Bug #72663 - part 3

When using the php_serialize session serialization handler, do not use the result of the unserialization if it failed.
author: Nikita Popov <nikic@php.net> 2016-08-10 14:46:38 +0200
committer: Stanislav Malyshev <stas@php.net> 2016-08-17 01:01:03 -0700
commit: e0f9fbdfa61012101de7f4a8653ca5538c404a71 (patch)
tree: c9c1b7914d52cf0b408f9181639d1e24fd5ef253 /ext/standard/tests/serialize/bug72663_3.phpt
parent: 61f2f5a0f760157f9c9d32d7d3df2be47a73e74d (diff)
download: php-git-e0f9fbdfa61012101de7f4a8653ca5538c404a71.tar.gz
1 files changed, 17 insertions, 0 deletions
diff --git a/ext/standard/tests/serialize/bug72663_3.phpt b/ext/standard/tests/serialize/bug72663_3.phpt
new file mode 100644
index 0000000000..37d67706f2
--- /dev/null
+++ b/ext/standard/tests/serialize/bug72663_3.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #72663 (3): If unserialization fails, don't initialize the session with the result
+--SKIPIF--
+<?php if (!extension_loaded('session')) die('skip Session extension required'); ?>
+--INI--
+session.serialize_handler=php_serialize
+--FILE--
+<?php
+session_start();
+$sess = 'O:9:"Exception":2:{s:7:"'."\0".'*'."\0".'file";R:1;}';
+session_decode($sess);
+var_dump($_SESSION);
+?>
+--EXPECTF--
+Notice: session_decode(): Unexpected end of serialized data in %s on line %d
+array(0) {
+}
author	Nikita Popov <nikic@php.net>	2016-08-10 14:46:38 +0200
committer	Stanislav Malyshev <stas@php.net>	2016-08-17 01:01:03 -0700
commit	e0f9fbdfa61012101de7f4a8653ca5538c404a71 (patch)
tree	c9c1b7914d52cf0b408f9181639d1e24fd5ef253 /ext/standard/tests/serialize/bug72663_3.phpt
parent	61f2f5a0f760157f9c9d32d7d3df2be47a73e74d (diff)
download	php-git-e0f9fbdfa61012101de7f4a8653ca5538c404a71.tar.gz