File php-5.1.2-session.patch of Package php

--- ext/session/session.c
+++ ext/session/session.c
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: session.c,v 1.417.2.5 2006/01/01 12:50:12 sniper Exp $ */
+/* $Id: session.c,v 1.417.2.6 2006/01/15 16:51:18 iliaa Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -741,6 +741,12 @@
 	char *val;
 	int vallen;
 
+	/* check session name for invalid characters */
+	if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\")) {
+		efree(PS(id));
+		PS(id) = NULL;
+	}
+
 	if (!PS(mod)) {
 		php_error_docref(NULL TSRMLS_CC, E_ERROR, "No storage module chosen - failed to initialize session.");
 		return;

Places

File php-5.1.2-session.patch of Package php

Places