[#ZF-3020] Zend_Session error handler handles anything in E_ALL as an exception

Zend Framework

Zend_Session error handler handles anything in E_ALL as an exception

Created: 02/Apr/08 08:37 AM Updated: 02/Nov/08 03:26 PM Due: 15/May/08

Component/s:

Zend_Session

Affects Version/s:

1.5.1

Fix Version/s:

Next Minor Release

Time Tracking:

Original Estimate:

2 hours

Remaining Estimate:

2 hours

Time Spent:

Not Specified

Issue Links:

Related

This issue is related to:

~~ZF-1325~~ "Unwritable session.save_path" when using defaults in Zend_Session and php.ini

This issue is related to:

~~ZF-2900~~ Issue on Zend_Validate_Hostname

Fix Version Priority:

Should Have

Description

« Hide

This is related to to http://framework.zend.com/issues/browse/ZF-1325

Take a look at how Zend_Session::start() handles errors that might arise during the real session_start() call:

set_error_handler(array('Zend_Session_Exception', 'handleSessionStartError'), E_ALL);

That error handler will unconditionally set a flag which gets picked up a few lines later (again in Zend_Session::start()):

if (Zend_Session_Exception::$sessionStartError !== null) { set_error_handler(array('Zend_Session_Exception', 'handleSilentWriteClose'), E_ALL); session_write_close(); restore_error_handler(); throw new Zend_Session_Exception(__CLASS__ . '::' . __FUNCTION__ . '() - ' . Zend_Session_Exception::$sessionStartError); }

So, ANYTHING falling under E_ALL (even E_WARNING or, gasp!, E_NOTICE) will end up raising an exception, and the session will not start. Surely this is not the desired behavior.

In my particular situation, this is a problem because I get a couple of normal/expected include warnings thrown by Zend_Loader during my unserialize callback.

All

Comments

Work Log

Change History

FishEye

Crucible

Sort Order:

Ascending order - Click to sort in descending order

[ Permlink | « Hide ]

Taylor Barstow - 02/Apr/08 08:38 AM

The fix to ~~ZF-1325~~ is the source of this issue.

[ Permlink | « Hide ]

Ralph Schindler - 22/Apr/08 10:45 AM

This is actually the intended behavior.

In fact, Zend_Loader shouldnt be throwing warnings or errors, and there is a new verison in the incubator that supresses those issues.

I'm gonna wait on this.

–

Updating project management info.

[ Permlink | « Hide ]

Florian Hoenig - 10/Jun/08 01:53 PM

I found the same problem. Have a custom savehandler, which uses Zend_XmlRpc_Client. This somewhere down the chain uses Zend_Validate_Hostname and for a .com address it tried to do Zend_Loader::isReadible("Zend/Validate/Hostname/Com.php"), which does not exist. isReadible tried to @fopen and surpress the warning when it does NOT exist. Which is fine, except the above error handler seems to ignore the "@" in front of the fread.

This renders Zend_XmlRpc_Client unusable within a session savehandler callback !!

ZF 1.5.2 that is. and php 5.2.1 through php 5.2.6 is what I tried. I when through all possible php.ini settings, but could not figure out how to make Zend_Session::start() respect the @ in Zend_Loader.

Any glue?

[ Permlink | « Hide ]

Simon R Jones - 02/Nov/08 07:17 AM

I've been looking into ~~ZF-2900~~ which is related.

The underlying problem is that if a custom error handler is used then this will always receive errors, even when they are suppressed. The solution is to update the code in Zend_Session_Exception::handleSessionStartError as so:

static public function handleSessionStartError($errno, $errstr, $errfile, $errline, $errcontext)
    {
    	// Do not throw an exception if this is a suppressed error - see ZF-3020
    	if (error_reporting() === 0) {
    	    	return;
    	}
        self::$sessionStartError = $errfile . '(Line:' . $errline . '): Error #' . $errno . ' ' . $errstr . ' ' . $errcontext;
    }

I can make this change myself if given SVN commit rights to the Zend/Session folder

best wishes,
Simon