php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #28644 mod_files.sh generates incorrect directories with hash_bits_per_character != 0
Submitted: 2004-06-05 19:02 UTC Modified: 2005-06-20 15:37 UTC
Votes:1
Avg. Score:2.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: dharana at dharana dot net Assigned:
Status: Closed Package: Session related
PHP Version: 5CVS-2005-03-06 OS: *
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: dharana at dharana dot net
New email:
PHP Version: OS:

 

 [2004-06-05 19:02 UTC] dharana at dharana dot net 
Description:
------------
ext/session/mod_files.sh is a simple script used to generate a dir tree for storing sessions in files. If you use session.hash_bits_per_character = 5 or session.hash_bits_per_character = 6 php will fail to write some sessions.

Expected result:
----------------
The script should either:
a) ask the user for the session.hash_bits_per_character as a third optional argument
b) read it from the php.ini

Actual result:
--------------
The directories created will cause some sessions to be lost.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-04-18 00:23 UTC] waltzer at autumnweave dot com 
In addition to sessions being lost, dependant on settings, information could be given out regarding the location of sensitive (session) files.

Here is ext/session/mod_files.sh with a minimum of change to accept a third parameter (numeric) for hash bits per character (4, 5 or 6). If a value is not provided, it will function as the original script did.

--- begin script

#! /bin/sh

if test "$2" = ""; then
        echo "usage: $0 basedir depth"
        exit 1
fi

if test "$2" = "0"; then
        exit 0
fi

hash_chars="0 1 2 3 4 5 6 7 8 9 a b c d e f"
if test "$3" -a "$3" -ge "5"; then
        hash_chars="$hash_chars g h i j k l m n o p q r s \
                                t u v"
        if test "$3" -eq "6"; then
                hash_chars="$hash_chars w x y z A B C D E \
                                        F G H I J K L M N \
                                        O P Q R S T U V W \
                                        X Y Z - ,"
        fi
fi

for i in $hash_chars; do
        newpath="$1/$i"
        mkdir $newpath || exit 1
        sh $0 $newpath `expr $2 - 1` $3
done

--- End script
 [2005-06-20 15:37 UTC] sniper@php.net 
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 25 00:01:41 2024 UTC