This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Index: en/reference/session/security.xml | |
=================================================================== | |
--- en/reference/session/security.xml (リビジョン 332867) | |
+++ en/reference/session/security.xml (作業コピー) | |
@@ -7,6 +7,102 @@ | |
External links: <link xlink:href="&url.session-fixation;">Session fixation</link> | |
</para> | |
<para> | |
+ HTTP session management is core of web security. All of mitigation should be adopted to make | |
+ sure session security. User should enable/use applicable settings appropriately. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c | |
index 2ac0454..c4632ae 100644 | |
--- a/ext/pgsql/pgsql.c | |
+++ b/ext/pgsql/pgsql.c | |
@@ -746,6 +746,104 @@ ZEND_GET_MODULE(pgsql) | |
static int le_link, le_plink, le_result, le_lofp, le_string; | |
+/* Compatibility definitions */ | |
+ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/ext/iconv/iconv.c b/ext/iconv/iconv.c | |
index ea6ac1a..c8784b1 100644 | |
--- a/ext/iconv/iconv.c | |
+++ b/ext/iconv/iconv.c | |
@@ -220,21 +220,55 @@ static char _generic_superset_name[] = ICONV_UCS4_ENCODING; | |
#define GENERIC_SUPERSET_NBYTES 4 | |
/* }}} */ | |
-static PHP_INI_MH(OnUpdateStringIconvCharset) | |
+ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/ext/standard/string.c b/ext/standard/string.c | |
index 907301d..3d5b7a2 100644 | |
--- a/ext/standard/string.c | |
+++ b/ext/standard/string.c | |
@@ -3248,7 +3248,7 @@ PHPAPI char *php_addslashes_ex(char *str, int length, int *new_length, int shoul | |
char *source, *target; | |
char *end; | |
int local_new_length; | |
- | |
+ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/rpm/build b/rpm/build | |
new file mode 100755 | |
index 0000000..de73e32 | |
--- /dev/null | |
+++ b/rpm/build | |
@@ -0,0 +1,26 @@ | |
+#!/bin/sh | |
+# | |
+# A silly little helper script to build the RPM. | |
+set -e |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/ext/session/php_session.h b/ext/session/php_session.h | |
index e8e79f0..ba3420e 100644 | |
--- a/ext/session/php_session.h | |
+++ b/ext/session/php_session.h | |
@@ -180,6 +180,7 @@ typedef struct _php_ps_globals { | |
double rfc1867_min_freq; /* session.upload_progress.min_freq */ | |
zend_bool use_strict_mode; /* whether or not PHP accepts unknown session ids */ | |
+ char session_data_hash[16]; /* binary MD5 hash length */ | |
} php_ps_globals; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/ext/session/session.c b/ext/session/session.c | |
index c02a10d..1497da4 100644 | |
--- a/ext/session/session.c | |
+++ b/ext/session/session.c | |
@@ -827,6 +827,51 @@ PHP_INI_END() | |
/* *************** | |
* Serializers * | |
*************** */ | |
+PS_SERIALIZER_ENCODE_FUNC(php_serialize) /* {{{ */ | |
+{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff -up memcache-2.2.6/memcache_session.c.orig memcache-2.2.6/memcache_session.c | |
--- memcache-2.2.6/memcache_session.c.orig 2012-05-17 14:50:33.000000000 +0900 | |
+++ memcache-2.2.6/memcache_session.c 2012-05-17 16:28:20.000000000 +0900 | |
@@ -280,6 +280,42 @@ PS_GC_FUNC(memcache) | |
} | |
/* }}} */ | |
+ | |
+PS_VALIDATE_SID_FUNC(memcache) | |
+{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
// 出力バッファを開始 | |
ob_start(); | |
// PHPエラーを例外へ変換する為のクラス | |
class myException extends Exception { | |
public function __construct($errno, $errstr, $errfile, $errline, $errctx) { | |
// エラー番号とエラーレベルのマッピング | |
$errlev = array( | |
E_USER_ERROR => 'SECURITY', |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff -ur httpd-1.3.42.orig//src/support/htdigest.c httpd-1.3.42/src/support/htdigest.c | |
--- httpd-1.3.42.orig//src/support/htdigest.c 2006-07-12 17:16:05.000000000 +0900 | |
+++ httpd-1.3.42/src/support/htdigest.c 2012-04-01 11:48:49.705771078 +0900 | |
@@ -71,7 +71,7 @@ | |
while ((line[y++] = line[x++])); | |
} | |
-static int getline(char *s, int n, FILE *f) | |
+static int my_getline(char *s, int n, FILE *f) | |
{ |