ID: 10447 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Suspended +Status: Won\'t fix Bug Type: CCVS related Operating System: Linux Mandrake 7.0 PHP Version: 4.0 Latest CVS ( Assigned To: bmcadams New Comment:
As of today, CCVS extension no longer exists (in CVS) and won't be in future releases of PHP. Previous Comments: ------------------------------------------------------------------------ [2002-02-26 12:06:37] [EMAIL PROTECTED] This is not a bug. Please double-check the documentation available at http://www.php.net/manual/ and the instructions on how to report a bug at http://bugs.php.net/how-to-report.php Unfortunately, this is not something that is easily fixable in our PHP module. RedHat has laid off the core developers of CCVS and assigned the project to another team. Nobody in that team has been willing to be helpful (the old programming team was an enormous help) and RedHat has basically brushed me off in trying to open a new developer liasion channel. I was more or less told this is a "too bad" issue. I will look at other ways to fix it on our end but no guarantees. ------------------------------------------------------------------------ [2001-07-23 11:37:35] [EMAIL PROTECTED] This issue is still outstanding. FTR, the people at RedHat who wrote this code (Originally HKS Systems) were all laid off, and the project was assigned to the newly acquired 'Stronghold' division; none of whom have a clue about the CCVS Code. They are more or less telling me it's our responsibility to preven the user from passing a bad session. Anyone got any bright ideas on easy ways to track if a session being passed in was one created during this session of PHP? ... ------------------------------------------------------------------------ [2001-04-22 20:38:14] [EMAIL PROTECTED] The fix that sterling put in place will at the least check if the session being passed is a string value: this still doesn't protect from someone arbitrarily passing any old string (for example "crash_ccvs"). While obviously it is up to the programmer to be smart and not pass a bad session to CCVS, CCVS Should not be segfaulting if they pass a bad value. I am looking into a way to trap this value from being bad. ------------------------------------------------------------------------ [2001-04-22 20:29:54] [EMAIL PROTECTED] No, he didn't. :) The problem itself is that session IDs are completely exposed (i.e. not resource- or list-based) and there is no error-checking in the module. The check that was added didn't help; the same code still segfaults and all of the other affected functions are still affected. ------------------------------------------------------------------------ [2001-04-22 20:21:19] [EMAIL PROTECTED] Sterling fixed this in CVS. - James ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/10447 -- Edit this bug report at http://bugs.php.net/?id=10447&edit=1