On 23 Apr 2001 [EMAIL PROTECTED] wrote:
> ID: 10447
> Updated by: bmcadams
> Reported By: [EMAIL PROTECTED]
> Old-Status: Analyzed
> Status: Assigned
> Bug Type: CCVS related
> PHP Version: 4.0 Latest CVS (22/04/2001)
> Assigned To: [EMAIL PROTECTED]
> Comments:
>
> The fix that sterling put in place will at the least check if the session being
>passed is a string value: this still doesn't protect from someone arbitrarily passing
>any old string (for example "crash_ccvs").
>
Actually, more accurately, it will check to see if it has a value at all.
> While obviously it is up to the programmer to be smart and not pass a bad session to
>CCVS, CCVS Should not be segfaulting if they pass a bad value.
>
> I am looking into a way to trap this value from being bad.
>
I would personally mark anything further up as a bug in CCVS, not PHP.
And perhaps file a bug with the CCVS folk... The other option (storing
the allocated sessions and checking to see if the passed session is in
that list), seems like a lot of overhead that isn't the responsibility of
the extension...
-Sterling
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
