ID: 15484
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Bogus
Bug Type: Session related
Operating System: win2k
PHP Version: 4.1.1
New Comment:
"what i did":
code's here:
session_set_save_handler ('sess_open', 'sess_close', 'sess_read',
'sess_write', 'sess_destroy', 'sess_gc');
function sess_open() { return true;}
function sess_close() { return true;}
function sess_read() { return ""; }
function sess_write() {}
function ses_destroy() {}
function sess_gc() {}
session_start();
echo "program got here";
;--------------
ok, the above program won't crash the apache
but if i change:
--> function sess_read() { return ""; }
into:
--> function sess_read() { return null; }
"what i expected to happen" is: php `should` warnning me my returning
isnot STRING, or keep running quietly
"what happened" is: no response from apache
and here why i report this bug:
a server running 100 website, one of the custom(the one can
upload/update php file for his site) is able to attact the server by
using the above script, making `fool` of the server
is the above info enough? :)
Previous Comments:
------------------------------------------------------------------------
[2002-02-10 06:18:12] [EMAIL PROTECTED]
Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.php.net/how-to-report.php
If you can provide more information, feel free to add it
to this bug and change the status back to "Open".
------------------------------------------------------------------------
[2002-02-10 06:04:07] [EMAIL PROTECTED]
used session_set_save_handler(...."sess_read"....);
and when session_start();
and also sess_read() returns _NONE_ string
e.g. function sess_read() { }
or function sess_read() { return false; }
browser get no response from apache (should be crash)
it should be strong enough :-)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=15484&edit=1
