Along with the valid char set, also add a length check to the

session id here to avoid a lower-level error on the open() 
later on in case we exceed MAX_PATH.  The lower level open()
error includes the session dir path in it, so this is a very
low-priority security fix.  People should not be running
production systems with display_errors turned on.

0 files changed, 0 insertions, 0 deletions