diff options
author | Yasuo Ohgaki <yohgaki@php.net> | 2015-02-03 13:41:31 +0900 |
---|---|---|
committer | Yasuo Ohgaki <yohgaki@php.net> | 2015-02-03 13:41:31 +0900 |
commit | 2983ef3c4822c089d1e3de463c12bd8437125d6c (patch) | |
tree | 274d5109b8eed54ac9d21076280b2e79e4db882b | |
parent | 665997bf169a943b5a06e1cb1c53511aac93d126 (diff) | |
parent | 853ae39d6ea6a4d2ce95098744e481a1e8573ad8 (diff) | |
download | php-git-2983ef3c4822c089d1e3de463c12bd8437125d6c.tar.gz |
Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
Fixed bug #68063 Empty session IDs do still start sessions
-rw-r--r-- | ext/session/session.c | 5 | ||||
-rw-r--r-- | ext/session/tests/bug68063.phpt | 20 |
2 files changed, 25 insertions, 0 deletions
diff --git a/ext/session/session.c b/ext/session/session.c index 7744a430dc..dfe5a4db51 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -2073,6 +2073,11 @@ static PHP_FUNCTION(session_decode) static PHP_FUNCTION(session_start) { /* skipping check for non-zero args for performance reasons here ?*/ + if (PS(id) && !strlen(PS(id))) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot start session with empty session ID"); + RETURN_FALSE; + } + php_session_start(TSRMLS_C); if (PS(session_status) != php_session_active) { diff --git a/ext/session/tests/bug68063.phpt b/ext/session/tests/bug68063.phpt new file mode 100644 index 0000000000..d3da470d06 --- /dev/null +++ b/ext/session/tests/bug68063.phpt @@ -0,0 +1,20 @@ +--TEST-- +Bug #68063 (Empty session IDs do still start sessions) +--SKIPIF-- +<?php include('skipif.inc'); ?> +--INI-- +--FILE-- +<?php +// Could also be set with a cookie like "PHPSESSID=; path=/" +session_id(''); + +// Will still start the session and return true +var_dump(session_start()); + +// Returns an empty string +var_dump(session_id()); +?> +--EXPECTF-- +Warning: session_start(): Cannot start session with empty session ID in %s on line %d +bool(false) +string(0) "" |