changelog Sun Jun 17 01:31:18 2007 UTC
Modified files: /php-src ChangeLog Log: ChangeLog update http://cvs.php.net/viewvc.cgi/php-src/ChangeLog?r1=1.2721&r2=1.2722&diff_format=u Index: php-src/ChangeLog diff -u php-src/ChangeLog:1.2721 php-src/ChangeLog:1.2722 --- php-src/ChangeLog:1.2721 Sat Jun 16 01:31:18 2007 +++ php-src/ChangeLog Sun Jun 17 01:31:17 2007 @@ -1,3 +1,11 @@ +2007-06-16 Stefan Esser <[EMAIL PROTECTED]> + + * ext/session/session.c: + Fix attribute injection security bug correctly by URL encoding session + name and session value. (in future maybe encode path/domain, too) + + Remove backward compatibility breaking blacklist of characters. + 2007-06-15 Stanislav Malyshev <[EMAIL PROTECTED]> * ext/session/session.c