iliaa Wed Sep 1 22:44:04 2004 EDT Modified files: /php-src/ext/session session.c Log: Fixed bug #29925 (Added a check to prevent illegal characters in session key). http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.393&r2=1.394&ty=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.393 php-src/ext/session/session.c:1.394 --- php-src/ext/session/session.c:1.393 Mon Aug 2 04:27:46 2004 +++ php-src/ext/session/session.c Wed Sep 1 22:44:04 2004 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: session.c,v 1.393 2004/08/02 08:27:46 sas Exp $ */ +/* $Id: session.c,v 1.394 2004/09/02 02:44:04 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -451,6 +451,11 @@ PS_ENCODE_LOOP( smart_str_appendl(&buf, key, (unsigned char) key_length); + if (memchr(key, PS_DELIMITER, key_length)) { + PHP_VAR_SERIALIZE_DESTROY(var_hash); + smart_str_free(&buf); + return FAILURE; + } smart_str_appendc(&buf, PS_DELIMITER); php_var_serialize(&buf, struc, &var_hash TSRMLS_CC);
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php