php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #38346 pipe char in index of SESSION variables should lead to error in session_encode
Submitted: 2006-08-05 15:21 UTC Modified: 2006-08-05 15:44 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: wf at bitplan dot com Assigned:
Status: Not a bug Package: Session related
PHP Version: 5.1.4 OS: all
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: wf at bitplan dot com
New email:
PHP Version: OS:

 

 [2006-08-05 15:21 UTC] wf at bitplan dot com
Description:
------------
The bugreport
http://bugs.php.net/bug.php?id=33786
has just the status "bogus". That is a bug, because
session_encode will fail badly and a whole web - app will suffer (I've seen one report that someone lost his job due to sessions not being restored properly ...)


Reproduce code:
---------------
<?php
for ($i=33;$i<255;$i++) {
	@session_destroy();
	@session_start();
	$_SESSION["validname"]="valid value";
	$_varname="v".chr($i)."ar";
	$_SESSION[$_varname]=$i;
	$data=session_encode();
	if (strlen($data)==0) 
	echo "when varname is ".$_varname.
			 " session has ".count($_SESSION).
			 " entries that are encoded with ".strlen($data)." bytes ".
			 //" as '".$data.
			 "'<br />";
}	// for		 
?>

Expected result:
----------------
A (fatal) error message on using | within the array index name for $_SESSION

Actual result:
--------------
when varname is v|ar session has 2 entries that are encoded with 0 bytes '

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-08-05 15:44 UTC] tony2001@php.net
Thee is good explanation in bug #33786.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Oct 31 22:01:27 2024 UTC