Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ext/session: session_start() options arguments type checks. #17388

Closed
wants to merge 1 commit into from
Closed

ext/session: session_start() options arguments type checks. #17388

wants to merge 1 commit into from
+56 −28

Conversation

devnexen
Copy link
Member

@devnexen devnexen commented Jan 6, 2025

No description provided.

@devnexen devnexen marked this pull request as ready for review January 7, 2025 06:47
@devnexen devnexen requested a review from Girgias as a code owner January 7, 2025 06:47
devnexen
devnexen commented Jan 7, 2025
View reviewed changes
ext/session/session.c Outdated
@@ -2667,7 +2672,8 @@ PHP_FUNCTION(session_start)
case IS_FALSE:
case IS_LONG:
if (zend_string_equals_literal(str_idx, "read_and_close")) {
read_and_close = zval_get_long(value);
zend_long tmp = zval_get_long_ex(value, true);
Copy link
Member Author

@devnexen devnexen Jan 7, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let me know if you think zval_try_get_long is more appropriate, so we forgo "true"/"false" for example.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think zval_get_long() here is fine, except for the string case, probably best to handle this manually with one of the numeric string APIs.

Girgias
Girgias requested changes Jan 7, 2025
View reviewed changes
ext/session/tests/session_start_read_and_close.phpt
@@ -26,7 +26,7 @@ foreach ($valuesDisablingReadAndClose as $value) {

try {
session_start(["read_and_close" => 1.0]);
} catch (Throwable $e) {
} catch (TypeError $e) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why this change?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because with the change I find it vague now we throw an explicit TypeError but ok with your other suggestions.

ext/session/session.c Outdated
@@ -2659,6 +2659,11 @@ PHP_FUNCTION(session_start)

/* set options */
if (options) {
if (UNEXPECTED(HT_IS_PACKED(Z_ARRVAL_P(options)))) {
zend_argument_type_error(1, "must be of type array with keys as string");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems more like a ValueError than a TypeError? As we are correctly passing an array.

Moreover, you are not checking this condition in the foreach loop (e.g. an array of the shape ["key" => "val1", "val2"] would not error. As such the HT_IS_PACKED(Z_ARRVAL_P(options)) pre-check seems a bit pointless? Just integrate it into the foreach loop (and change to FOREACH_STR_KEY_VAL as well).

ext/session/session.c Outdated
@@ -2667,7 +2672,8 @@ PHP_FUNCTION(session_start)
case IS_FALSE:
case IS_LONG:
if (zend_string_equals_literal(str_idx, "read_and_close")) {
read_and_close = zval_get_long(value);
zend_long tmp = zval_get_long_ex(value, true);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think zval_get_long() here is fine, except for the string case, probably best to handle this manually with one of the numeric string APIs.

Girgias
Girgias reviewed Jan 7, 2025
View reviewed changes
ext/session/session.c Outdated
Comment on lines 2665 to 2666
if (str_idx) {
switch(Z_TYPE_P(value)) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe swap the conditions around and do if (UNEXPECTED(str_index == NULL)) { /* throw error */ } and then you don't need to indent the happy path.

ext/session/tests/session_start_error.phpt Outdated
Comment on lines 22 to 24
} catch (ValueError $exception) {
echo $exception->getMessage() . "\n";
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
} catch (ValueError $exception) {
echo $exception->getMessage() . "\n";
}
} catch (ValueError $e) {
echo $e::class, ': ', $e->getMessage(), PHP_EOL;
}

@devnexen devnexen closed this in a091e52 Jan 7, 2025
@kocsismate
Copy link
Member

Oh very nice, thanks @devnexen! :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Girgias Girgias Girgias approved these changes

Assignees
No one assigned
Labels
Extension: session
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@devnexen @kocsismate @Girgias