diff options
author | Stanislav Malyshev <stas@php.net> | 2007-06-15 22:45:25 +0000 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2007-06-15 22:45:25 +0000 |
commit | 83828a3ddb78fe1b10f539447ad4b32ff9b2229a (patch) | |
tree | 32af79ccfbf15fbcdea5c80519ae45a6b1268fb5 | |
parent | 54a446971f41f99f12f397bda765a06ebffedb04 (diff) | |
download | php-git-83828a3ddb78fe1b10f539447ad4b32ff9b2229a.tar.gz |
MF5: Disallow characters that Cookie RFC does not allow in unquoted cookies
-rw-r--r-- | ext/session/session.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ext/session/session.c b/ext/session/session.c index cf4c568cf0..328eb8adec 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -666,7 +666,7 @@ static void php_session_initialize(TSRMLS_D) int vallen; /* check session name for invalid characters */ - if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\")) { + if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\()@,;:[]?={}&%")) { efree(PS(id)); PS(id) = NULL; } |