session session.c

Ilia Alshanetsky Wed, 01 Sep 2004 19:54:00 -0700

iliaa           Wed Sep  1 22:44:04 2004 EDT

  Modified files:              
    /php-src/ext/session        session.c 
  Log:
  Fixed bug #29925 (Added a check to prevent illegal characters in session 
  key).
  
  
http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.393&r2=1.394&ty=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.393 php-src/ext/session/session.c:1.394
--- php-src/ext/session/session.c:1.393 Mon Aug  2 04:27:46 2004
+++ php-src/ext/session/session.c       Wed Sep  1 22:44:04 2004
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: session.c,v 1.393 2004/08/02 08:27:46 sas Exp $ */
+/* $Id: session.c,v 1.394 2004/09/02 02:44:04 iliaa Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -451,6 +451,11 @@
 
        PS_ENCODE_LOOP(
                        smart_str_appendl(&buf, key, (unsigned char) key_length);
+                       if (memchr(key, PS_DELIMITER, key_length)) {
+                               PHP_VAR_SERIALIZE_DESTROY(var_hash);
+                               smart_str_free(&buf);                           
+                               return FAILURE;
+                       }
                        smart_str_appendc(&buf, PS_DELIMITER);
                        
                        php_var_serialize(&buf, struc, &var_hash TSRMLS_CC);


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src /ext/session session.c

Reply via email to