From ea138b85abda4b0ffe810f8fba8bfa573480bf88 Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <iliaa@php.net>
Date: Thu, 2 Sep 2004 02:44:12 +0000
Subject: [PATCH] MFH: Fixed bug #29925 (Added a check to prevent illegal
 characters in session key).

---
 ext/session/session.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ext/session/session.c b/ext/session/session.c
index 135a732253..0b16346eaa 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -451,6 +451,11 @@ PS_SERIALIZER_ENCODE_FUNC(php)
 
 	PS_ENCODE_LOOP(
 			smart_str_appendl(&buf, key, (unsigned char) key_length);
+			if (memchr(key, PS_DELIMITER, key_length)) {
+				PHP_VAR_SERIALIZE_DESTROY(var_hash);
+				smart_str_free(&buf);				
+				return FAILURE;
+			}
 			smart_str_appendc(&buf, PS_DELIMITER);
 			
 			php_var_serialize(&buf, struc, &var_hash TSRMLS_CC);
-- 
2.50.1