From: wf at bitplan dot com Operating system: all PHP version: 5.1.4 PHP Bug Type: Session related Bug description: pipe char in index of SESSION variables should lead to error in session_encode
Description: ------------ The bugreport http://bugs.php.net/bug.php?id=33786 has just the status "bogus". That is a bug, because session_encode will fail badly and a whole web - app will suffer (I've seen one report that someone lost his job due to sessions not being restored properly ...) Reproduce code: --------------- <?php for ($i=33;$i<255;$i++) { @session_destroy(); @session_start(); $_SESSION["validname"]="valid value"; $_varname="v".chr($i)."ar"; $_SESSION[$_varname]=$i; $data=session_encode(); if (strlen($data)==0) echo "when varname is ".$_varname. " session has ".count($_SESSION). " entries that are encoded with ".strlen($data)." bytes ". //" as '".$data. "'<br />"; } // for ?> Expected result: ---------------- A (fatal) error message on using | within the array index name for $_SESSION Actual result: -------------- when varname is v|ar session has 2 entries that are encoded with 0 bytes ' -- Edit bug report at http://bugs.php.net/?id=38346&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=38346&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=38346&r=trysnapshot52 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=38346&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=38346&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=38346&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=38346&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=38346&r=needscript Try newer version: http://bugs.php.net/fix.php?id=38346&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=38346&r=support Expected behavior: http://bugs.php.net/fix.php?id=38346&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=38346&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=38346&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=38346&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=38346&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=38346&r=dst IIS Stability: http://bugs.php.net/fix.php?id=38346&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=38346&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=38346&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=38346&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=38346&r=mysqlcfg