php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #38213 Wddx serializer and umlaute in $_SESSION variables don't work together
Submitted: 2006-07-26 00:00 UTC Modified: 2006-08-02 15:45 UTC
Votes:3
Avg. Score:4.3 ± 0.5
Reproduced:3 of 3 (100.0%)
Same Version:1 (33.3%)
Same OS:1 (33.3%)
From: wf at bitplan dot com Assigned: iliaa (profile)
Status: Closed Package: Session related
PHP Version: 5.1.4 OS: Windows XP
Private report: No CVE-ID: None
 [2006-07-26 00:00 UTC] wf at bitplan dot com
Description:
------------
When setting the serialize handler to wddx in php.in:
session.serialize_handler = wddx
using any Umlaut in a $_SESSION variable will lead to misbehaviour of the system e.g. Apache crashing or the session file content to be destroyed

Reproduce code:
---------------
sesstest1.php:
=============
<?php
    session_start();
    $_SESSION['sess_var'] = "?????????";
    session_write_close();
    echo "The content is ". $_SESSION['sess_var']. "<br />";
?>
<a href="sesstest2.php?<?php echo SID?>">Page 2 </a>
sesstest2.php:
=============
<?php
    session_start();
    echo "The content is ".$_SESSION['sess_var']."<br />";
    unset ($_SESSION['sess_var']);
    session_write_close();
?>
<a href="sesstest1.php?<?php echo SID?>">Page 1</a>

Expected result:
----------------
there are several ways to do this properly, one is to set the encoding:
<?xml version="1.0" encoding="ISO-8859-1"?>
in the first line of the wddx file, another one is to use utf-8 encoding on encoding and decoding

Actual result:
--------------
<wddxPacket version='1.0'><header/><data><struct><var name='sess_var'><string>?????????</string></var></struct></data></wddxPacket>

And the system might throw-up on decoding when e.g. using french, spanish, swedish or other accented characters.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-08-02 15:45 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 08:01:29 2024 UTC