php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #43819 -
Submitted: 2008-01-11 14:14 UTC Modified: 2008-02-07 00:44 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: fxbois at gmail dot com Assigned:
Status: Not a bug Package: Session related
PHP Version: 5.2.5 OS: RHEL3
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: fxbois at gmail dot com
New email:
PHP Version: OS:

 

 [2008-01-11 14:14 UTC] fxbois at gmail dot com 
Description:
------------
Hi,

I want to report that PHP 5.2.5 loose the local session.save_path. I set it with session_save_path() but just after, when I look at its value, it contains the master value instead of the value just setted.

This happens after a short period of time. (Just after restrating apache  everything works fine).

It is a big security problem in my opinion.

System :
- Red Hat Enterprise Linux ES release 3 (Taroon Update 8)
- PHP 5.2.5
- Apache/2.0.46

Reproduce code:
---------------
// master value is /home/.tmp

$new = '2;0777;web/tmp';
session_save_path($new);
echo session_save_path();


Expected result:
----------------
2;0777;web/tmp

Actual result:
--------------
/home/.tmp

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-01-12 17:49 UTC] fxbois at gmail dot com 
I have in my php.ini file the value :
session.save_path = "/tmp"

When I try to change this value in a php script with session_save_path() 
the new value is not kept and the session.save_path still contains "/tmp".

session_save_path("2;0777;web/tmp");
error_log(session_save_path()); 
// /tmp appears instead of 2;0777;web/tmp

What is strange is that this bad behaviour only appears a few minutes after an apache restart.  

I tried many night build (5.2.6) with no success. I am sure that this behaviour appeared with 5.2.5.

I can try patches if you want.

Hope this new comment will help. This bug is very very annoying on a shared server.

tia
 [2008-02-05 00:26 UTC] jani@php.net 
Are you by any chance using php_admin_value / php_value anywhere in your  httpd.conf / .htaccess files? And if so, are you using those to set different session.save_path?
 [2008-02-05 08:44 UTC] fxbois at gmail dot com 
I must confess that I changed all my servers because, as I said it was a serious security problem for me, and I had no feedback.

The configuration I used to have was :
1/ session.save_path in the php.ini
2/ php_admin_value session.save_path in the virtualhost
3/ use off the function session_save_path() in a script. The script is loaded for every action but set a different path according to the URI.
 [2008-02-05 13:17 UTC] manuel at mausz dot at 
Same as Bug 43677 :)
 [2008-02-05 23:54 UTC] fxbois at gmail dot com 
It is so strange that such a big security issue is not dealt serioulsy by a core php developer.
Manuel thanx for your patch.
 [2008-02-07 00:44 UTC] jani@php.net 
Duplicate of bug #43677

And this report is missing a proper summary too, I wonder why..?
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue Jul 15 05:01:33 2025 UTC