]> granicus.if.org Git - php/commit
projects / php / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 24af48e) | patch
Along with the valid char set, also add a length check to the
authorRasmus Lerdorf <rasmus@php.net>
Sat, 26 Dec 2009 23:38:25 +0000 (23:38 +0000)
committerRasmus Lerdorf <rasmus@php.net>
Sat, 26 Dec 2009 23:38:25 +0000 (23:38 +0000)
commitc18de792650258a0d3f85648400cb5bc3c693dd4
tree99b41da9f5cdbaac38edefdcdb32e743296d8a09tree | snapshot
parent24af48e40217440f2ed5e7d54b745c4a3a5f05ebcommit | diff
Along with the valid char set, also add a length check to the
session id here to avoid a lower-level error on the open()
later on in case we exceed MAX_PATH.  The lower level open()
error includes the session dir path in it, so this is a very
low-priority security fix.  People should not be running
production systems with display_errors turned on.
ext/session/mod_files.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.