Skip to content

Commit 3dafa5f

Browse files
devnexendevnexen
committed
Fix phpGH-9932: Discards further characters for session name.
As those are converted, it s better to make aware of the code caller of the naming inadequacy.
1 parent ac05c8f commit 3dafa5f

File tree

2 files changed

+7
-5
lines changed

2 files changed

+7
-5
lines changed

ext/session/session.c

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -93,6 +93,8 @@ zend_class_entry *php_session_update_timestamp_iface_entry;
9393
return FAILURE; \
9494
}
9595

96+
#define SESSION_FORBIDDEN_CHARS "=,;.[ \t\r\n\013\014"
97+
9698
#define APPLY_TRANS_SID (PS(use_trans_sid) && !PS(use_only_cookies))
9799

98100
static int php_session_send_cookie(void);
@@ -1254,7 +1256,7 @@ static void php_session_remove_cookie(void) {
12541256
size_t session_cookie_len;
12551257
size_t len = sizeof("Set-Cookie")-1;
12561258

1257-
ZEND_ASSERT(strpbrk(PS(session_name), "=,; \t\r\n\013\014") == NULL);
1259+
ZEND_ASSERT(strpbrk(PS(session_name), SESSION_FORBIDDEN_CHARS) == NULL);
12581260
spprintf(&session_cookie, 0, "Set-Cookie: %s=", PS(session_name));
12591261

12601262
session_cookie_len = strlen(session_cookie);
@@ -1302,8 +1304,8 @@ static zend_result php_session_send_cookie(void) /* {{{ */
13021304
}
13031305

13041306
/* Prevent broken Set-Cookie header, because the session_name might be user supplied */
1305-
if (strpbrk(PS(session_name), "=,; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
1306-
php_error_docref(NULL, E_WARNING, "session.name cannot contain any of the following '=,; \\t\\r\\n\\013\\014'");
1307+
if (strpbrk(PS(session_name), SESSION_FORBIDDEN_CHARS) != NULL) { /* man isspace for \013 and \014 */
1308+
php_error_docref(NULL, E_WARNING, "session.name cannot contain any of the following '=,;.[ \\t\\r\\n\\013\\014'");
13071309
return FAILURE;
13081310
}
13091311

ext/session/tests/session_name_variation1.phpt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ bool(true)
4545
string(9) "PHPSESSID"
4646
string(9) "PHPSESSID"
4747

48-
Warning: session_start(): session.name cannot contain any of the following '=,; \t\r\n\013\014' in %s on line %d
48+
Warning: session_start(): session.name cannot contain any of the following '=,;.[ \t\r\n\013\014' in %s on line %d
4949
bool(true)
5050
string(1) " "
5151
bool(true)
@@ -54,7 +54,7 @@ string(1) " "
5454
Warning: session_name(): session.name "" cannot be numeric or empty in %s on line %d
5555
string(1) " "
5656

57-
Warning: session_start(): session.name cannot contain any of the following '=,; \t\r\n\013\014' in %s on line %d
57+
Warning: session_start(): session.name cannot contain any of the following '=,;.[ \t\r\n\013\014' in %s on line %d
5858
bool(true)
5959
string(1) " "
6060
bool(true)

0 commit comments

Comments
 (0)