Better logic for session handling

It is non-sense to replace previous session module with the exact same session module... So making the original bugfix more generic
sektioneins · Oct 28, 2016 · 130dca7 · 130dca7
1 parent b4bbc17
commit 130dca7
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/session.c b/session.c
@@ -260,13 +260,14 @@ static void suhosin_hook_session_module(TSRMLS_D)
 static PHP_INI_MH(suhosin_OnUpdateSaveHandler)
 {
 	int r;
+	ps_module *original_mod = SUHOSIN_G(s_original_mod);
 
-	if (stage == PHP_INI_STAGE_RUNTIME && SESSION_G(session_status) == php_session_none && SUHOSIN_G(s_original_mod)
-		&& strcmp(new_value, "user") == 0 && strcmp(((ps_module*)SUHOSIN_G(s_original_mod))->s_name, "user") == 0) {
+	/* During runtime stage, to prevent infinite loops, only update when new value is different than original */
+	if (stage == PHP_INI_STAGE_RUNTIME && original_mod && strcasecmp(original_mod->s_name, new_value) == 0) {
 		return SUCCESS;
 	}
 
-	SESSION_G(mod) = SUHOSIN_G(s_original_mod);
+	SESSION_G(mod) = original_mod;
 
 	r = old_OnUpdateSaveHandler(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC);