Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:rkwasny
php
php-5.1.2-MOPB-46-2007.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php-5.1.2-MOPB-46-2007.patch of Package php
--- ext/session/session.c.orig +++ ext/session/session.c @@ -46,6 +46,7 @@ #include "ext/standard/php_rand.h" /* for RAND_MAX */ #include "ext/standard/info.h" #include "ext/standard/php_smart_str.h" +#include "ext/standard/url.h" #include "mod_files.h" #include "mod_user.h" @@ -1041,6 +1042,7 @@ static void php_session_send_cookie(TSRM { smart_str ncookie = {0}; char *date_fmt = NULL; + char *e_session_name, *e_id; if (SG(headers_sent)) { char *output_start_filename = php_get_output_start_filename(TSRMLS_C); @@ -1055,10 +1057,17 @@ static void php_session_send_cookie(TSRM return; } + /* URL encode session_name and id because they might be user supplied */ + e_session_name = php_url_encode(PS(session_name), strlen(PS(session_name)), NULL); + e_id = php_url_encode(PS(id), strlen(PS(id)), NULL); + smart_str_appends(&ncookie, COOKIE_SET_COOKIE); - smart_str_appends(&ncookie, PS(session_name)); + smart_str_appends(&ncookie, e_session_name); smart_str_appendc(&ncookie, '='); - smart_str_appends(&ncookie, PS(id)); + smart_str_appends(&ncookie, e_id); + + efree(e_session_name); + efree(e_id); if (PS(cookie_lifetime) > 0) { struct timeval tv;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor