From: Ilia Alshanetsky <iliaa@php.net>
Date: Fri, 3 Sep 2004 00:53:46 +0000 (+0000)
Subject: MFH: Fixed bug #29925 (Added a check to prevent illegal characters in
X-Git-Tag: php-4.3.9RC3~8
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ab4433e348bcbc81e376b2d3f98b378c5c2ff634;p=php

MFH: Fixed bug #29925 (Added a check to prevent illegal characters in
session key).
---

diff --git a/ext/session/session.c b/ext/session/session.c
index 67fe998b7a..ac503175a4 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -436,6 +436,11 @@ PS_SERIALIZER_ENCODE_FUNC(php)
 
 	PS_ENCODE_LOOP(
 			smart_str_appendl(&buf, key, (unsigned char) key_length);
+			if (memchr(key, PS_DELIMITER, key_length)) {
+				PHP_VAR_SERIALIZE_DESTROY(var_hash);
+				smart_str_free(&buf);				
+				return FAILURE;
+			}
 			smart_str_appendc(&buf, PS_DELIMITER);
 			
 			php_var_serialize(&buf, struc, &var_hash TSRMLS_CC);