Merge branch '2.8' into 3.4
* 2.8: [HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode
This commit is contained in:
commit
e9be01c9a1
@ -616,6 +616,7 @@ class PdoSessionHandler extends AbstractSessionHandler
|
|||||||
$selectSql = $this->getSelectSql();
|
$selectSql = $this->getSelectSql();
|
||||||
$selectStmt = $this->pdo->prepare($selectSql);
|
$selectStmt = $this->pdo->prepare($selectSql);
|
||||||
$selectStmt->bindParam(':id', $sessionId, \PDO::PARAM_STR);
|
$selectStmt->bindParam(':id', $sessionId, \PDO::PARAM_STR);
|
||||||
|
$insertStmt = null;
|
||||||
|
|
||||||
do {
|
do {
|
||||||
$selectStmt->execute();
|
$selectStmt->execute();
|
||||||
@ -631,9 +632,12 @@ class PdoSessionHandler extends AbstractSessionHandler
|
|||||||
return is_resource($sessionRows[0][0]) ? stream_get_contents($sessionRows[0][0]) : $sessionRows[0][0];
|
return is_resource($sessionRows[0][0]) ? stream_get_contents($sessionRows[0][0]) : $sessionRows[0][0];
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!ini_get('session.use_strict_mode') && self::LOCK_TRANSACTIONAL === $this->lockMode && 'sqlite' !== $this->driver) {
|
if (null !== $insertStmt) {
|
||||||
// In strict mode, session fixation is not possible: new sessions always start with a unique
|
$this->rollback();
|
||||||
// random id, so that concurrency is not possible and this code path can be skipped.
|
throw new \RuntimeException('Failed to read session: INSERT reported a duplicate id but next SELECT did not return any data.');
|
||||||
|
}
|
||||||
|
|
||||||
|
if (self::LOCK_TRANSACTIONAL === $this->lockMode && 'sqlite' !== $this->driver) {
|
||||||
// Exclusive-reading of non-existent rows does not block, so we need to do an insert to block
|
// Exclusive-reading of non-existent rows does not block, so we need to do an insert to block
|
||||||
// until other connections to the session are committed.
|
// until other connections to the session are committed.
|
||||||
try {
|
try {
|
||||||
|
Reference in New Issue
Block a user