#25307 [Opn->Ver]: Crash when session.serialize_handler=wddx & session, post, get vars

Fri, 29 Aug 2003 10:41:11 +0000 

 ID:               25307
 Updated by:       [EMAIL PROTECTED]
 Reported By:      cristea at pntcd dot ro
-Status:           Open
+Status:           Verified
 Bug Type:         Session related
 Operating System: any
 PHP Version:      4CVS-2003-08-29 (stable)
 New Comment:

Happens only when wddx is the serializer and 
register_globals is 'On'.

Backtrace as follows:

0x40567dfa in var_replace (var_hashx=0x0, ozval=0x8244114,
nzval=0x8236ef0) at var_unserializer.re:40
40      var_unserializer.re: No such file or directory.
(gdb) bt
#0  0x40567dfa in var_replace (var_hashx=0x0, ozval=0x8244114,
nzval=0x8236ef0) at var_unserializer.re:40
#1  0x404e727b in php_set_session_var (name=0x824429c "a", namelen=1,
state_val=0x8244114, var_hash=0x0)
    at /usr/src/web/php/php4_3/ext/session/session.c:307
#2  0x405720e2 in ps_srlzr_decode_wddx (
    val=0x824724c "<wddxPacket
version='1.0'><header/><data><struct><var
name='a'><string>test</string></var></struct></data></wddxPacket>",
vallen=119) at /usr/src/web/php/php4_3/ext/wddx/wddx.c:292
#3  0x404e7e5c in php_session_decode (
    val=0x824724c "<wddxPacket
version='1.0'><header/><data><struct><var
name='a'><string>test</string></var></struct></data></wddxPacket>",
vallen=119) at /usr/src/web/php/php4_3/ext/session/session.c:523
#4  0x404e8254 in php_session_initialize () at
/usr/src/web/php/php4_3/ext/session/session.c:608
#5  0x404e9764 in php_session_start () at
/usr/src/web/php/php4_3/ext/session/session.c:1036
#6  0x404eb41b in zif_session_start (ht=0, return_value=0x8246ff4,
this_ptr=0x0, return_value_used=0)
    at /usr/src/web/php/php4_3/ext/session/session.c:1475



Previous Comments:
------------------------------------------------------------------------

[2003-08-29 04:35:26] cristea at pntcd dot ro

Description:
------------
Apache will crash session.serialize_handler is set to wddx and when a
$_SESSION var have the same name as a $_POST (or $_GET) var.

Try this code:
File w1.php
-----------
<?php
ini_set('session.serialize_handler', 'wddx');
session_start();
$_SESSION['a'] = 'test';
echo <<< EOS
<form action="w2.php" method="post">
<input type="text" name="a" value="">
<input type="submit">
</form>
EOS;
?>

File w2.php
-----------
<?php
ini_set('session.serialize_handler', 'wddx');
session_start();
print_r($_SESSION);
echo "<hr>";
print_r($_POST);
?>



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=25307&edit=1

Reply via email to