From 3bf0ded4741ad54f40c6a98d5a4fbc366a257dfc Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Sat, 5 Jul 2025 14:25:15 +0100 Subject: [PATCH 01/11] ext/session: convert some globals to zend_string This prevents some strlen computations --- ext/session/php_session.h | 4 ++-- ext/session/session.c | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ext/session/php_session.h b/ext/session/php_session.h index dfa7632e5a447..78f9973a36d87 100644 --- a/ext/session/php_session.h +++ b/ext/session/php_session.h @@ -191,8 +191,8 @@ typedef struct _php_ps_globals { zend_long sid_bits_per_character; php_session_rfc1867_progress *rfc1867_progress; - char *rfc1867_prefix; /* session.upload_progress.prefix */ - char *rfc1867_name; /* session.upload_progress.name */ + zend_string *rfc1867_prefix; /* session.upload_progress.prefix */ + zend_string *rfc1867_name; /* session.upload_progress.name */ zend_long rfc1867_freq; /* session.upload_progress.freq */ double rfc1867_min_freq; /* session.upload_progress.min_freq */ bool rfc1867_enabled; /* session.upload_progress.enabled */ diff --git a/ext/session/session.c b/ext/session/session.c index 7b677249fb41b..bcc35eb433c69 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -919,9 +919,9 @@ PHP_INI_BEGIN() STD_PHP_INI_BOOLEAN("session.upload_progress.cleanup", "1", ZEND_INI_PERDIR, OnUpdateBool, rfc1867_cleanup, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.upload_progress.prefix", - "upload_progress_", ZEND_INI_PERDIR, OnUpdateString, rfc1867_prefix, php_ps_globals, ps_globals) + "upload_progress_", ZEND_INI_PERDIR, OnUpdateStr, rfc1867_prefix, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.upload_progress.name", - "PHP_SESSION_UPLOAD_PROGRESS", ZEND_INI_PERDIR, OnUpdateString, rfc1867_name, php_ps_globals, ps_globals) + "PHP_SESSION_UPLOAD_PROGRESS", ZEND_INI_PERDIR, OnUpdateStr, rfc1867_name, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.upload_progress.freq", "1%", ZEND_INI_PERDIR, OnUpdateRfc1867Freq, rfc1867_freq, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.upload_progress.min_freq", "1", ZEND_INI_PERDIR, OnUpdateReal, rfc1867_min_freq,php_ps_globals, ps_globals) @@ -3155,9 +3155,9 @@ static zend_result php_session_rfc1867_callback(unsigned int event, void *event_ if (name_len == progress->sname_len && memcmp(data->name, PS(session_name), name_len) == 0) { zval_ptr_dtor(&progress->sid); ZVAL_STRINGL(&progress->sid, (*data->value), value_len); - } else if (name_len == strlen(PS(rfc1867_name)) && memcmp(data->name, PS(rfc1867_name), name_len + 1) == 0) { + } else if (zend_string_equals_cstr(PS(rfc1867_name), data->name, name_len)) { smart_str_free(&progress->key); - smart_str_appends(&progress->key, PS(rfc1867_prefix)); + smart_str_append(&progress->key, PS(rfc1867_prefix)); smart_str_appendl(&progress->key, *data->value, value_len); smart_str_0(&progress->key); From d7eec41a57239f9d605a69e7ae2d983cd7c644d7 Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Sat, 5 Jul 2025 14:27:26 +0100 Subject: [PATCH 02/11] ext/session: copy zstr instead of initializing a new one --- ext/session/session.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ext/session/session.c b/ext/session/session.c index bcc35eb433c69..9cbdacb02a7e6 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -1485,7 +1485,7 @@ PHPAPI const ps_serializer *_php_find_ps_serializer(const char *name) static void ppid2sid(zval *ppid) { ZVAL_DEREF(ppid); if (Z_TYPE_P(ppid) == IS_STRING) { - PS(id) = zend_string_init(Z_STRVAL_P(ppid), Z_STRLEN_P(ppid), 0); + PS(id) = zend_string_copy(Z_STR_P(ppid)); PS(send_cookie) = 0; } else { PS(id) = NULL; @@ -3199,7 +3199,7 @@ static zend_result php_session_rfc1867_callback(unsigned int event, void *event_ progress->post_bytes_processed = zend_hash_str_find(Z_ARRVAL(progress->data), "bytes_processed", sizeof("bytes_processed") - 1); php_rinit_session(0); - PS(id) = zend_string_init(Z_STRVAL(progress->sid), Z_STRLEN(progress->sid), 0); + PS(id) = zend_string_copy(Z_STR(progress->sid)); if (progress->apply_trans_sid) { /* Enable trans sid by modifying flags */ PS(use_trans_sid) = 1; From aae8ba58575553e74d9fa8e113924b62df34a347 Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Sat, 5 Jul 2025 14:42:53 +0100 Subject: [PATCH 03/11] ext/session: Concert save_path to zstr --- ext/session/php_session.h | 2 +- ext/session/session.c | 37 ++++++++++++++++++------------------- 2 files changed, 19 insertions(+), 20 deletions(-) diff --git a/ext/session/php_session.h b/ext/session/php_session.h index 78f9973a36d87..af714fd75b3af 100644 --- a/ext/session/php_session.h +++ b/ext/session/php_session.h @@ -139,7 +139,7 @@ typedef struct _php_session_rfc1867_progress { } php_session_rfc1867_progress; typedef struct _php_ps_globals { - char *save_path; + zend_string *save_path; char *session_name; zend_string *id; char *extern_referer_chk; diff --git a/ext/session/session.c b/ext/session/session.c index 9cbdacb02a7e6..b571db0535078 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -425,12 +425,12 @@ static zend_result php_session_initialize(void) } /* Open session handler first */ - if (PS(mod)->s_open(&PS(mod_data), PS(save_path), PS(session_name)) == FAILURE + if (PS(mod)->s_open(&PS(mod_data), ZSTR_VAL(PS(save_path)), PS(session_name)) == FAILURE /* || PS(mod_data) == NULL */ /* FIXME: open must set valid PS(mod_data) with success */ ) { php_session_abort(); if (!EG(exception)) { - php_error_docref(NULL, E_WARNING, "Failed to initialize storage module: %s (path: %s)", PS(mod)->s_name, PS(save_path)); + php_error_docref(NULL, E_WARNING, "Failed to initialize storage module: %s (path: %s)", PS(mod)->s_name, ZSTR_VAL(PS(save_path))); } return FAILURE; } @@ -444,7 +444,7 @@ static zend_result php_session_initialize(void) if (!PS(id)) { php_session_abort(); if (!EG(exception)) { - zend_throw_error(NULL, "Failed to create session ID: %s (path: %s)", PS(mod)->s_name, PS(save_path)); + zend_throw_error(NULL, "Failed to create session ID: %s (path: %s)", PS(mod)->s_name, ZSTR_VAL(PS(save_path))); } return FAILURE; } @@ -477,7 +477,7 @@ static zend_result php_session_initialize(void) php_session_abort(); /* FYI: Some broken save handlers return FAILURE for non-existent session ID, this is incorrect */ if (!EG(exception)) { - php_error_docref(NULL, E_WARNING, "Failed to read session data: %s (path: %s)", PS(mod)->s_name, PS(save_path)); + php_error_docref(NULL, E_WARNING, "Failed to read session data: %s (path: %s)", PS(mod)->s_name, ZSTR_VAL(PS(save_path))); } return FAILURE; } @@ -544,14 +544,14 @@ static void php_session_save_current_state(int write) "verify that the current setting of session.save_path " "is correct (%s)", PS(mod)->s_name, - PS(save_path)); + ZSTR_VAL(PS(save_path))); } else if (handler_class_name != NULL) { php_error_docref(NULL, E_WARNING, "Failed to write session data using user " - "defined save handler. (session.save_path: %s, handler: %s::%s)", PS(save_path), + "defined save handler. (session.save_path: %s, handler: %s::%s)", ZSTR_VAL(PS(save_path)), ZSTR_VAL(handler_class_name), handler_function_name); } else { php_error_docref(NULL, E_WARNING, "Failed to write session data using user " - "defined save handler. (session.save_path: %s, handler: %s)", PS(save_path), + "defined save handler. (session.save_path: %s, handler: %s)", ZSTR_VAL(PS(save_path)), handler_function_name); } } @@ -675,7 +675,7 @@ static PHP_INI_MH(OnUpdateSaveDir) } } - return OnUpdateString(entry, new_value, mh_arg1, mh_arg2, mh_arg3, stage); + return OnUpdateStr(entry, new_value, mh_arg1, mh_arg2, mh_arg3, stage); } @@ -2218,7 +2218,6 @@ PHP_FUNCTION(session_set_save_handler) PHP_FUNCTION(session_save_path) { zend_string *name = NULL; - zend_string *ini_name; if (zend_parse_parameters(ZEND_NUM_ARGS(), "|P!", &name) == FAILURE) { RETURN_THROWS(); @@ -2234,12 +2233,12 @@ PHP_FUNCTION(session_save_path) RETURN_FALSE; } - RETVAL_STRING(PS(save_path)); + RETVAL_STRINGL(ZSTR_VAL(PS(save_path)), ZSTR_LEN(PS(save_path))); if (name) { - ini_name = ZSTR_INIT_LITERAL("session.save_path", 0); + zend_string *ini_name = ZSTR_INIT_LITERAL("session.save_path", false); zend_alter_ini_entry(ini_name, name, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); - zend_string_release_ex(ini_name, 0); + zend_string_release_ex(ini_name, false); } } @@ -2309,7 +2308,7 @@ PHP_FUNCTION(session_regenerate_id) PS(mod)->s_close(&PS(mod_data)); PS(session_status) = php_session_none; if (!EG(exception)) { - php_error_docref(NULL, E_WARNING, "Session object destruction failed. ID: %s (path: %s)", PS(mod)->s_name, PS(save_path)); + php_error_docref(NULL, E_WARNING, "Session object destruction failed. ID: %s (path: %s)", PS(mod)->s_name, ZSTR_VAL(PS(save_path))); } RETURN_FALSE; } @@ -2325,7 +2324,7 @@ PHP_FUNCTION(session_regenerate_id) if (ret == FAILURE) { PS(mod)->s_close(&PS(mod_data)); PS(session_status) = php_session_none; - php_error_docref(NULL, E_WARNING, "Session write failed. ID: %s (path: %s)", PS(mod)->s_name, PS(save_path)); + php_error_docref(NULL, E_WARNING, "Session write failed. ID: %s (path: %s)", PS(mod)->s_name, ZSTR_VAL(PS(save_path))); RETURN_FALSE; } } @@ -2339,10 +2338,10 @@ PHP_FUNCTION(session_regenerate_id) zend_string_release_ex(PS(id), 0); PS(id) = NULL; - if (PS(mod)->s_open(&PS(mod_data), PS(save_path), PS(session_name)) == FAILURE) { + if (PS(mod)->s_open(&PS(mod_data), ZSTR_VAL(PS(save_path)), PS(session_name)) == FAILURE) { PS(session_status) = php_session_none; if (!EG(exception)) { - zend_throw_error(NULL, "Failed to open session: %s (path: %s)", PS(mod)->s_name, PS(save_path)); + zend_throw_error(NULL, "Failed to open session: %s (path: %s)", PS(mod)->s_name, ZSTR_VAL(PS(save_path))); } RETURN_THROWS(); } @@ -2351,7 +2350,7 @@ PHP_FUNCTION(session_regenerate_id) if (!PS(id)) { PS(session_status) = php_session_none; if (!EG(exception)) { - zend_throw_error(NULL, "Failed to create new session ID: %s (path: %s)", PS(mod)->s_name, PS(save_path)); + zend_throw_error(NULL, "Failed to create new session ID: %s (path: %s)", PS(mod)->s_name, ZSTR_VAL(PS(save_path))); } RETURN_THROWS(); } @@ -2366,7 +2365,7 @@ PHP_FUNCTION(session_regenerate_id) PS(mod)->s_close(&PS(mod_data)); PS(session_status) = php_session_none; if (!EG(exception)) { - zend_throw_error(NULL, "Failed to create session ID by collision: %s (path: %s)", PS(mod)->s_name, PS(save_path)); + zend_throw_error(NULL, "Failed to create session ID by collision: %s (path: %s)", PS(mod)->s_name, ZSTR_VAL(PS(save_path))); } RETURN_THROWS(); } @@ -2379,7 +2378,7 @@ PHP_FUNCTION(session_regenerate_id) PS(mod)->s_close(&PS(mod_data)); PS(session_status) = php_session_none; if (!EG(exception)) { - zend_throw_error(NULL, "Failed to create(read) session ID: %s (path: %s)", PS(mod)->s_name, PS(save_path)); + zend_throw_error(NULL, "Failed to create(read) session ID: %s (path: %s)", PS(mod)->s_name, ZSTR_VAL(PS(save_path))); } RETURN_THROWS(); } From 681893338a4f9ba77dbdbdcef360b0370fe486ba Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Sat, 5 Jul 2025 14:45:20 +0100 Subject: [PATCH 04/11] ext/session: Use smart_str_append when possible --- ext/session/session.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ext/session/session.c b/ext/session/session.c index b571db0535078..d64f5d8ec595d 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -992,7 +992,7 @@ PS_SERIALIZER_ENCODE_FUNC(php_binary) PS_ENCODE_LOOP( if (ZSTR_LEN(key) > PS_BIN_MAX) continue; smart_str_appendc(&buf, (unsigned char)ZSTR_LEN(key)); - smart_str_appendl(&buf, ZSTR_VAL(key), ZSTR_LEN(key)); + smart_str_append(&buf, key); php_var_serialize(&buf, struc, &var_hash); ); @@ -1054,7 +1054,7 @@ PS_SERIALIZER_ENCODE_FUNC(php) PHP_VAR_SERIALIZE_INIT(var_hash); PS_ENCODE_LOOP( - smart_str_appendl(&buf, ZSTR_VAL(key), ZSTR_LEN(key)); + smart_str_append(&buf, key); if (memchr(ZSTR_VAL(key), PS_DELIMITER, ZSTR_LEN(key))) { PHP_VAR_SERIALIZE_DESTROY(var_hash); smart_str_free(&buf); @@ -1397,7 +1397,7 @@ static zend_result php_session_send_cookie(void) smart_str_appendl(&ncookie, "Set-Cookie: ", sizeof("Set-Cookie: ")-1); smart_str_appendl(&ncookie, PS(session_name), strlen(PS(session_name))); smart_str_appendc(&ncookie, '='); - smart_str_appendl(&ncookie, ZSTR_VAL(e_id), ZSTR_LEN(e_id)); + smart_str_append(&ncookie, e_id); zend_string_release_ex(e_id, 0); @@ -1411,7 +1411,7 @@ static zend_result php_session_send_cookie(void) if (t > 0) { date_fmt = php_format_date("D, d M Y H:i:s \\G\\M\\T", sizeof("D, d M Y H:i:s \\G\\M\\T")-1, t, 0); smart_str_appends(&ncookie, COOKIE_EXPIRES); - smart_str_appendl(&ncookie, ZSTR_VAL(date_fmt), ZSTR_LEN(date_fmt)); + smart_str_append(&ncookie, date_fmt); zend_string_release_ex(date_fmt, 0); smart_str_appends(&ncookie, COOKIE_MAX_AGE); @@ -1523,7 +1523,7 @@ PHPAPI zend_result php_session_reset_id(void) smart_str_appends(&var, PS(session_name)); smart_str_appendc(&var, '='); - smart_str_appends(&var, ZSTR_VAL(PS(id))); + smart_str_append(&var, PS(id)); smart_str_0(&var); if (sid) { zval_ptr_dtor(sid); From 0623aa2237eada50ff8b4eaa7f5b74b591f29666 Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Sat, 5 Jul 2025 14:47:13 +0100 Subject: [PATCH 05/11] ext/session: Use ZEND_STRL() --- ext/session/session.c | 70 +++++++++++++++++++++---------------------- 1 file changed, 35 insertions(+), 35 deletions(-) diff --git a/ext/session/session.c b/ext/session/session.c index d64f5d8ec595d..b169bdbaaf69f 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -1248,7 +1248,7 @@ static inline void last_modified(void) } #define LAST_MODIFIED "Last-Modified: " - memcpy(buf, LAST_MODIFIED, sizeof(LAST_MODIFIED) - 1); + memcpy(buf, ZEND_STRL(LAST_MODIFIED)); strcpy_gmt(buf + sizeof(LAST_MODIFIED) - 1, &sb.st_mtime); ADD_HEADER(buf); } @@ -1263,7 +1263,7 @@ CACHE_LIMITER_FUNC(public) gettimeofday(&tv, NULL); now = tv.tv_sec + PS(cache_expire) * 60; - memcpy(buf, EXPIRES, sizeof(EXPIRES) - 1); + memcpy(buf, ZEND_STRL(EXPIRES)); strcpy_gmt(buf + sizeof(EXPIRES) - 1, &now); ADD_HEADER(buf); @@ -1394,7 +1394,7 @@ static zend_result php_session_send_cookie(void) /* URL encode id because it might be user supplied */ e_id = php_url_encode(ZSTR_VAL(PS(id)), ZSTR_LEN(PS(id))); - smart_str_appendl(&ncookie, "Set-Cookie: ", sizeof("Set-Cookie: ")-1); + smart_str_appends(&ncookie, "Set-Cookie: "); smart_str_appendl(&ncookie, PS(session_name), strlen(PS(session_name))); smart_str_appendc(&ncookie, '='); smart_str_append(&ncookie, e_id); @@ -1409,7 +1409,7 @@ static zend_result php_session_send_cookie(void) t = tv.tv_sec + PS(cookie_lifetime); if (t > 0) { - date_fmt = php_format_date("D, d M Y H:i:s \\G\\M\\T", sizeof("D, d M Y H:i:s \\G\\M\\T")-1, t, 0); + date_fmt = php_format_date(ZEND_STRL("D, d M Y H:i:s \\G\\M\\T"), t, false); smart_str_appends(&ncookie, COOKIE_EXPIRES); smart_str_append(&ncookie, date_fmt); zend_string_release_ex(date_fmt, 0); @@ -1515,8 +1515,8 @@ PHPAPI zend_result php_session_reset_id(void) /* If the SID constant exists, destroy it. */ /* We must not delete any items in EG(zend_constants) */ - /* zend_hash_str_del(EG(zend_constants), "sid", sizeof("sid") - 1); */ - sid = zend_get_constant_str("SID", sizeof("SID") - 1); + /* zend_hash_str_del(EG(zend_constants), ZEND_STRL("sid")); */ + sid = zend_get_constant_str(ZEND_STRL("SID")); if (PS(define_sid)) { smart_str var = {0}; @@ -1546,7 +1546,7 @@ PHPAPI zend_result php_session_reset_id(void) if (APPLY_TRANS_SID) { apply_trans_sid = 1; if (PS(use_cookies) && - (data = zend_hash_str_find(&EG(symbol_table), "_COOKIE", sizeof("_COOKIE") - 1))) { + (data = zend_hash_str_find(&EG(symbol_table), ZEND_STRL("_COOKIE")))) { ZVAL_DEREF(data); if (Z_TYPE_P(data) == IS_ARRAY && (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), strlen(PS(session_name))))) { @@ -1580,7 +1580,7 @@ PHPAPI zend_result php_session_start(void) break; case php_session_disabled: - value = zend_ini_string("session.save_handler", sizeof("session.save_handler") - 1, 0); + value = zend_ini_string(ZEND_STRL("session.save_handler"), false); if (!PS(mod) && value) { PS(mod) = _php_find_ps_module(value); if (!PS(mod)) { @@ -1588,7 +1588,7 @@ PHPAPI zend_result php_session_start(void) return FAILURE; } } - value = zend_ini_string("session.serialize_handler", sizeof("session.serialize_handler") - 1, 0); + value = zend_ini_string(ZEND_STRL("session.serialize_handler"), false); if (!PS(serializer) && value) { PS(serializer) = _php_find_ps_serializer(value); if (!PS(serializer)) { @@ -1617,7 +1617,7 @@ PHPAPI zend_result php_session_start(void) */ if (!PS(id)) { - if (PS(use_cookies) && (data = zend_hash_str_find(&EG(symbol_table), "_COOKIE", sizeof("_COOKIE") - 1))) { + if (PS(use_cookies) && (data = zend_hash_str_find(&EG(symbol_table), ZEND_STRL("_COOKIE")))) { ZVAL_DEREF(data); if (Z_TYPE_P(data) == IS_ARRAY && (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), lensess))) { ppid2sid(ppid); @@ -1627,13 +1627,13 @@ PHPAPI zend_result php_session_start(void) } /* Initialize session ID from non cookie values */ if (!PS(use_only_cookies)) { - if (!PS(id) && (data = zend_hash_str_find(&EG(symbol_table), "_GET", sizeof("_GET") - 1))) { + if (!PS(id) && (data = zend_hash_str_find(&EG(symbol_table), ZEND_STRL("_GET")))) { ZVAL_DEREF(data); if (Z_TYPE_P(data) == IS_ARRAY && (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), lensess))) { ppid2sid(ppid); } } - if (!PS(id) && (data = zend_hash_str_find(&EG(symbol_table), "_POST", sizeof("_POST") - 1))) { + if (!PS(id) && (data = zend_hash_str_find(&EG(symbol_table), ZEND_STRL("_POST")))) { ZVAL_DEREF(data); if (Z_TYPE_P(data) == IS_ARRAY && (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), lensess))) { ppid2sid(ppid); @@ -1643,7 +1643,7 @@ PHPAPI zend_result php_session_start(void) * an external site which invalidates the previously found id. */ if (PS(id) && PS(extern_referer_chk)[0] != '\0' && !Z_ISUNDEF(PG(http_globals)[TRACK_VARS_SERVER]) && - (data = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), "HTTP_REFERER", sizeof("HTTP_REFERER") - 1)) && + (data = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), ZEND_STRL("HTTP_REFERER"))) && Z_TYPE_P(data) == IS_STRING && Z_STRLEN_P(data) != 0 && strstr(Z_STRVAL_P(data), PS(extern_referer_chk)) == NULL @@ -2794,7 +2794,7 @@ static zend_result php_rinit_session(bool auto_start) { char *value; - value = zend_ini_string("session.save_handler", sizeof("session.save_handler") - 1, 0); + value = zend_ini_string(ZEND_STRL("session.save_handler"), false); if (value) { PS(mod) = _php_find_ps_module(value); } @@ -2803,7 +2803,7 @@ static zend_result php_rinit_session(bool auto_start) if (PS(serializer) == NULL) { char *value; - value = zend_ini_string("session.serialize_handler", sizeof("session.serialize_handler") - 1, 0); + value = zend_ini_string(ZEND_STRL("session.serialize_handler"), false); if (value) { PS(serializer) = _php_find_ps_serializer(value); } @@ -2907,7 +2907,7 @@ static PHP_GINIT_FUNCTION(ps) static PHP_MINIT_FUNCTION(session) { - zend_register_auto_global(zend_string_init_interned("_SESSION", sizeof("_SESSION") - 1, 1), 0, NULL); + zend_register_auto_global(zend_string_init_interned(ZEND_STRL("_SESSION"), true), false, NULL); my_module_number = module_number; PS(module_number) = module_number; @@ -3058,7 +3058,7 @@ static bool php_check_cancel_upload(php_session_rfc1867_progress *progress) if (Z_TYPE_P(progress_ary) != IS_ARRAY) { return 0; } - if ((cancel_upload = zend_hash_str_find(Z_ARRVAL_P(progress_ary), "cancel_upload", sizeof("cancel_upload") - 1)) == NULL) { + if ((cancel_upload = zend_hash_str_find(Z_ARRVAL_P(progress_ary), ZEND_STRL("cancel_upload"))) == NULL) { return 0; } return Z_TYPE_P(cancel_upload) == IS_TRUE; @@ -3189,13 +3189,13 @@ static zend_result php_session_rfc1867_callback(unsigned int event, void *event_ array_init(&progress->data); array_init(&progress->files); - add_assoc_long_ex(&progress->data, "start_time", sizeof("start_time") - 1, (zend_long)sapi_get_request_time()); - add_assoc_long_ex(&progress->data, "content_length", sizeof("content_length") - 1, progress->content_length); - add_assoc_long_ex(&progress->data, "bytes_processed", sizeof("bytes_processed") - 1, data->post_bytes_processed); - add_assoc_bool_ex(&progress->data, "done", sizeof("done") - 1, 0); - add_assoc_zval_ex(&progress->data, "files", sizeof("files") - 1, &progress->files); + add_assoc_long_ex(&progress->data, ZEND_STRL("start_time"), (zend_long)sapi_get_request_time()); + add_assoc_long_ex(&progress->data, ZEND_STRL("content_length"), progress->content_length); + add_assoc_long_ex(&progress->data, ZEND_STRL("bytes_processed"), data->post_bytes_processed); + add_assoc_bool_ex(&progress->data, ZEND_STRL("done"), false); + add_assoc_zval_ex(&progress->data, ZEND_STRL("files"), &progress->files); - progress->post_bytes_processed = zend_hash_str_find(Z_ARRVAL(progress->data), "bytes_processed", sizeof("bytes_processed") - 1); + progress->post_bytes_processed = zend_hash_str_find(Z_ARRVAL(progress->data), ZEND_STRL("bytes_processed")); php_rinit_session(0); PS(id) = zend_string_copy(Z_STR(progress->sid)); @@ -3210,18 +3210,18 @@ static zend_result php_session_rfc1867_callback(unsigned int event, void *event_ array_init(&progress->current_file); /* Each uploaded file has its own array. Trying to make it close to $_FILES entries. */ - add_assoc_string_ex(&progress->current_file, "field_name", sizeof("field_name") - 1, data->name); - add_assoc_string_ex(&progress->current_file, "name", sizeof("name") - 1, *data->filename); - add_assoc_null_ex(&progress->current_file, "tmp_name", sizeof("tmp_name") - 1); - add_assoc_long_ex(&progress->current_file, "error", sizeof("error") - 1, 0); + add_assoc_string_ex(&progress->current_file, ZEND_STRL("field_name"), data->name); + add_assoc_string_ex(&progress->current_file, ZEND_STRL("name"), *data->filename); + add_assoc_null_ex(&progress->current_file, ZEND_STRL("tmp_name")); + add_assoc_long_ex(&progress->current_file, ZEND_STRL("error"), 0); - add_assoc_bool_ex(&progress->current_file, "done", sizeof("done") - 1, 0); - add_assoc_long_ex(&progress->current_file, "start_time", sizeof("start_time") - 1, (zend_long)time(NULL)); - add_assoc_long_ex(&progress->current_file, "bytes_processed", sizeof("bytes_processed") - 1, 0); + add_assoc_bool_ex(&progress->current_file, ZEND_STRL("done"), 0); + add_assoc_long_ex(&progress->current_file, ZEND_STRL("start_time"), (zend_long)time(NULL)); + add_assoc_long_ex(&progress->current_file, ZEND_STRL("bytes_processed"), 0); add_next_index_zval(&progress->files, &progress->current_file); - progress->current_file_bytes_processed = zend_hash_str_find(Z_ARRVAL(progress->current_file), "bytes_processed", sizeof("bytes_processed") - 1); + progress->current_file_bytes_processed = zend_hash_str_find(Z_ARRVAL(progress->current_file), ZEND_STRL("bytes_processed")); Z_LVAL_P(progress->current_file_bytes_processed) = data->post_bytes_processed; php_session_rfc1867_update(progress, 0); @@ -3248,11 +3248,11 @@ static zend_result php_session_rfc1867_callback(unsigned int event, void *event_ } if (data->temp_filename) { - add_assoc_string_ex(&progress->current_file, "tmp_name", sizeof("tmp_name") - 1, data->temp_filename); + add_assoc_string_ex(&progress->current_file, ZEND_STRL("tmp_name"), data->temp_filename); } - add_assoc_long_ex(&progress->current_file, "error", sizeof("error") - 1, data->cancel_upload); - add_assoc_bool_ex(&progress->current_file, "done", sizeof("done") - 1, 1); + add_assoc_long_ex(&progress->current_file, ZEND_STRL("error"), data->cancel_upload); + add_assoc_bool_ex(&progress->current_file, ZEND_STRL("done"), 1); Z_LVAL_P(progress->post_bytes_processed) = data->post_bytes_processed; @@ -3268,7 +3268,7 @@ static zend_result php_session_rfc1867_callback(unsigned int event, void *event_ } else { if (!Z_ISUNDEF(progress->data)) { SEPARATE_ARRAY(&progress->data); - add_assoc_bool_ex(&progress->data, "done", sizeof("done") - 1, 1); + add_assoc_bool_ex(&progress->data, ZEND_STRL("done"), 1); Z_LVAL_P(progress->post_bytes_processed) = data->post_bytes_processed; php_session_rfc1867_update(progress, 1); } From 0cc6496f3ca7e852282cfaed5af3b3fc07e2aaf5 Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Sat, 5 Jul 2025 14:58:38 +0100 Subject: [PATCH 06/11] ext/session: Use is_numeric_str helper --- ext/session/session.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/session/session.c b/ext/session/session.c index b169bdbaaf69f..64ff6595314af 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -2603,7 +2603,7 @@ PHP_FUNCTION(session_start) if (Z_TYPE_P(value) != IS_STRING) { tmp = zval_get_long(value); } else { - if (is_numeric_string(Z_STRVAL_P(value), Z_STRLEN_P(value), &tmp, NULL, false) != IS_LONG) { + if (is_numeric_str_function(Z_STR_P(value), &tmp, NULL) != IS_LONG) { zend_type_error("%s(): Option \"%s\" value must be of type compatible with int, \"%s\" given", get_active_function_name(), ZSTR_VAL(str_idx), Z_STRVAL_P(value) ); From e85617368e35ae97a13d6de4b71dea3d2d624fa3 Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Sat, 5 Jul 2025 15:16:37 +0100 Subject: [PATCH 07/11] ext/session: convert global session_name to zstr --- ext/session/php_session.h | 2 +- ext/session/session.c | 48 ++++++++++++++++----------------------- 2 files changed, 21 insertions(+), 29 deletions(-) diff --git a/ext/session/php_session.h b/ext/session/php_session.h index af714fd75b3af..ec17e1b7de5b3 100644 --- a/ext/session/php_session.h +++ b/ext/session/php_session.h @@ -140,7 +140,7 @@ typedef struct _php_session_rfc1867_progress { typedef struct _php_ps_globals { zend_string *save_path; - char *session_name; + zend_string *session_name; zend_string *id; char *extern_referer_chk; char *cache_limiter; diff --git a/ext/session/session.c b/ext/session/session.c index 64ff6595314af..ae06c7f7c5ffd 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -425,7 +425,7 @@ static zend_result php_session_initialize(void) } /* Open session handler first */ - if (PS(mod)->s_open(&PS(mod_data), ZSTR_VAL(PS(save_path)), PS(session_name)) == FAILURE + if (PS(mod)->s_open(&PS(mod_data), ZSTR_VAL(PS(save_path)), ZSTR_VAL(PS(session_name))) == FAILURE /* || PS(mod_data) == NULL */ /* FIXME: open must set valid PS(mod_data) with success */ ) { php_session_abort(); @@ -706,7 +706,7 @@ static PHP_INI_MH(OnUpdateName) return FAILURE; } - return OnUpdateStringUnempty(entry, new_value, mh_arg1, mh_arg2, mh_arg3, stage); + return OnUpdateStrNotEmpty(entry, new_value, mh_arg1, mh_arg2, mh_arg3, stage); } @@ -1349,10 +1349,9 @@ static void php_session_remove_cookie(void) { size_t session_cookie_len; size_t len = sizeof("Set-Cookie")-1; - ZEND_ASSERT(strpbrk(PS(session_name), SESSION_FORBIDDEN_CHARS) == NULL); - spprintf(&session_cookie, 0, "Set-Cookie: %s=", PS(session_name)); + ZEND_ASSERT(strpbrk(ZSTR_VAL(PS(session_name)), SESSION_FORBIDDEN_CHARS) == NULL); + session_cookie_len = spprintf(&session_cookie, 0, "Set-Cookie: %s=", ZSTR_VAL(PS(session_name))); - session_cookie_len = strlen(session_cookie); current = l->head; while (current) { header = (sapi_header_struct *)(current->data); @@ -1389,13 +1388,13 @@ static zend_result php_session_send_cookie(void) return FAILURE; } - ZEND_ASSERT(strpbrk(PS(session_name), SESSION_FORBIDDEN_CHARS) == NULL); + ZEND_ASSERT(strpbrk(ZSTR_VAL(PS(session_name)), SESSION_FORBIDDEN_CHARS) == NULL); /* URL encode id because it might be user supplied */ e_id = php_url_encode(ZSTR_VAL(PS(id)), ZSTR_LEN(PS(id))); smart_str_appends(&ncookie, "Set-Cookie: "); - smart_str_appendl(&ncookie, PS(session_name), strlen(PS(session_name))); + smart_str_append(&ncookie, PS(session_name)); smart_str_appendc(&ncookie, '='); smart_str_append(&ncookie, e_id); @@ -1521,7 +1520,7 @@ PHPAPI zend_result php_session_reset_id(void) if (PS(define_sid)) { smart_str var = {0}; - smart_str_appends(&var, PS(session_name)); + smart_str_append(&var, PS(session_name)); smart_str_appendc(&var, '='); smart_str_append(&var, PS(id)); smart_str_0(&var); @@ -1549,18 +1548,15 @@ PHPAPI zend_result php_session_reset_id(void) (data = zend_hash_str_find(&EG(symbol_table), ZEND_STRL("_COOKIE")))) { ZVAL_DEREF(data); if (Z_TYPE_P(data) == IS_ARRAY && - (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), strlen(PS(session_name))))) { + (ppid = zend_hash_find(Z_ARRVAL_P(data), PS(session_name)))) { ZVAL_DEREF(ppid); apply_trans_sid = 0; } } } if (apply_trans_sid) { - zend_string *sname; - sname = zend_string_init(PS(session_name), strlen(PS(session_name)), 0); - php_url_scanner_reset_session_var(sname, 1); /* This may fail when session name has changed */ - zend_string_release_ex(sname, 0); - php_url_scanner_add_session_var(PS(session_name), strlen(PS(session_name)), ZSTR_VAL(PS(id)), ZSTR_LEN(PS(id)), 1); + php_url_scanner_reset_session_var(PS(session_name), true); /* This may fail when session name has changed */ + php_url_scanner_add_session_var(ZSTR_VAL(PS(session_name)), ZSTR_LEN(PS(session_name)), ZSTR_VAL(PS(id)), ZSTR_LEN(PS(id)), true); } return SUCCESS; } @@ -1571,7 +1567,6 @@ PHPAPI zend_result php_session_start(void) zval *ppid; zval *data; char *value; - size_t lensess; switch (PS(session_status)) { case php_session_active: @@ -1606,8 +1601,6 @@ PHPAPI zend_result php_session_start(void) PS(send_cookie) = PS(use_cookies) || PS(use_only_cookies); } - lensess = strlen(PS(session_name)); - /* * Cookies are preferred, because initially cookie and get * variables will be available. @@ -1619,7 +1612,7 @@ PHPAPI zend_result php_session_start(void) if (!PS(id)) { if (PS(use_cookies) && (data = zend_hash_str_find(&EG(symbol_table), ZEND_STRL("_COOKIE")))) { ZVAL_DEREF(data); - if (Z_TYPE_P(data) == IS_ARRAY && (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), lensess))) { + if (Z_TYPE_P(data) == IS_ARRAY && (ppid = zend_hash_find(Z_ARRVAL_P(data), PS(session_name)))) { ppid2sid(ppid); PS(send_cookie) = 0; PS(define_sid) = 0; @@ -1629,13 +1622,13 @@ PHPAPI zend_result php_session_start(void) if (!PS(use_only_cookies)) { if (!PS(id) && (data = zend_hash_str_find(&EG(symbol_table), ZEND_STRL("_GET")))) { ZVAL_DEREF(data); - if (Z_TYPE_P(data) == IS_ARRAY && (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), lensess))) { + if (Z_TYPE_P(data) == IS_ARRAY && (ppid = zend_hash_find(Z_ARRVAL_P(data), PS(session_name)))) { ppid2sid(ppid); } } if (!PS(id) && (data = zend_hash_str_find(&EG(symbol_table), ZEND_STRL("_POST")))) { ZVAL_DEREF(data); - if (Z_TYPE_P(data) == IS_ARRAY && (ppid = zend_hash_str_find(Z_ARRVAL_P(data), PS(session_name), lensess))) { + if (Z_TYPE_P(data) == IS_ARRAY && (ppid = zend_hash_find(Z_ARRVAL_P(data), PS(session_name)))) { ppid2sid(ppid); } } @@ -1717,7 +1710,7 @@ static zend_result php_session_reset(void) PHPAPI void session_adapt_url(const char *url, size_t url_len, char **new_url, size_t *new_len) { if (APPLY_TRANS_SID && (PS(session_status) == php_session_active)) { - *new_url = php_url_scanner_adapt_single_url(url, url_len, PS(session_name), ZSTR_VAL(PS(id)), new_len, 1); + *new_url = php_url_scanner_adapt_single_url(url, url_len, ZSTR_VAL(PS(session_name)), ZSTR_VAL(PS(id)), new_len, true); } } @@ -1913,7 +1906,6 @@ PHP_FUNCTION(session_get_cookie_params) PHP_FUNCTION(session_name) { zend_string *name = NULL; - zend_string *ini_name; if (zend_parse_parameters(ZEND_NUM_ARGS(), "|P!", &name) == FAILURE) { RETURN_THROWS(); @@ -1929,10 +1921,10 @@ PHP_FUNCTION(session_name) RETURN_FALSE; } - RETVAL_STRING(PS(session_name)); + RETVAL_STRINGL(ZSTR_VAL(PS(session_name)), ZSTR_LEN(PS(session_name))); if (name) { - ini_name = ZSTR_INIT_LITERAL("session.name", 0); + zend_string *ini_name = ZSTR_INIT_LITERAL("session.name", 0); zend_alter_ini_entry(ini_name, name, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); zend_string_release_ex(ini_name, 0); } @@ -2338,7 +2330,7 @@ PHP_FUNCTION(session_regenerate_id) zend_string_release_ex(PS(id), 0); PS(id) = NULL; - if (PS(mod)->s_open(&PS(mod_data), ZSTR_VAL(PS(save_path)), PS(session_name)) == FAILURE) { + if (PS(mod)->s_open(&PS(mod_data), ZSTR_VAL(PS(save_path)), ZSTR_VAL(PS(session_name))) == FAILURE) { PS(session_status) = php_session_none; if (!EG(exception)) { zend_throw_error(NULL, "Failed to open session: %s (path: %s)", PS(mod)->s_name, ZSTR_VAL(PS(save_path))); @@ -3021,7 +3013,7 @@ static bool early_find_sid_in(zval *dest, int where, php_session_rfc1867_progres return 0; } - if ((ppid = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[where]), PS(session_name), progress->sname_len)) + if ((ppid = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[where]), ZSTR_VAL(PS(session_name)), progress->sname_len)) && Z_TYPE_P(ppid) == IS_STRING) { zval_ptr_dtor(dest); ZVAL_COPY_DEREF(dest, ppid); @@ -3129,7 +3121,7 @@ static zend_result php_session_rfc1867_callback(unsigned int event, void *event_ multipart_event_start *data = (multipart_event_start *) event_data; progress = ecalloc(1, sizeof(php_session_rfc1867_progress)); progress->content_length = data->content_length; - progress->sname_len = strlen(PS(session_name)); + progress->sname_len = ZSTR_LEN(PS(session_name)); PS(rfc1867_progress) = progress; } break; @@ -3151,7 +3143,7 @@ static zend_result php_session_rfc1867_callback(unsigned int event, void *event_ if (data->name && data->value && value_len) { size_t name_len = strlen(data->name); - if (name_len == progress->sname_len && memcmp(data->name, PS(session_name), name_len) == 0) { + if (zend_string_equals_cstr(PS(session_name), data->name, name_len)) { zval_ptr_dtor(&progress->sid); ZVAL_STRINGL(&progress->sid, (*data->value), value_len); } else if (zend_string_equals_cstr(PS(rfc1867_name), data->name, name_len)) { From 756a34d94416f40b25bf8a977a9c0cc91f529b13 Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Sat, 5 Jul 2025 15:26:05 +0100 Subject: [PATCH 08/11] ext/session: Use zend_string for some session globals --- ext/session/php_session.h | 8 ++++---- ext/session/session.c | 38 ++++++++++++++++++++------------------ 2 files changed, 24 insertions(+), 22 deletions(-) diff --git a/ext/session/php_session.h b/ext/session/php_session.h index ec17e1b7de5b3..f8e511082a6d0 100644 --- a/ext/session/php_session.h +++ b/ext/session/php_session.h @@ -143,11 +143,11 @@ typedef struct _php_ps_globals { zend_string *session_name; zend_string *id; char *extern_referer_chk; - char *cache_limiter; + zend_string *cache_limiter; zend_long cookie_lifetime; - char *cookie_path; - char *cookie_domain; - char *cookie_samesite; + zend_string *cookie_path; + zend_string *cookie_domain; + zend_string *cookie_samesite; bool cookie_secure; bool cookie_httponly; const ps_module *mod; diff --git a/ext/session/session.c b/ext/session/session.c index ae06c7f7c5ffd..2eb2bd1576c3d 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -738,11 +738,11 @@ static PHP_INI_MH(OnUpdateSessionLong) return OnUpdateLong(entry, new_value, mh_arg1, mh_arg2, mh_arg3, stage); } -static PHP_INI_MH(OnUpdateSessionString) +static PHP_INI_MH(OnUpdateSessionStr) { SESSION_CHECK_ACTIVE_STATE; SESSION_CHECK_OUTPUT_STATE; - return OnUpdateString(entry, new_value, mh_arg1, mh_arg2, mh_arg3, stage); + return OnUpdateStr(entry, new_value, mh_arg1, mh_arg2, mh_arg3, stage); } @@ -897,16 +897,16 @@ PHP_INI_BEGIN() STD_PHP_INI_ENTRY("session.gc_maxlifetime", "1440", PHP_INI_ALL, OnUpdateSessionLong, gc_maxlifetime, php_ps_globals, ps_globals) PHP_INI_ENTRY("session.serialize_handler", "php", PHP_INI_ALL, OnUpdateSerializer) STD_PHP_INI_ENTRY("session.cookie_lifetime", "0", PHP_INI_ALL, OnUpdateCookieLifetime,cookie_lifetime, php_ps_globals, ps_globals) - STD_PHP_INI_ENTRY("session.cookie_path", "/", PHP_INI_ALL, OnUpdateSessionString, cookie_path, php_ps_globals, ps_globals) - STD_PHP_INI_ENTRY("session.cookie_domain", "", PHP_INI_ALL, OnUpdateSessionString, cookie_domain, php_ps_globals, ps_globals) + STD_PHP_INI_ENTRY("session.cookie_path", "/", PHP_INI_ALL, OnUpdateSessionStr, cookie_path, php_ps_globals, ps_globals) + STD_PHP_INI_ENTRY("session.cookie_domain", "", PHP_INI_ALL, OnUpdateSessionStr, cookie_domain, php_ps_globals, ps_globals) STD_PHP_INI_BOOLEAN("session.cookie_secure", "0", PHP_INI_ALL, OnUpdateSessionBool, cookie_secure, php_ps_globals, ps_globals) STD_PHP_INI_BOOLEAN("session.cookie_httponly", "0", PHP_INI_ALL, OnUpdateSessionBool, cookie_httponly, php_ps_globals, ps_globals) - STD_PHP_INI_ENTRY("session.cookie_samesite", "", PHP_INI_ALL, OnUpdateSessionString, cookie_samesite, php_ps_globals, ps_globals) + STD_PHP_INI_ENTRY("session.cookie_samesite", "", PHP_INI_ALL, OnUpdateSessionStr, cookie_samesite, php_ps_globals, ps_globals) STD_PHP_INI_BOOLEAN("session.use_cookies", "1", PHP_INI_ALL, OnUpdateSessionBool, use_cookies, php_ps_globals, ps_globals) STD_PHP_INI_BOOLEAN("session.use_only_cookies", "1", PHP_INI_ALL, OnUpdateUseOnlyCookies, use_only_cookies, php_ps_globals, ps_globals) STD_PHP_INI_BOOLEAN("session.use_strict_mode", "0", PHP_INI_ALL, OnUpdateSessionBool, use_strict_mode, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.referer_check", "", PHP_INI_ALL, OnUpdateRefererCheck, extern_referer_chk, php_ps_globals, ps_globals) - STD_PHP_INI_ENTRY("session.cache_limiter", "nocache", PHP_INI_ALL, OnUpdateSessionString, cache_limiter, php_ps_globals, ps_globals) + STD_PHP_INI_ENTRY("session.cache_limiter", "nocache", PHP_INI_ALL, OnUpdateSessionStr, cache_limiter, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.cache_expire", "180", PHP_INI_ALL, OnUpdateSessionLong, cache_expire, php_ps_globals, ps_globals) STD_PHP_INI_BOOLEAN("session.use_trans_sid", "0", PHP_INI_ALL, OnUpdateUseTransSid, use_trans_sid, php_ps_globals, ps_globals) PHP_INI_ENTRY("session.sid_length", "32", PHP_INI_ALL, OnUpdateSidLength) @@ -1312,7 +1312,9 @@ static int php_session_cache_limiter(void) { const php_session_cache_limiter_t *lim; - if (PS(cache_limiter)[0] == '\0') return 0; + if (ZSTR_LEN(PS(cache_limiter)) == 0) { + return 0; + } if (PS(session_status) != php_session_active) return -1; if (SG(headers_sent)) { @@ -1322,7 +1324,7 @@ static int php_session_cache_limiter(void) } for (lim = php_session_cache_limiters; lim->name; lim++) { - if (!strcasecmp(lim->name, PS(cache_limiter))) { + if (!strcasecmp(lim->name, ZSTR_VAL(PS(cache_limiter)))) { lim->func(); return 0; } @@ -1418,14 +1420,14 @@ static zend_result php_session_send_cookie(void) } } - if (PS(cookie_path)[0]) { + if (ZSTR_LEN(PS(cookie_path))) { smart_str_appends(&ncookie, COOKIE_PATH); - smart_str_appends(&ncookie, PS(cookie_path)); + smart_str_append(&ncookie, PS(cookie_path)); } - if (PS(cookie_domain)[0]) { + if (ZSTR_LEN(PS(cookie_domain))) { smart_str_appends(&ncookie, COOKIE_DOMAIN); - smart_str_appends(&ncookie, PS(cookie_domain)); + smart_str_append(&ncookie, PS(cookie_domain)); } if (PS(cookie_secure)) { @@ -1436,9 +1438,9 @@ static zend_result php_session_send_cookie(void) smart_str_appends(&ncookie, COOKIE_HTTPONLY); } - if (PS(cookie_samesite)[0]) { + if (ZSTR_LEN(PS(cookie_samesite))) { smart_str_appends(&ncookie, COOKIE_SAMESITE); - smart_str_appends(&ncookie, PS(cookie_samesite)); + smart_str_append(&ncookie, PS(cookie_samesite)); } smart_str_0(&ncookie); @@ -1895,11 +1897,11 @@ PHP_FUNCTION(session_get_cookie_params) array_init(return_value); add_assoc_long(return_value, "lifetime", PS(cookie_lifetime)); - add_assoc_string(return_value, "path", PS(cookie_path)); - add_assoc_string(return_value, "domain", PS(cookie_domain)); + add_assoc_str(return_value, "path", zend_string_dup(PS(cookie_path), false)); + add_assoc_str(return_value, "domain", zend_string_dup(PS(cookie_domain), false)); add_assoc_bool(return_value, "secure", PS(cookie_secure)); add_assoc_bool(return_value, "httponly", PS(cookie_httponly)); - add_assoc_string(return_value, "samesite", PS(cookie_samesite)); + add_assoc_str(return_value, "samesite", zend_string_dup(PS(cookie_samesite), false)); } /* Return the current session name. If new name is given, the session name is replaced with new name */ @@ -2463,7 +2465,7 @@ PHP_FUNCTION(session_cache_limiter) RETURN_FALSE; } - RETVAL_STRING(PS(cache_limiter)); + RETVAL_STRINGL(ZSTR_VAL(PS(cache_limiter)), ZSTR_LEN(PS(cache_limiter))); if (limiter) { ini_name = ZSTR_INIT_LITERAL("session.cache_limiter", 0); From 52669d98b91a719c0e411eca61024ee07c791d82 Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Sat, 5 Jul 2025 15:28:57 +0100 Subject: [PATCH 09/11] ext/session: Initialize variable with default value To make it easier for IDEs to understand what is going on --- ext/session/session.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/ext/session/session.c b/ext/session/session.c index 2eb2bd1576c3d..6907ae3f8f8b2 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -513,7 +513,7 @@ static void php_session_save_current_state(int write) if (write) { IF_SESSION_VARS() { zend_string *handler_class_name = PS(mod_user_class_name); - const char *handler_function_name; + const char *handler_function_name = "write"; if (PS(mod_data) || PS(mod_user_implemented)) { zend_string *val; @@ -529,12 +529,10 @@ static void php_session_save_current_state(int write) handler_function_name = handler_class_name != NULL ? "updateTimestamp" : "update_timestamp"; } else { ret = PS(mod)->s_write(&PS(mod_data), PS(id), val, PS(gc_maxlifetime)); - handler_function_name = "write"; } zend_string_release_ex(val, 0); } else { ret = PS(mod)->s_write(&PS(mod_data), PS(id), ZSTR_EMPTY_ALLOC(), PS(gc_maxlifetime)); - handler_function_name = "write"; } } From 6f4acabd94ba2868676bde7ef4100577159c6e6e Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Sat, 5 Jul 2025 15:38:05 +0100 Subject: [PATCH 10/11] ext/session: Minor code cleanups --- ext/session/session.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ext/session/session.c b/ext/session/session.c index 6907ae3f8f8b2..695f6c01967cf 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -1162,7 +1162,7 @@ static const ps_module *ps_modules[MAX_MODULES + 1] = { PHPAPI zend_result php_session_register_module(const ps_module *ptr) { - int ret = FAILURE; + zend_result ret = FAILURE; for (int i = 0; i < MAX_MODULES; i++) { if (!ps_modules[i]) { @@ -1211,7 +1211,7 @@ static const char *week_days[] = { "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun" }; -static inline void strcpy_gmt(char *ubuf, time_t *when) +static inline void strcpy_gmt(char *ubuf, const time_t *when) { char buf[MAX_STR]; struct tm tm, *res; @@ -3056,7 +3056,7 @@ static bool php_check_cancel_upload(php_session_rfc1867_progress *progress) return Z_TYPE_P(cancel_upload) == IS_TRUE; } -static void php_session_rfc1867_update(php_session_rfc1867_progress *progress, int force_update) +static void php_session_rfc1867_update(php_session_rfc1867_progress *progress, bool force_update) { if (!force_update) { if (Z_LVAL_P(progress->post_bytes_processed) < progress->next_update) { From 82c1e8c93864a30a1f17805ed071e89f6fcb81eb Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Sun, 6 Jul 2025 04:08:15 +0100 Subject: [PATCH 11/11] ext/session: get rid of sname_len field This is unnecessary now that the session name is a zend_string --- ext/session/php_session.h | 1 - ext/session/session.c | 3 +-- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/ext/session/php_session.h b/ext/session/php_session.h index f8e511082a6d0..8a0d2ed27b868 100644 --- a/ext/session/php_session.h +++ b/ext/session/php_session.h @@ -120,7 +120,6 @@ typedef enum { } php_session_status; typedef struct _php_session_rfc1867_progress { - size_t sname_len; zval sid; smart_str key; diff --git a/ext/session/session.c b/ext/session/session.c index 695f6c01967cf..33cc6cd4b7d16 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -3013,7 +3013,7 @@ static bool early_find_sid_in(zval *dest, int where, php_session_rfc1867_progres return 0; } - if ((ppid = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[where]), ZSTR_VAL(PS(session_name)), progress->sname_len)) + if ((ppid = zend_hash_find(Z_ARRVAL(PG(http_globals)[where]), PS(session_name))) && Z_TYPE_P(ppid) == IS_STRING) { zval_ptr_dtor(dest); ZVAL_COPY_DEREF(dest, ppid); @@ -3121,7 +3121,6 @@ static zend_result php_session_rfc1867_callback(unsigned int event, void *event_ multipart_event_start *data = (multipart_event_start *) event_data; progress = ecalloc(1, sizeof(php_session_rfc1867_progress)); progress->content_length = data->content_length; - progress->sname_len = ZSTR_LEN(PS(session_name)); PS(rfc1867_progress) = progress; } break;