PHP :: Bug #38346 :: pipe char in index of SESSION variables should lead to error in session

Bug #38346

pipe char in index of SESSION variables should lead to error in session_encode

Submitted:

2006-08-05 15:21 UTC

Modified:

2006-08-05 15:44 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	1 (100.0%)
Same OS:	1 (100.0%)

From:

wf at bitplan dot com

Assigned:

Status:

Not a bug

Package:

Session related

PHP Version:

5.1.4

OS:

all

Private report:

CVE-ID:

None

View Add Comment Developer Edit

[2006-08-05 15:21 UTC] wf at bitplan dot com

Description:
------------
The bugreport
http://bugs.php.net/bug.php?id=33786
has just the status "bogus". That is a bug, because
session_encode will fail badly and a whole web - app will suffer (I've seen one report that someone lost his job due to sessions not being restored properly ...)


Reproduce code:
---------------
<?php
for ($i=33;$i<255;$i++) {
	@session_destroy();
	@session_start();
	$_SESSION["validname"]="valid value";
	$_varname="v".chr($i)."ar";
	$_SESSION[$_varname]=$i;
	$data=session_encode();
	if (strlen($data)==0) 
	echo "when varname is ".$_varname.
			 " session has ".count($_SESSION).
			 " entries that are encoded with ".strlen($data)." bytes ".
			 //" as '".$data.
			 "'<br />";
}	// for		 
?>

Expected result:
----------------
A (fatal) error message on using | within the array index name for $_SESSION

Actual result:
--------------
when varname is v|ar session has 2 entries that are encoded with 0 bytes '

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-08-05 15:44 UTC] tony2001@php.net

Thee is good explanation in bug #33786.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Apr 30 00:01:30 2024 UTC