ID: 28644 Comment by: waltzer at autumnweave dot com Reported By: dharana at dharana dot net Status: Open Bug Type: Session related Operating System: * PHP Version: 5CVS-2005-03-06 New Comment:
In addition to sessions being lost, dependant on settings, information could be given out regarding the location of sensitive (session) files. Here is ext/session/mod_files.sh with a minimum of change to accept a third parameter (numeric) for hash bits per character (4, 5 or 6). If a value is not provided, it will function as the original script did. --- begin script #! /bin/sh if test "$2" = ""; then echo "usage: $0 basedir depth" exit 1 fi if test "$2" = "0"; then exit 0 fi hash_chars="0 1 2 3 4 5 6 7 8 9 a b c d e f" if test "$3" -a "$3" -ge "5"; then hash_chars="$hash_chars g h i j k l m n o p q r s \ t u v" if test "$3" -eq "6"; then hash_chars="$hash_chars w x y z A B C D E \ F G H I J K L M N \ O P Q R S T U V W \ X Y Z - ," fi fi for i in $hash_chars; do newpath="$1/$i" mkdir $newpath || exit 1 sh $0 $newpath `expr $2 - 1` $3 done --- End script Previous Comments: ------------------------------------------------------------------------ [2004-06-05 19:02:21] dharana at dharana dot net Description: ------------ ext/session/mod_files.sh is a simple script used to generate a dir tree for storing sessions in files. If you use session.hash_bits_per_character = 5 or session.hash_bits_per_character = 6 php will fail to write some sessions. Expected result: ---------------- The script should either: a) ask the user for the session.hash_bits_per_character as a third optional argument b) read it from the php.ini Actual result: -------------- The directories created will cause some sessions to be lost. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=28644&edit=1