iliaa Thu Sep 2 20:53:47 2004 EDT
Modified files: (Branch: PHP_4_3)
/php-src/ext/session session.c
Log:
MFH: Fixed bug #29925 (Added a check to prevent illegal characters in
session key).
http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.336.2.41&r2=1.336.2.42&ty=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.336.2.41
php-src/ext/session/session.c:1.336.2.42
--- php-src/ext/session/session.c:1.336.2.41 Wed Jul 21 12:25:27 2004
+++ php-src/ext/session/session.c Thu Sep 2 20:53:46 2004
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: session.c,v 1.336.2.41 2004/07/21 16:25:27 sesser Exp $ */
+/* $Id: session.c,v 1.336.2.42 2004/09/03 00:53:46 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -436,6 +436,11 @@
PS_ENCODE_LOOP(
smart_str_appendl(&buf, key, (unsigned char) key_length);
+ if (memchr(key, PS_DELIMITER, key_length)) {
+ PHP_VAR_SERIALIZE_DESTROY(var_hash);
+ smart_str_free(&buf);
+ return FAILURE;
+ }
smart_str_appendc(&buf, PS_DELIMITER);
php_var_serialize(&buf, struc, &var_hash TSRMLS_CC);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
