ext/session: various refactoring (Feb 2026 #3)

UPGRADING

@@ -23,6 +23,10 @@ PHP 8.6 UPGRADE NOTES
   . Invalid values now throw in Phar::mungServer() instead of being silently
     ignored.
 
+- Session:
+  . A ValueError is not thrown if $name is a string containing null bytes in
+    session_module_name().
+
 - Standard:
   . Invalid mode values now throw in array_filter() instead of being silently
     defaulted to 0.

UPGRADING.INTERNALS

@@ -97,6 +97,14 @@ PHP 8.6 INTERNALS UPGRADE NOTES
   . Dropped session_options parameter from all methods in mysqlnd_auth.
     The same information is present in conn->options and should be used instead.
 
+- ext/session:
+  . php_session_flush() now returns a bool rather than a zend_result.
+  . Removed session_adapt_url().
+  . PS_OPEN_ARGS is now defined as
+    `void **mod_data, zend_string *save_path, zend_string *session_name`
+    rather than
+    `void **mod_data, const char *save_path, const char *session_name`
+
 - ext/standard:
   . _php_error_log() now has a formal return type of zend_result.
   . _php_error_log() now accepts zend_string* values instead of char*.

ext/session/mod_files.c

@@ -369,19 +369,22 @@ PS_OPEN_FUNC(files)
 	int argc = 0;
 	size_t dirdepth = 0;
 	int filemode = 0600;
+	const char *used_save_path;
 
-	if (*save_path == '\0') {
+	if (ZSTR_LEN(save_path) == 0) {
 		/* if save path is an empty string, determine the temporary dir */
-		save_path = php_get_temporary_directory();
+		used_save_path = php_get_temporary_directory();
 
-		if (php_check_open_basedir(save_path)) {
+		if (php_check_open_basedir(used_save_path)) {
 			return FAILURE;
 		}
+	} else {
+		used_save_path = ZSTR_VAL(save_path);
 	}
 
 	/* split up input parameter */
-	last = save_path;
-	p = strchr(save_path, ';');
+	last = used_save_path;
+	p = strchr(used_save_path, ';');
 	while (p) {
 		argv[argc++] = last;
 		last = ++p;
@@ -407,14 +410,14 @@ PS_OPEN_FUNC(files)
 			return FAILURE;
 		}
 	}
-	save_path = argv[argc - 1];
+	used_save_path = argv[argc - 1];
 
 	data = ecalloc(1, sizeof(*data));
 
 	data->fd = -1;
 	data->dirdepth = dirdepth;
 	data->filemode = filemode;
-	data->basedir = zend_string_init(save_path, strlen(save_path), /* persistent */ false);
+	data->basedir = zend_string_init(used_save_path, strlen(used_save_path), /* persistent */ false);
 
 	if (PS_GET_MOD_DATA()) {
 		ps_close_files(mod_data);

ext/session/mod_user.c

@@ -83,12 +83,11 @@ PS_OPEN_FUNC(user)
 {
 	zval args[2];
 	zval retval;
-	zend_result ret = FAILURE;
 
 	ZEND_ASSERT(!Z_ISUNDEF(PSF(open)));
 
-	ZVAL_STRING(&args[0], (char*)save_path);
-	ZVAL_STRING(&args[1], (char*)session_name);
+	ZVAL_STR(&args[0], zend_string_dup(save_path, false));
+	ZVAL_STR(&args[1], zend_string_dup(session_name, false));
 
 	zend_try {
 		ps_call_handler(&PSF(open), 2, args, &retval);
@@ -102,7 +101,7 @@ PS_OPEN_FUNC(user)
 
 	PS(mod_user_implemented) = true;
 
-	ret = verify_bool_return_type_userland_calls(&retval);
+	zend_result ret = verify_bool_return_type_userland_calls(&retval);
 	zval_ptr_dtor(&retval);
 	return ret;
 }

ext/session/mod_user_class.c

@@ -36,11 +36,10 @@
 
 PHP_METHOD(SessionHandler, open)
 {
-	char *save_path = NULL, *session_name = NULL;
-	size_t save_path_len, session_name_len;
+	zend_string *save_path, *session_name;
 	zend_result ret;
 
-	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss", &save_path, &save_path_len, &session_name, &session_name_len) == FAILURE) {
+	if (zend_parse_parameters(ZEND_NUM_ARGS(), "SS", &save_path, &session_name) == FAILURE) {
 		RETURN_THROWS();
 	}
 

ext/session/php_session.h

@@ -26,7 +26,7 @@
 #define PHP_SESSION_VERSION PHP_VERSION
 
 /* save handler macros */
-#define PS_OPEN_ARGS     void **mod_data, const char *save_path, const char *session_name
+#define PS_OPEN_ARGS     void **mod_data, zend_string *save_path, zend_string *session_name
 #define PS_CLOSE_ARGS    void **mod_data
 #define PS_READ_ARGS     void **mod_data, zend_string *key, zend_string **val, zend_long maxlifetime
 #define PS_WRITE_ARGS    void **mod_data, zend_string *key, zend_string *val, zend_long maxlifetime
@@ -174,7 +174,6 @@ typedef struct _php_ps_globals {
 		zval ps_validate_sid;
 		zval ps_update_timestamp;
 	} mod_user_names;
-	zend_string *mod_user_class_name;
 	bool mod_user_implemented;
 	bool mod_user_is_open;
 	bool auto_start;
@@ -249,8 +248,6 @@ PHPAPI zend_string *php_session_create_id(PS_CREATE_SID_ARGS);
 PHPAPI zend_result php_session_validate_sid(PS_VALIDATE_SID_ARGS);
 PHPAPI zend_result php_session_update_timestamp(PS_UPDATE_TIMESTAMP_ARGS);
 
-PHPAPI void session_adapt_url(const char *url, size_t url_len, char **new_url, size_t *new_len);
-
 PHPAPI zend_result php_session_destroy(void);
 PHPAPI void php_add_session_var(zend_string *name);
 PHPAPI zval *php_set_session_var(zend_string *name, zval *state_val, php_unserialize_data_t *var_hash);
@@ -264,7 +261,7 @@ PHPAPI zend_result php_session_register_serializer(const char *name,
 	        zend_result (*decode)(PS_SERIALIZER_DECODE_ARGS));
 
 PHPAPI zend_result php_session_start(void);
-PHPAPI zend_result php_session_flush(bool write);
+PHPAPI bool php_session_flush(bool write);
 PHPAPI php_session_status php_get_session_status(void);
 
 PHPAPI const ps_module *_php_find_ps_module(const char *name);