Fixed bug #29925 (Added a check to prevent illegal characters in session

key).
author: Ilia Alshanetsky <iliaa@php.net> 2004-09-02 02:44:04 +0000
committer: Ilia Alshanetsky <iliaa@php.net> 2004-09-02 02:44:04 +0000
commit: 197d65770a27e62b3ecb6d11be4034893b3909e0 (patch)
tree: b717c3e4321e3a6039c78a5b855d288e31a34796 /ext
parent: 4369785d6dd8eb8a19826ede5aef7bb52b4df127 (diff)
download: php-git-197d65770a27e62b3ecb6d11be4034893b3909e0.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/ext/session/session.c b/ext/session/session.c
index 0301108add..d263ac6d6e 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -451,6 +451,11 @@ PS_SERIALIZER_ENCODE_FUNC(php)
 
 	PS_ENCODE_LOOP(
 			smart_str_appendl(&buf, key, (unsigned char) key_length);
+			if (memchr(key, PS_DELIMITER, key_length)) {
+				PHP_VAR_SERIALIZE_DESTROY(var_hash);
+				smart_str_free(&buf);				
+				return FAILURE;
+			}
 			smart_str_appendc(&buf, PS_DELIMITER);
 			
 			php_var_serialize(&buf, struc, &var_hash TSRMLS_CC);
author	Ilia Alshanetsky <iliaa@php.net>	2004-09-02 02:44:04 +0000
committer	Ilia Alshanetsky <iliaa@php.net>	2004-09-02 02:44:04 +0000
commit	197d65770a27e62b3ecb6d11be4034893b3909e0 (patch)
tree	b717c3e4321e3a6039c78a5b855d288e31a34796 /ext
parent	4369785d6dd8eb8a19826ede5aef7bb52b4df127 (diff)
download	php-git-197d65770a27e62b3ecb6d11be4034893b3909e0.tar.gz