#29925 [Opn->Csd]: Session variables containing pipes "|" in the identifier screw up the Session

Thu, 02 Sep 2004 22:13:03 -0700 

 ID:               29925
 Updated by:       [EMAIL PROTECTED]
 Reported By:      wiart at yahoo dot com
-Status:           Open
+Status:           Closed
 Bug Type:         Session related
 Operating System: Unix
 PHP Version:      Irrelevant
 New Comment:

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.




Previous Comments:
------------------------------------------------------------------------

[2004-08-31 23:15:53] wiart at yahoo dot com

Description:
------------
Tested on PHP 4.3.6 (statically linked) with Apache 1.3.X under IBM
AIX. Sorry to not being able to test on a more recent version.


If a variable containing pipes is saved in a session, it creates an
ugly session variable that can leads to a Session completely screwed
up. I think this is a pretty SERIOUS bug that can leads to
unpredictible behaviour (Here follows a simple test but I found this
with a more complicated script depending on a lot of session variables.
The result was a crash of the Apache server (segmentation fault). I
imagine that the symptoms of this problem can be multiple depending on
the number of pipes in the variable name, the order of the variables in
the session, etc...)



The problem is that the | is also used in the /tmp/sess_XXXX files as a
delimiter

The following code can be saved in a file and tested with a browser to
see the problem.




Reproduce code:
---------------
<?php

session_start();
if (!isset($_GET['test'])){
  print "Phase I: setting a Session variable with a name containing
pipes. This generates a buggy session variable ...<br/>";
  $_SESSION['This|variable|contains|ugly|characters'] = 'test';
  print "<a href='$PHP_SELF?test=test'>Click here to see the
result</a>";
}else{

  print "Here is the content of the Session:<pre>";
  var_dump($_SESSION);
  print "</pre>";
}

?>

Expected result:
----------------
array(1) {
  ["This|variable|contains|ugly|characters"]=>
  &string(4) "test"
}


Actual result:
--------------
array(5) {
  ["This"]=>
  &NULL
  ["variable"]=>
  &NULL
  ["contains"]=>
  &NULL
  ["ugly"]=>
  &NULL
  ["characters"]=>
  &string(4) "test"
}



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=29925&edit=1

Reply via email to