Skip to content

Commit 77a133e

Browse files
jorgsowajorgsowa
committed
Added eclusive error message for prefix in session_create_id() larger than 256
1 parent e1c8329 commit 77a133e

File tree

2 files changed

+12
-8
lines changed

2 files changed

+12
-8
lines changed

ext/session/session.c

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -368,6 +368,7 @@ PHPAPI zend_result php_session_valid_key(const char *key) /* {{{ */
368368
|| (c >= '0' && c <= '9')
369369
|| c == ','
370370
|| c == '-')) {
371+
php_error_docref(NULL, E_WARNING, "Prefix cannot contain special characters. Only the A-Z, a-z, 0-9, \"-\", and \",\" characters are allowed");
371372
return FAILURE;
372373
}
373374
}
@@ -377,6 +378,7 @@ PHPAPI zend_result php_session_valid_key(const char *key) /* {{{ */
377378
/* Somewhat arbitrary length limit here, but should be way more than
378379
anyone needs and avoids file-level warnings later on if we exceed MAX_PATH */
379380
if (len == 0 || len > PS_MAX_SID_LENGTH) {
381+
php_error_docref(NULL, E_WARNING, "Prefix cannot be larger than 256 characters");
380382
return FAILURE;
381383
}
382384

@@ -2385,7 +2387,6 @@ PHP_FUNCTION(session_create_id)
23852387
if (prefix && ZSTR_LEN(prefix)) {
23862388
if (php_session_valid_key(ZSTR_VAL(prefix)) == FAILURE) {
23872389
/* E_ERROR raised for security reason. */
2388-
php_error_docref(NULL, E_WARNING, "Prefix cannot contain special characters. Only the A-Z, a-z, 0-9, \"-\", and \",\" characters are allowed");
23892390
RETURN_FALSE;
23902391
} else {
23912392
smart_str_append(&id, prefix);

ext/session/tests/session_create_id_invalid_prefix.phpt

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,12 @@ session
1212

1313
var_dump(session_create_id('_'));
1414
var_dump(session_create_id('%'));
15-
var_dump(session_create_id("AB\0CD"));
16-
15+
var_dump(session_create_id('ABTgdPs68S3M4HMaqKwj33TzqLMv5PHpWQxJbfpeogEhrJRY7o9f33pKLCmhf0tXCtoBkIu0yxXYCSHfJhPd2miPUW4MIpd91dnEiOwWDfaBnfdJZOwgvgmYLSfDGaebqmnCAoyuzlcq2j59nNRhccgJIkr9ytY3RwFTTXszpcjpx6mlJuG9GksKAhPsnnaEwSEb0eFyqvn80gYI2roKSjaFSmJxg0xgXuCF4csMo8DxiSvovho5QTKx5u7h8VyQL'));
16+
try {
17+
var_dump(session_create_id("AB\0CD"));
18+
} catch (Throwable $e) {
19+
echo $e->getMessage() . "\n";
20+
}
1721

1822
?>
1923
Done
@@ -24,8 +28,7 @@ bool(false)
2428
Warning: session_create_id(): Prefix cannot contain special characters. Only the A-Z, a-z, 0-9, "-", and "," characters are allowed in %s on line %d
2529
bool(false)
2630

27-
Fatal error: Uncaught ValueError: session_create_id(): Argument #1 ($prefix) must not contain any null bytes in %s:%d
28-
Stack trace:
29-
#0 %s(5): session_create_id('AB\x00CD')
30-
#1 {main}
31-
thrown in %s
31+
Warning: session_create_id(): Prefix cannot be larger than 256 characters in %s on line %d
32+
bool(false)
33+
session_create_id(): Argument #1 ($prefix) must not contain any null bytes
34+
Done

0 commit comments

Comments
 (0)