ID: 20142 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Feedback +Status: No Feedback Bug Type: Session related Operating System: Win 2K PHP Version: 4.2.3 New Comment:
No feedback was provided. The bug is being suspended because we assume that you are no longer experiencing the problem. If this is not the case and you are able to provide the information that was requested earlier, please do so and change the status of the bug back to "Open". Thank you. Previous Comments: ------------------------------------------------------------------------ [2002-10-28 17:46:17] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php4-latest.tar.gz For Windows: http://snaps.php.net/win32/php4-win32-latest.zip ------------------------------------------------------------------------ [2002-10-28 16:00:30] [EMAIL PROTECTED] I am using sessions with variables that have passed through EscapeShellCmd(). The EscapeShellCmd function does its job well and appends a \ before each special character. I am also using user defined session handlers with session_set_save_handler(). Listed below is my script that executes the session_set_save_handler function along with all the functions for the session handlers. The problem occurs when PHP inserts or updates a value to the session database that has gone through the EscapeShellCmd function and escaped any special characters. The session separator value counts the backslashes even though they are not posted. For instance: /***********************************************/ // If I set a variable $test = “b’lah”; // And then run the EscapeShellCmd function $test = EscapeShellCmd($test); // and then register it as a session variable session_register(“test”); // then print the variable to see what it looks like print $test; # This outputs: b\’lah /***********************************************/ It adds the session, but counts the backslash as part of the session separator so that the session variable looks something like this: test|s:6:"b'lah"; when it should read: test|s:5:"b'lah"; Because it says 6, the count of characters is off and all of the session variables become damaged. If this is not a bug, and there is an easy solution to this please let me know, and I apologize for posting here. I have asked around and am unable to find an answer. Thank you for your time and effort. -Glenn DeVore P.S. Below is my session handlers script. /***********************************************/ // This is the session handler script page /***********************************************/ include("error.inc"); include("db.inc"); // The database connection // $connection; // The global variable that holds the table name // $session_table; // Returns current time as a number. // Used for recording the last session access. // if (!function_exists('getMicroTime')) { function getMicroTime() { // microtime() returns the number of seconds // since 0:00:00 January 1, 1970 GMT as a // microsecond part and a second part. // eg: 0.08344800 1000952237 // Convert the two parts into an array $mtime = explode(" ", microtime()); // Return the addition of the two parts // eg: 1000952237.08344800 return($mtime[1] + $mtime[0]); } } // The session open handler called by PHP whenever // a session is initialized. Always returns true. // if (!function_exists('sessionOpen')) { function sessionOpen($database_name, $table_name) { // Save the database name in a global variable global $connection; global $hostName; global $username; global $password; global $session_table; if (!($connection = @ mysql_pconnect($hostName, $username, $password))) showerror(); if (!mysql_select_db($database_name, $connection)) showerror(); // Save the table name in a global variable $session_table = $table_name; return true; } } // This function is called whenever a session_start() // call is made and reads the session variables // Returns "" when a session is not found // (serialized)string - session exists // if (!function_exists('sessionRead')) { function sessionRead($sess_id) { // Access the DBMS connection global $connection; // Access the global variable that holds the name // of the table that holds the session variables global $session_table; // Formulate a query to find the session // identified by $sess_id $search_query = "SELECT * FROM $session_table WHERE session_id = '$sess_id'"; // Execute the query if (!($result = @ mysql_query($search_query, $connection))) showerror(); if(mysql_num_rows($result) == 0) // No session found - return an empty string return ""; else { // Found a session - return the serialized string $row = mysql_fetch_array($result); return $row["session_variable"]; } } } // This function is called when a session is initialized // with a session_start() call, when variables are // registered or unregistered, and when session variables // are modified. Returns true on success. // if (!function_exists('sessionWrite')) { function sessionWrite($sess_id, $val) { global $connection; global $session_table; $time_stamp = getMicroTime(); $search_query = "SELECT session_id FROM $session_table WHERE session_id = '$sess_id'"; // Execute the query if (!($result = @ mysql_query($search_query, $connection))) showerror(); if(mysql_num_rows($result) == 0) { // No session found, insert a new one $insert_query = "INSERT INTO $session_table (session_id, session_variable, last_accessed) VALUES ('$sess_id', '$val', $time_stamp)"; if (!mysql_query($insert_query, $connection)) showerror(); } else { // Existing session found - Update the // session variables $update_query = "UPDATE $session_table SET session_variable = '$val', last_accessed = $time_stamp WHERE session_id = '$sess_id'"; if (!mysql_query($update_query, $connection)) showerror(); } return true; } } // This function is executed on shutdown of the session. // Always returns true. // if (!function_exists('sessionClose')) { function sessionClose() { return true; } } // This is called whenever the session_destroy() // function call is made. Returns true if the session // has successfully been deleted. // if (!function_exists('sessionDestroy')) { function sessionDestroy($sess_id) { global $connection; global $session_table; $delete_query = "DELETE FROM $session_table WHERE session_id = '$sess_id'"; if (!($result = @ mysql_query($delete_query, $connection))) showerror(); return true; } } // This function is called on a session's start up with // the probability specified in session.gc_probability. // Performs garbage collection by removing all sessions // that haven't been updated in the last $max_lifetime // seconds as set in session.gc_maxlifetime. // Returns true if the DELETE query succeeded. // if (!function_exists('sessionGC')) { function sessionGC($max_lifetime) { global $connection; global $session_table; $time_stamp = getMicroTime(); $delete_query = "DELETE FROM $session_table WHERE last_accessed < ($time_stamp - $max_lifetime)"; if (!($result = @ mysql_query($delete_query, $connection))) showerror(); return true; } } // This functiion registers a given URL to have the // session id sent with the URL, instead of using // cookies // if (!function_exists('registerURL')) { function registerURL($URL) { $sessionId = session_id(); $registered_URL = $URL . "?PHPSESSION=" . $sessionId; return $registered_URL; } } // Call to register user call back functions. session_set_save_handler("sessionOpen", "sessionClose", "sessionRead", "sessionWrite", "sessionDestroy", "sessionGC"); /***********************************************/ /***********************************************/ ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=20142&edit=1
