From: wiart at yahoo dot com
Operating system: Unix
PHP version: Irrelevant
PHP Bug Type: Session related
Bug description: Session variables containing pipes "|" in the identifier screw up
the Session
Description:
------------
Tested on PHP 4.3.6 (statically linked) with Apache 1.3.X under IBM AIX.
Sorry to not being able to test on a more recent version.
If a variable containing pipes is saved in a session, it creates an ugly
session variable that can leads to a Session completely screwed up. I
think this is a pretty SERIOUS bug that can leads to unpredictible
behaviour (Here follows a simple test but I found this with a more
complicated script depending on a lot of session variables. The result was
a crash of the Apache server (segmentation fault). I imagine that the
symptoms of this problem can be multiple depending on the number of pipes
in the variable name, the order of the variables in the session, etc...)
The problem is that the | is also used in the /tmp/sess_XXXX files as a
delimiter
The following code can be saved in a file and tested with a browser to see
the problem.
Reproduce code:
---------------
<?php
session_start();
if (!isset($_GET['test'])){
print "Phase I: setting a Session variable with a name containing pipes.
This generates a buggy session variable ...<br/>";
$_SESSION['This|variable|contains|ugly|characters'] = 'test';
print "<a href='$PHP_SELF?test=test'>Click here to see the result</a>";
}else{
print "Here is the content of the Session:<pre>";
var_dump($_SESSION);
print "</pre>";
}
?>
Expected result:
----------------
array(1) {
["This|variable|contains|ugly|characters"]=>
&string(4) "test"
}
Actual result:
--------------
array(5) {
["This"]=>
&NULL
["variable"]=>
&NULL
["contains"]=>
&NULL
["ugly"]=>
&NULL
["characters"]=>
&string(4) "test"
}
--
Edit bug report at http://bugs.php.net/?id=29925&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=29925&r=trysnapshot4
Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=29925&r=trysnapshot50
Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=29925&r=trysnapshot51
Fixed in CVS: http://bugs.php.net/fix.php?id=29925&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=29925&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=29925&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=29925&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=29925&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=29925&r=support
Expected behavior: http://bugs.php.net/fix.php?id=29925&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=29925&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=29925&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=29925&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=29925&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=29925&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=29925&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=29925&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=29925&r=float
