[PHP-CVS] cvs: php-src(PHP_4_4) /ext/session session.c

Fri, 15 Jun 2007 15:45:54 -0700 

stas            Fri Jun 15 22:45:25 2007 UTC

  Modified files:              (Branch: PHP_4_4)
    /php-src/ext/session        session.c 
  Log:
  MF5: Disallow characters that Cookie RFC does not allow in unquoted cookies
  
  
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.336.2.53.2.18&r2=1.336.2.53.2.19&diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.336.2.53.2.18 
php-src/ext/session/session.c:1.336.2.53.2.19
--- php-src/ext/session/session.c:1.336.2.53.2.18       Wed May 16 01:34:14 2007
+++ php-src/ext/session/session.c       Fri Jun 15 22:45:25 2007
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: session.c,v 1.336.2.53.2.18 2007/05/16 01:34:14 stas Exp $ */
+/* $Id: session.c,v 1.336.2.53.2.19 2007/06/15 22:45:25 stas Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -666,7 +666,7 @@
        int vallen;
 
        /* check session name for invalid characters */
-       if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\")) {
+       if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\()@,;:[]?={}&%")) {
                efree(PS(id));
                PS(id) = NULL;
        }

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to