summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYasuo Ohgaki <yohgaki@php.net>2015-02-03 13:41:31 +0900
committerYasuo Ohgaki <yohgaki@php.net>2015-02-03 13:41:31 +0900
commit2983ef3c4822c089d1e3de463c12bd8437125d6c (patch)
tree274d5109b8eed54ac9d21076280b2e79e4db882b
parent665997bf169a943b5a06e1cb1c53511aac93d126 (diff)
parent853ae39d6ea6a4d2ce95098744e481a1e8573ad8 (diff)
downloadphp-git-2983ef3c4822c089d1e3de463c12bd8437125d6c.tar.gz
Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5: Fixed bug #68063 Empty session IDs do still start sessions
Diffstat
-rw-r--r--ext/session/session.c5
-rw-r--r--ext/session/tests/bug68063.phpt20
2 files changed, 25 insertions, 0 deletions
diff --git a/ext/session/session.c b/ext/session/session.c
index 7744a430dc..dfe5a4db51 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -2073,6 +2073,11 @@ static PHP_FUNCTION(session_decode)
static PHP_FUNCTION(session_start)
{
/* skipping check for non-zero args for performance reasons here ?*/
+ if (PS(id) && !strlen(PS(id))) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot start session with empty session ID");
+ RETURN_FALSE;
+ }
+
php_session_start(TSRMLS_C);
if (PS(session_status) != php_session_active) {
diff --git a/ext/session/tests/bug68063.phpt b/ext/session/tests/bug68063.phpt
new file mode 100644
index 0000000000..d3da470d06
--- /dev/null
+++ b/ext/session/tests/bug68063.phpt
@@ -0,0 +1,20 @@
+--TEST--
+Bug #68063 (Empty session IDs do still start sessions)
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--INI--
+--FILE--
+<?php
+// Could also be set with a cookie like "PHPSESSID=; path=/"
+session_id('');
+
+// Will still start the session and return true
+var_dump(session_start());
+
+// Returns an empty string
+var_dump(session_id());
+?>
+--EXPECTF--
+Warning: session_start(): Cannot start session with empty session ID in %s on line %d
+bool(false)
+string(0) ""
View Lorry Controller Status