Address review comments

kocsismate · kocsismate · commit 64fb267eabc2 · 2020-09-11T10:33:53.000+02:00
diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c
@@ -168,7 +168,7 @@ static void ps_files_open(ps_files *data, const char *key)
 		ps_files_close(data);
 
 		if (php_session_valid_key(key) == FAILURE) {
-			php_error_docref(NULL, E_WARNING, "Session ID is too long or contains illegal characters. Valid characters are a-z, A-Z, 0-9, and \"-\"");
+			php_error_docref(NULL, E_WARNING, "Session ID is too long or contains illegal characters. Only the A-Z, a-z, 0-9, \"-\", and \",\" characters are allowed");
 			return;
 		}
 
diff --git a/ext/session/mod_user.c b/ext/session/mod_user.c
@@ -69,7 +69,7 @@ static void ps_call_handler(zval *func, int argc, zval *argv, zval *retval)
 			ret = SUCCESS; \
 		} else { \
 			if (!EG(exception)) { \
-				php_error_docref(NULL, E_WARNING, "Session callback must have a return value of type bool, %s returned", zend_zval_type_name(&retval)); \
+				zend_type_error("Session callback must have a return value of type bool, %s returned", zend_zval_type_name(&retval)); \
 			} \
 			ret = FAILURE; \
 			zval_ptr_dtor(&retval); \
diff --git a/ext/session/session.c b/ext/session/session.c
@@ -2051,13 +2051,6 @@ PHP_FUNCTION(session_set_save_handler)
 		RETURN_THROWS();
 	}
 
-	if (save_handler_check_session() == FAILURE) {
-		RETURN_FALSE;
-	}
-
-	/* remove shutdown function */
-	remove_user_shutdown_function("session_shutdown", sizeof("session_shutdown") - 1);
-
 	/* At this point argc can only be between 6 and PS_NUM_APIS */
 	for (i = 0; i < argc; i++) {
 		if (!zend_is_callable(&args[i], 0, NULL)) {
@@ -2068,6 +2061,13 @@ PHP_FUNCTION(session_set_save_handler)
 		}
 	}
 
+	if (save_handler_check_session() == FAILURE) {
+		RETURN_FALSE;
+	}
+
+	/* remove shutdown function */
+	remove_user_shutdown_function("session_shutdown", sizeof("session_shutdown") - 1);
+
 	if (PS(mod) && PS(mod) != &ps_mod_user) {
 		ini_name = zend_string_init("session.save_handler", sizeof("session.save_handler") - 1, 0);
 		ini_val = zend_string_init("user", sizeof("user") - 1, 0);
@@ -2274,7 +2274,7 @@ PHP_FUNCTION(session_create_id)
 	if (prefix && ZSTR_LEN(prefix)) {
 		if (php_session_valid_key(ZSTR_VAL(prefix)) == FAILURE) {
 			/* E_ERROR raised for security reason. */
-			php_error_docref(NULL, E_WARNING, "Prefix cannot contain special characters. Only alphanumeric and \",\", \"-\" characters are allowed");
+			php_error_docref(NULL, E_WARNING, "Prefix cannot contain special characters. Only the A-Z, a-z, 0-9, \"-\", and \",\" characters are allowed");
 			RETURN_FALSE;
 		} else {
 			smart_str_append(&id, prefix);
@@ -2427,7 +2427,7 @@ static int php_session_start_set_ini(zend_string *varname, zend_string *new_valu
 	return ret;
 }
 
-/* {{{ +   Begin session */
+/* {{{ Begin session */
 PHP_FUNCTION(session_start)
 {
 	zval *options = NULL;
@@ -2470,7 +2470,7 @@ PHP_FUNCTION(session_start)
 							zend_string *tmp_val;
 							zend_string *val = zval_get_tmp_string(value, &tmp_val);
 							if (php_session_start_set_ini(str_idx, val) == FAILURE) {
-								php_error_docref(NULL, E_WARNING, "Option \"%s\" cannot be set", ZSTR_VAL(str_idx));
+								php_error_docref(NULL, E_WARNING, "Setting option \"%s\" failed", ZSTR_VAL(str_idx));
 							}
 							zend_tmp_string_release(tmp_val);
 						}
@@ -2479,7 +2479,7 @@ PHP_FUNCTION(session_start)
 						zend_type_error("%s(): Option \"%s\" must be of type string|int|bool, %s given",
 							get_active_function_name(), ZSTR_VAL(str_idx), zend_zval_type_name(value)
 						);
-						break;
+						RETURN_THROWS();
 				}
 			}
 			(void) num_idx;
diff --git a/ext/session/tests/rfc1867_sid_invalid.phpt b/ext/session/tests/rfc1867_sid_invalid.phpt
@@ -45,14 +45,18 @@ var_dump($_FILES);
 var_dump($_SESSION["upload_progress_" . basename(__FILE__)]);
 session_destroy();
 ?>
+--CLEAN--
+<?php
+@unlink(__DIR__ . DIRECTORY_SEPARATOR . "rfc1867_sid_invalid.post.txt");
+?>
 --EXPECTF--
-Warning: Unknown: Session ID is too long or contains illegal characters. Valid characters are a-z, A-Z, 0-9, and "-" in Unknown on line 0
+Warning: Unknown: Session ID is too long or contains illegal characters. Only the A-Z, a-z, 0-9, "-", and "," characters are allowed in Unknown on line 0
 
 Warning: Unknown: Failed to read session data: files (path: ) in Unknown on line 0
 
 Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct () in Unknown on line 0
 
-Warning: Unknown: Session ID is too long or contains illegal characters. Valid characters are a-z, A-Z, 0-9, and "-" in Unknown on line 0
+Warning: Unknown: Session ID is too long or contains illegal characters. Only the A-Z, a-z, 0-9, "-", and "," characters are allowed in Unknown on line 0
 
 Warning: Unknown: Failed to read session data: files (path: ) in Unknown on line 0
 
diff --git a/ext/session/tests/rfc1867_sid_invalid.post b/ext/session/tests/rfc1867_sid_invalid.post
diff --git a/ext/session/tests/session_set_save_handler_type_error.phpt b/ext/session/tests/session_set_save_handler_type_error.phpt
@@ -0,0 +1,61 @@
+--TEST--
+Test session_set_save_handler() function: interface wrong
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--INI--
+session.name=PHPSESSID
+session.save_handler=files
+--FILE--
+<?php
+
+$validCallback = function () { return true; };
+$deprecatedCallback = function () { return 0; };
+$exceptionCallback = function () { return []; };
+
+ob_start();
+
+try {
+    $ret = session_set_save_handler($exceptionCallback, $validCallback, $validCallback, $validCallback, $validCallback, $validCallback);
+    session_start();
+} catch (TypeError $exception) {
+    echo $exception->getMessage() . "\n";
+}
+
+try {
+    $ret = session_set_save_handler($deprecatedCallback, $validCallback, $validCallback, $validCallback, $validCallback, $validCallback);
+    session_start();
+} catch (TypeError $exception) {
+    echo $exception->getMessage() . "\n";
+}
+
+try {
+    $ret = session_set_save_handler($validCallback, $exceptionCallback, $validCallback, $validCallback, $validCallback, $validCallback);
+    session_start();
+} catch (TypeError $exception) {
+    echo $exception->getMessage() . "\n";
+}
+
+try {
+    $ret = session_set_save_handler($validCallback, $deprecatedCallback, $exceptionCallback, $validCallback, $validCallback, $validCallback);
+    session_start();
+} catch (TypeError $exception) {
+    echo $exception->getMessage() . "\n";
+}
+
+ob_end_flush();
+
+?>
+--EXPECTF--
+Warning: session_start(): Failed to initialize storage module: user (path: ) in %s on line %d
+Session callback must have a return value of type bool, array returned
+
+Deprecated: session_start(): Session callback must have a return value of type bool, int returned in %s on line %d
+
+Warning: session_start(): Failed to read session data: user (%s) in %s on line %d
+
+Warning: session_start(): Failed to read session data: user (path: ) in %s on line %d
+Session callback must have a return value of type bool, array returned
+
+Deprecated: session_start(): Session callback must have a return value of type bool, int returned in %s on line %d
+
+Warning: session_start(): Failed to read session data: user (%s) in %s on line %d
diff --git a/ext/session/tests/session_start_error.phpt b/ext/session/tests/session_start_error.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Test session_start() errors
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--FILE--
+<?php
+
+ob_start();
+
+try {
+    session_start(['option' => new stdClass()]);
+} catch (TypeError $exception) {
+    echo $exception->getMessage() . "\n";
+}
+
+var_dump(session_start(['option' => false]));
+
+ob_end_flush();
+
+?>
+--EXPECTF--
+session_start(): Option "option" must be of type string|int|bool, stdClass given
+
+Warning: session_start(): Setting option "option" failed in %s on line %d
+bool(true)

Original file line number	Diff line number	Diff line change
`@@ -168,7 +168,7 @@ static void ps_files_open(ps_files data, const char key)`
`168`	`168`	`ps_files_close(data);`
`169`	`169`
`170`	`170`	`if (php_session_valid_key(key) == FAILURE) {`
`171`		`- php_error_docref(NULL, E_WARNING, "Session ID is too long or contains illegal characters. Valid characters are a-z, A-Z, 0-9, and \"-\"");`
	`171`	`+ php_error_docref(NULL, E_WARNING, "Session ID is too long or contains illegal characters. Only the A-Z, a-z, 0-9, \"-\", and \",\" characters are allowed");`
`172`	`172`	`return;`
`173`	`173`	`}`
`174`	`174`