Hi Julien, On Fri, Jan 15, 2016 at 9:10 AM, Yasuo Ohgaki <[email protected]> wrote: > > On Fri, Jan 15, 2016 at 4:32 AM, Stanislav Malyshev <[email protected]> > wrote: >> >>> However, previous my fix (Raise warning and return false) was wrong fix. >>> Therefore, I would like to correct (Provide new session ID and continue) >>> it in 5.5 also. Does this make sense? >> >> Yes, but nit sure if it's for 5.5. It's for Julian to decide, >> ultimately, but it doesn't look like 5.5 has a security issue right now >> with it? Or am I wrong? > > No. It does not have security bug, but has wrong fix for the security bug.
I'll commit the fix from PHP 5.6. If you think this should be included for PHP 5.5, please cherry pick. I prefer to have this in PHP 5.5, but it's not mandatory. Regards, -- Yasuo Ohgaki [email protected] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
