First off I'm copying webmaster. Can I have Trac access? Second please see the attached patch.
There is a small problem with the sfPostgreSQLStorage class. If you have a UTF8 database set up in PG 8.1.4+ or use UTF8 as your client side encoding the text and varchar data is validated and non UTF8 data will not insert or update a table. This normally isn't a problem but if you serialize an object with protected or private members it will kill the session. My solution to this is to make sess_data a bytea type and escape it properly. This is binary safe and does not suffer encoding problems. If this is acceptable where should I document this? Actually there is only a small blurb on DB based session storage in the docs. Should this be better explained overall? BTW this patch also fixes possible SQL injection exploit http://www.newsforge.com/article.pl?sid=06/05/23/2141246 Thanks -- Kevin Barnard "Great Beauty, great strength, and great Riches, are really and truly of no great Use; a right Heart exceeds all." -- Benjamin Franklin --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to symfony-devs@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en -~----------~----~----~----~------~----~------~--~---
bytea.patch
Description: Binary data
