#43819 [Opn->Bgs]: -

jani Wed, 06 Feb 2008 16:44:48 -0800

 ID:               43819
 Updated by:       [EMAIL PROTECTED]
 Reported By:      fxbois at gmail dot com
-Status:           Open
+Status:           Bogus
 Bug Type:         Session related
 Operating System: RHEL3
 PHP Version:      5.2.5
 New Comment:


Duplicate of bug #43677

And this report is missing a proper summary too, I wonder why..?



Previous Comments:
------------------------------------------------------------------------

[2008-02-05 23:54:47] fxbois at gmail dot com

It is so strange that such a big security issue is not dealt serioulsy
by a core php developer.
Manuel thanx for your patch.

------------------------------------------------------------------------

[2008-02-05 13:17:24] manuel at mausz dot at

Same as Bug 43677 :)

------------------------------------------------------------------------

[2008-02-05 08:44:20] fxbois at gmail dot com

I must confess that I changed all my servers because, as I said it was
a serious security problem for me, and I had no feedback.

The configuration I used to have was :
1/ session.save_path in the php.ini
2/ php_admin_value session.save_path in the virtualhost
3/ use off the function session_save_path() in a script. The script is
loaded for every action but set a different path according to the URI.

------------------------------------------------------------------------

[2008-02-05 00:26:06] [EMAIL PROTECTED]

Are you by any chance using php_admin_value / php_value anywhere in
your  httpd.conf / .htaccess files? And if so, are you using those to
set different session.save_path?

------------------------------------------------------------------------

[2008-01-12 17:49:05] fxbois at gmail dot com

I have in my php.ini file the value :
session.save_path = "/tmp"

When I try to change this value in a php script with
session_save_path() 
the new value is not kept and the session.save_path still contains
"/tmp".

session_save_path("2;0777;web/tmp");
error_log(session_save_path()); 
// /tmp appears instead of 2;0777;web/tmp

What is strange is that this bad behaviour only appears a few minutes
after an apache restart.  

I tried many night build (5.2.6) with no success. I am sure that this
behaviour appeared with 5.2.5.

I can try patches if you want.

Hope this new comment will help. This bug is very very annoying on a
shared server.

tia

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://bugs.php.net/43819

-- 
Edit this bug report at http://bugs.php.net/?id=43819&edit=1

#43819 [Opn->Bgs]: -

Reply via email to