Stanislav Malyshev schrieb:
> That's nice. Could you now explain why you need these symbols in
> session IDs?
>
Even Zend Platform used ':' in session IDs not long ago. Maybe recent
versions of Zend Platform don't, but that is not the point.
The point is YOU DON'T KNOW how many people use one of t
That's nice. Could you now explain why you need these symbols in session
IDs?
Stefan Esser wrote:
sesser Sat Jun 16 07:47:46 2007 UTC
Modified files:
/php-src/ext/session session.c
Log:
Fix attribute injection security bug correctly by URL encoding session
sesser Sat Jun 16 07:48:23 2007 UTC
Modified files: (Branch: PHP_4_4)
/php-src/ext/sessionsession.c
Log:
MFH
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.336.2.53.2.19&r2=1.336.2.53.2.20&diff_format=u
Index: php-src/ext/session/ses
sesser Sat Jun 16 07:48:07 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/sessionsession.c
Log:
MFH
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.36&r2=1.417.2.8.2.37&diff_format=u
Index: php-src/ext/session/sessi
sesser Sat Jun 16 07:47:46 2007 UTC
Modified files:
/php-src/ext/sessionsession.c
Log:
Fix attribute injection security bug correctly by URL encoding session
name and session value. (in future maybe encode path/domain, too)
Remove backward compatib
On 6/15/07, Stanislav Malyshev <[EMAIL PROTECTED]> wrote:
> + pts = (char *) ecalloc(im->sy * im->sx, sizeof(char));
I don't see any overflow checks around, are you sure it's safe?
Checks are done in gdImageCreate*
--Pierre
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, vi
