diff options
author | Stefan Esser <sesser@php.net> | 2007-06-16 07:48:07 +0000 |
---|---|---|
committer | Stefan Esser <sesser@php.net> | 2007-06-16 07:48:07 +0000 |
commit | df7bfe0a0f3175e8d4573a2e9501cf11e2c0bee3 (patch) | |
tree | be968508281f088464b80a6b7be6f3abda36f3a1 /ext/session | |
parent | 70a8f9313bd2e6102ff12a1a5b5b9c096f9ce30f (diff) | |
download | php-git-df7bfe0a0f3175e8d4573a2e9501cf11e2c0bee3.tar.gz |
MFH
Diffstat (limited to 'ext/session')
-rw-r--r-- | ext/session/session.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/ext/session/session.c b/ext/session/session.c index 3d87a423c5..51e63171e5 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -807,7 +807,7 @@ static void php_session_initialize(TSRMLS_D) int vallen; /* check session name for invalid characters */ - if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\()@,;:[]?={}&%")) { + if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\")) { efree(PS(id)); PS(id) = NULL; } @@ -1080,6 +1080,7 @@ static void php_session_send_cookie(TSRMLS_D) { smart_str ncookie = {0}; char *date_fmt = NULL; + char *e_session_name, *e_id; if (SG(headers_sent)) { char *output_start_filename = php_get_output_start_filename(TSRMLS_C); @@ -1093,11 +1094,18 @@ static void php_session_send_cookie(TSRMLS_D) } return; } + + /* URL encode session_name and id because they might be user supplied */ + e_session_name = php_url_encode(PS(session_name), strlen(PS(session_name)), NULL); + e_id = php_url_encode(PS(id), strlen(PS(id)), NULL); smart_str_appends(&ncookie, COOKIE_SET_COOKIE); - smart_str_appends(&ncookie, PS(session_name)); + smart_str_appends(&ncookie, e_session_name); smart_str_appendc(&ncookie, '='); - smart_str_appends(&ncookie, PS(id)); + smart_str_appends(&ncookie, e_id); + + efree(e_session_name); + efree(e_id); if (PS(cookie_lifetime) > 0) { struct timeval tv; |