session: Raise a warning if session variable key contains pipe character

mintopia · mintopia · commit f92b09cb6bda · 2025-05-24T12:21:13.000+01:00
Fixes #18634
diff --git a/ext/session/session.c b/ext/session/session.c
@@ -994,6 +994,7 @@ PS_SERIALIZER_ENCODE_FUNC(php) /* {{{ */
 		if (memchr(ZSTR_VAL(key), PS_DELIMITER, ZSTR_LEN(key))) {
 			PHP_VAR_SERIALIZE_DESTROY(var_hash);
 			smart_str_free(&buf);
+			php_error_docref(NULL, E_WARNING, "Failed to write session data. Data contains invalid key \"%s\".", ZSTR_VAL(key));
 			return NULL;
 		}
 		smart_str_appendc(&buf, PS_DELIMITER);
diff --git a/ext/session/tests/gh18634.phpt b/ext/session/tests/gh18634.phpt
@@ -0,0 +1,16 @@
+--TEST--
+GH-18634 (Using pipe character in session variable key causes session data to be removed)
+--INI--
+--EXTENSIONS--
+session
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--FILE--
+<?php
+ob_start();
+session_start();
+$_SESSION['foo|bar'] = 'value';
+ob_end_clean();
+?>
+--EXPECTF--
+Warning: PHP Request Shutdown: Failed to write session data. Data contains invalid key "foo|bar". in Unknown on line 0

Original file line number	Diff line number	Diff line change
`@@ -994,6 +994,7 @@ PS_SERIALIZER_ENCODE_FUNC(php) /* {{{ */`
`994`	`994`	`if (memchr(ZSTR_VAL(key), PS_DELIMITER, ZSTR_LEN(key))) {`
`995`	`995`	`PHP_VAR_SERIALIZE_DESTROY(var_hash);`
`996`	`996`	`smart_str_free(&buf);`
	`997`	`+ php_error_docref(NULL, E_WARNING, "Failed to write session data. Data contains invalid key \"%s\".", ZSTR_VAL(key));`
`997`	`998`	`return NULL;`
`998`	`999`	`}`
`999`	`1000`	`smart_str_appendc(&buf, PS_DELIMITER);`