changelog               Sun Jun 17 01:31:18 2007 UTC

  Modified files:              
    /php-src    ChangeLog 
  Log:
  ChangeLog update
  
http://cvs.php.net/viewvc.cgi/php-src/ChangeLog?r1=1.2721&r2=1.2722&diff_format=u
Index: php-src/ChangeLog
diff -u php-src/ChangeLog:1.2721 php-src/ChangeLog:1.2722
--- php-src/ChangeLog:1.2721    Sat Jun 16 01:31:18 2007
+++ php-src/ChangeLog   Sun Jun 17 01:31:17 2007
@@ -1,3 +1,11 @@
+2007-06-16  Stefan Esser  <[EMAIL PROTECTED]>
+
+    * ext/session/session.c:
+      Fix attribute injection security bug correctly by URL encoding session
+      name and session value. (in future maybe encode path/domain, too)
+      
+      Remove backward compatibility breaking blacklist of characters.
+
 2007-06-15  Stanislav Malyshev  <[EMAIL PROTECTED]>
 
     * ext/session/session.c

Reply via email to