On 23 Apr 2001 [EMAIL PROTECTED] wrote:

> ID: 10447
> Updated by: bmcadams
> Reported By: [EMAIL PROTECTED]
> Old-Status: Analyzed
> Status: Assigned
> Bug Type: CCVS related
> PHP Version: 4.0 Latest CVS (22/04/2001)
> Assigned To: [EMAIL PROTECTED]
> Comments:
> The fix that sterling put in place will at the least check if the session being 
>passed is a string value: this still doesn't protect from someone arbitrarily passing 
>any old string (for example "crash_ccvs").
Actually, more accurately, it will check to see if it has a value at all.

> While obviously it is up to the programmer to be smart and not pass a bad session to 
>CCVS, CCVS Should not be segfaulting if they pass a bad value.
> I am looking into a way to trap this value from being bad.

I would personally mark anything further up as a bug in CCVS, not PHP.
And perhaps file a bug with the CCVS folk...  The other option (storing
the allocated sessions and checking to see if the passed session is in
that list), seems like a lot of overhead that isn't the responsibility of
the extension...


PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to