|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2004-09-03 04:49 UTC] iliaa@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Sat Sep 07 23:01:27 2024 UTC |
Description: ------------ Tested on PHP 4.3.6 (statically linked) with Apache 1.3.X under IBM AIX. Sorry to not being able to test on a more recent version. If a variable containing pipes is saved in a session, it creates an ugly session variable that can leads to a Session completely screwed up. I think this is a pretty SERIOUS bug that can leads to unpredictible behaviour (Here follows a simple test but I found this with a more complicated script depending on a lot of session variables. The result was a crash of the Apache server (segmentation fault). I imagine that the symptoms of this problem can be multiple depending on the number of pipes in the variable name, the order of the variables in the session, etc...) The problem is that the | is also used in the /tmp/sess_XXXX files as a delimiter The following code can be saved in a file and tested with a browser to see the problem. Reproduce code: --------------- <?php session_start(); if (!isset($_GET['test'])){ print "Phase I: setting a Session variable with a name containing pipes. This generates a buggy session variable ...<br/>"; $_SESSION['This|variable|contains|ugly|characters'] = 'test'; print "<a href='$PHP_SELF?test=test'>Click here to see the result</a>"; }else{ print "Here is the content of the Session:<pre>"; var_dump($_SESSION); print "</pre>"; } ?> Expected result: ---------------- array(1) { ["This|variable|contains|ugly|characters"]=> &string(4) "test" } Actual result: -------------- array(5) { ["This"]=> &NULL ["variable"]=> &NULL ["contains"]=> &NULL ["ugly"]=> &NULL ["characters"]=> &string(4) "test" }