ID: 28644
Comment by: waltzer at autumnweave dot com
Reported By: dharana at dharana dot net
Status: Open
Bug Type: Session related
Operating System: *
PHP Version: 5CVS-2005-03-06
New Comment:
In addition to sessions being lost, dependant on settings, information
could be given out regarding the location of sensitive (session)
files.
Here is ext/session/mod_files.sh with a minimum of change to accept a
third parameter (numeric) for hash bits per character (4, 5 or 6). If a
value is not provided, it will function as the original script did.
--- begin script
#! /bin/sh
if test "$2" = ""; then
echo "usage: $0 basedir depth"
exit 1
fi
if test "$2" = "0"; then
exit 0
fi
hash_chars="0 1 2 3 4 5 6 7 8 9 a b c d e f"
if test "$3" -a "$3" -ge "5"; then
hash_chars="$hash_chars g h i j k l m n o p q r s \
t u v"
if test "$3" -eq "6"; then
hash_chars="$hash_chars w x y z A B C D E \
F G H I J K L M N \
O P Q R S T U V W \
X Y Z - ,"
fi
fi
for i in $hash_chars; do
newpath="$1/$i"
mkdir $newpath || exit 1
sh $0 $newpath `expr $2 - 1` $3
done
--- End script
Previous Comments:
------------------------------------------------------------------------
[2004-06-05 19:02:21] dharana at dharana dot net
Description:
------------
ext/session/mod_files.sh is a simple script used to generate a dir tree
for storing sessions in files. If you use
session.hash_bits_per_character = 5 or session.hash_bits_per_character
= 6 php will fail to write some sessions.
Expected result:
----------------
The script should either:
a) ask the user for the session.hash_bits_per_character as a third
optional argument
b) read it from the php.ini
Actual result:
--------------
The directories created will cause some sessions to be lost.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=28644&edit=1
