|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2004-06-05 19:02 UTC] dharana at dharana dot net
Description: ------------ ext/session/mod_files.sh is a simple script used to generate a dir tree for storing sessions in files. If you use session.hash_bits_per_character = 5 or session.hash_bits_per_character = 6 php will fail to write some sessions. Expected result: ---------------- The script should either: a) ask the user for the session.hash_bits_per_character as a third optional argument b) read it from the php.ini Actual result: -------------- The directories created will cause some sessions to be lost. PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Wed Oct 29 03:00:01 2025 UTC |
In addition to sessions being lost, dependant on settings, information could be given out regarding the location of sensitive (session) files. Here is ext/session/mod_files.sh with a minimum of change to accept a third parameter (numeric) for hash bits per character (4, 5 or 6). If a value is not provided, it will function as the original script did. --- begin script #! /bin/sh if test "$2" = ""; then echo "usage: $0 basedir depth" exit 1 fi if test "$2" = "0"; then exit 0 fi hash_chars="0 1 2 3 4 5 6 7 8 9 a b c d e f" if test "$3" -a "$3" -ge "5"; then hash_chars="$hash_chars g h i j k l m n o p q r s \ t u v" if test "$3" -eq "6"; then hash_chars="$hash_chars w x y z A B C D E \ F G H I J K L M N \ O P Q R S T U V W \ X Y Z - ," fi fi for i in $hash_chars; do newpath="$1/$i" mkdir $newpath || exit 1 sh $0 $newpath `expr $2 - 1` $3 done --- End script