#38346 [NEW]: pipe char in index of SESSION variables should lead to error in session_encode

Sat, 05 Aug 2006 08:21:20 -0700 

From:             wf at bitplan dot com
Operating system: all
PHP version:      5.1.4
PHP Bug Type:     Session related
Bug description:  pipe char in index of SESSION variables should lead to error 
in session_encode

Description:
------------
The bugreport
http://bugs.php.net/bug.php?id=33786
has just the status "bogus". That is a bug, because
session_encode will fail badly and a whole web - app will suffer (I've
seen one report that someone lost his job due to sessions not being
restored properly ...)


Reproduce code:
---------------
<?php
for ($i=33;$i<255;$i++) {
        @session_destroy();
        @session_start();
        $_SESSION["validname"]="valid value";
        $_varname="v".chr($i)."ar";
        $_SESSION[$_varname]=$i;
        $data=session_encode();
        if (strlen($data)==0) 
        echo "when varname is ".$_varname.
                         " session has ".count($_SESSION).
                         " entries that are encoded with ".strlen($data)." 
bytes ".
                         //" as '".$data.
                         "'<br />";
}       // for           
?>

Expected result:
----------------
A (fatal) error message on using | within the array index name for
$_SESSION

Actual result:
--------------
when varname is v|ar session has 2 entries that are encoded with 0 bytes '

-- 
Edit bug report at http://bugs.php.net/?id=38346&edit=1
-- 
Try a CVS snapshot (PHP 4.4): 
http://bugs.php.net/fix.php?id=38346&r=trysnapshot44
Try a CVS snapshot (PHP 5.2): 
http://bugs.php.net/fix.php?id=38346&r=trysnapshot52
Try a CVS snapshot (PHP 6.0): 
http://bugs.php.net/fix.php?id=38346&r=trysnapshot60
Fixed in CVS:                 http://bugs.php.net/fix.php?id=38346&r=fixedcvs
Fixed in release:             
http://bugs.php.net/fix.php?id=38346&r=alreadyfixed
Need backtrace:               http://bugs.php.net/fix.php?id=38346&r=needtrace
Need Reproduce Script:        http://bugs.php.net/fix.php?id=38346&r=needscript
Try newer version:            http://bugs.php.net/fix.php?id=38346&r=oldversion
Not developer issue:          http://bugs.php.net/fix.php?id=38346&r=support
Expected behavior:            http://bugs.php.net/fix.php?id=38346&r=notwrong
Not enough info:              
http://bugs.php.net/fix.php?id=38346&r=notenoughinfo
Submitted twice:              
http://bugs.php.net/fix.php?id=38346&r=submittedtwice
register_globals:             http://bugs.php.net/fix.php?id=38346&r=globals
PHP 3 support discontinued:   http://bugs.php.net/fix.php?id=38346&r=php3
Daylight Savings:             http://bugs.php.net/fix.php?id=38346&r=dst
IIS Stability:                http://bugs.php.net/fix.php?id=38346&r=isapi
Install GNU Sed:              http://bugs.php.net/fix.php?id=38346&r=gnused
Floating point limitations:   http://bugs.php.net/fix.php?id=38346&r=float
No Zend Extensions:           http://bugs.php.net/fix.php?id=38346&r=nozend
MySQL Configuration Error:    http://bugs.php.net/fix.php?id=38346&r=mysqlcfg

Reply via email to