It just occurred to me that the test case written a bit differently could be program logic guarding authenticated session.
As a result, I'm marking this bug as "security" but keeping it still public because I'm not aware of real world PHP program suffering from a security issue because of this issue. ** This bug has been flagged as a security vulnerability ** Attachment added: "Possible security problem caused by the bug" https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1042711/+attachment/3280518/+files/throw-test.php -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1042711 Title: php: throw and catch within a destructor causes exception on-the-fly to be lost To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1042711/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs