doesn't have a validateId() method
diff --git a/NEWS b/NEWS
@@ -21,6 +21,8 @@ PHP                                                                        NEWS
 - Session:
   . Fixed GH-9584 (Avoid memory corruption when not unregistering custom session
     handler). (ilutov)
+  . Fixed bug GH-9583 (session_create_id() fails with user defined save handler
+      that doesn't have a validateId() method). (Girgias)
 
 - Standard:
   . Revert "Fixed parse_url(): can not recognize port without scheme."
diff --git a/ext/session/session.c b/ext/session/session.c
@@ -1068,8 +1068,9 @@ PHPAPI zend_result php_session_register_module(const ps_module *ptr) /* {{{ */
 /* }}} */
 
 /* Dummy PS module function */
+/* We consider any ID valid, so we return FAILURE to indicate that a session doesn't exist */
 PHPAPI zend_result php_session_validate_sid(PS_VALIDATE_SID_ARGS) {
-	return SUCCESS;
+	return FAILURE;
 }
 
 /* Dummy PS module function */
diff --git a/ext/session/tests/gh9583.phpt b/ext/session/tests/gh9583.phpt
@@ -0,0 +1,45 @@
+--TEST--
+GH-9583: session_create_id() fails with user defined save handler that doesn't have a validateId() method
+--EXTENSIONS--
+session
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--FILE--
+<?php
+
+class SessionHandlerTester implements \SessionHandlerInterface
+{
+
+    public function close(): bool { return true; }
+
+    public function destroy($id): bool { return true; }
+
+    public function gc($max_lifetime): int|false { return 1; }
+
+    public function open($path, $name): bool { return true; }
+
+    public function read($id): string { return ''; }
+
+    public function write($id, $data): bool { return true; }
+
+    //public function create_sid() { return uniqid(); }
+
+    //public function validateId($key) { return true; }
+}
+
+$obj = new SessionHandlerTester();
+ini_set('session.use_strict_mode','1');
+session_set_save_handler($obj);
+session_start();
+
+echo "\nvalidateId() ".(method_exists($obj,'validateId')?('returns '.($obj->validateId(1)?'true':'false')):'is commented out');
+echo "\n";
+$sessionId = session_create_id();
+echo "\nSession ID:".$sessionId;
+echo "\n";
+
+?>
+--EXPECTF--
+validateId() is commented out
+
+Session ID:%s

Original file line number	Diff line number	Diff line change
`@@ -1068,8 +1068,9 @@ PHPAPI zend_result php_session_register_module(const ps_module ptr) / {{{ */`
`1068`	`1068`	`/* }}} */`
`1069`	`1069`
`1070`	`1070`	`/* Dummy PS module function */`
	`1071`	`+/* We consider any ID valid, so we return FAILURE to indicate that a session doesn't exist */`
`1071`	`1072`	`PHPAPI zend_result php_session_validate_sid(PS_VALIDATE_SID_ARGS) {`
`1072`		`- return SUCCESS;`
	`1073`	`+ return FAILURE;`
`1073`	`1074`	`}`
`1074`	`1075`
`1075`	`1076`	`/* Dummy PS module function */`