From ab4433e348bcbc81e376b2d3f98b378c5c2ff634 Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <iliaa@php.net>
Date: Fri, 3 Sep 2004 00:53:46 +0000
Subject: [PATCH] MFH: Fixed bug #29925 (Added a check to prevent illegal
 characters in session key).

---
 ext/session/session.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ext/session/session.c b/ext/session/session.c
index 67fe998b7a..ac503175a4 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -436,6 +436,11 @@ PS_SERIALIZER_ENCODE_FUNC(php)
 
 	PS_ENCODE_LOOP(
 			smart_str_appendl(&buf, key, (unsigned char) key_length);
+			if (memchr(key, PS_DELIMITER, key_length)) {
+				PHP_VAR_SERIALIZE_DESTROY(var_hash);
+				smart_str_free(&buf);				
+				return FAILURE;
+			}
 			smart_str_appendc(&buf, PS_DELIMITER);
 			
 			php_var_serialize(&buf, struc, &var_hash TSRMLS_CC);
-- 
2.50.1