diff options
author | Pedro Magalhães <mail@pmmaga.net> | 2018-08-01 22:28:09 +0200 |
---|---|---|
committer | Christoph M. Becker <cmbecker69@gmx.de> | 2018-08-12 15:49:13 +0200 |
commit | a16aee6cee77571e3af604117bdc48b75d8a3315 (patch) | |
tree | 2abdb0f54632c5f58bf1b85b4a21aefb46fd35ad /ext/session | |
parent | 326d3d480c8187545f3e794c68c1fde09206fad9 (diff) | |
download | php-git-a16aee6cee77571e3af604117bdc48b75d8a3315.tar.gz |
Fix #76688: Disallow excessive parameters after options array
Diffstat (limited to 'ext/session')
-rw-r--r-- | ext/session/session.c | 9 | ||||
-rw-r--r-- | ext/session/tests/session_set_cookie_params_variation7.phpt | 9 |
2 files changed, 18 insertions, 0 deletions
diff --git a/ext/session/session.c b/ext/session/session.c index c7d54b0ee7..c46af0d87d 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -1704,6 +1704,15 @@ static PHP_FUNCTION(session_set_cookie_params) zend_string *key; zval *value; + if (path) { + path = NULL; + domain = NULL; + secure_null = 1; + httponly_null = 1; + php_error_docref(NULL, E_WARNING, "Cannot pass arguments after the options array"); + RETURN_FALSE; + } + ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(lifetime_or_options), key, value) { if (key) { ZVAL_DEREF(value); diff --git a/ext/session/tests/session_set_cookie_params_variation7.phpt b/ext/session/tests/session_set_cookie_params_variation7.phpt index ebd9b71df6..9d1f8709be 100644 --- a/ext/session/tests/session_set_cookie_params_variation7.phpt +++ b/ext/session/tests/session_set_cookie_params_variation7.phpt @@ -36,6 +36,10 @@ var_dump(ini_get("session.cookie_lifetime")); var_dump(session_set_cookie_params(["lifetime" => 42])); var_dump(ini_get("session.cookie_lifetime")); +var_dump(ini_get("session.cookie_path")); +var_dump(session_set_cookie_params(["path" => "newpath/"], "arg after options array")); +var_dump(ini_get("session.cookie_path")); + echo "Done"; ob_end_flush(); ?> @@ -57,4 +61,9 @@ string(6) "please" string(1) "0" bool(true) string(2) "42" +string(1) "/" + +Warning: session_set_cookie_params(): Cannot pass arguments after the options array in %s +bool(false) +string(1) "/" Done |