From: Stanislav Malyshev <stas@php.net>
Date: Fri, 15 Jun 2007 22:42:43 +0000 (+0000)
Subject: MF5: Disallow characters that Cookie RFC does not allow in unquoted cookies
X-Git-Tag: BEFORE_IMPORT_OF_MYSQLND~445
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e4e1f601258e52d3fb63c5b26b0dd8c6034167bf;p=php

MF5: Disallow characters that Cookie RFC does not allow in unquoted cookies
---

diff --git a/ext/session/session.c b/ext/session/session.c
index 93c185d443..9d0694dcc8 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -398,7 +398,7 @@ static void php_session_initialize(TSRMLS_D)
 	int vallen;
 
 	/* check session name for invalid characters */
-	if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\")) {
+	if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\()@,;:[]?={}&%")) {
 		efree(PS(id));
 		PS(id) = NULL;
 	}