diff --git a/UPGRADING b/UPGRADING index 67b6dcb8e75c7..7a4143420d70f 100644 --- a/UPGRADING +++ b/UPGRADING @@ -98,6 +98,10 @@ PHP 8.5 UPGRADE NOTES . A ValueError is now thrown when trying to set a cursor name that is too long on a PDOStatement resulting from the Firebird driver. +- Session: + . Attempting to write session data where $_SESSION has a key containing + the pipe character will now emit a warning instead of silently failing. + - SimpleXML: . Passing an XPath expression that returns something other than a node set to SimpleXMLElement::xpath() will now emit a warning and return false, diff --git a/ext/session/session.c b/ext/session/session.c index fd877483c0a6f..7b677249fb41b 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -1059,6 +1059,7 @@ PS_SERIALIZER_ENCODE_FUNC(php) PHP_VAR_SERIALIZE_DESTROY(var_hash); smart_str_free(&buf); fail = true; + php_error_docref(NULL, E_WARNING, "Failed to write session data. Data contains invalid key \"%s\"", ZSTR_VAL(key)); break; } smart_str_appendc(&buf, PS_DELIMITER); diff --git a/ext/session/tests/gh18634.phpt b/ext/session/tests/gh18634.phpt new file mode 100644 index 0000000000000..ac18fefd0a154 --- /dev/null +++ b/ext/session/tests/gh18634.phpt @@ -0,0 +1,13 @@ +--TEST-- +GH-18634 (Using pipe character in session variable key causes session data to be removed) +--EXTENSIONS-- +session +--SKIPIF-- + +--FILE-- + +--EXPECT-- +Warning: PHP Request Shutdown: Failed to write session data. Data contains invalid key "foo|bar" in Unknown on line 0 diff --git a/ext/session/tests/gh18634_2.phpt b/ext/session/tests/gh18634_2.phpt new file mode 100644 index 0000000000000..574de9ab7e210 --- /dev/null +++ b/ext/session/tests/gh18634_2.phpt @@ -0,0 +1,14 @@ +--TEST-- +GH-18634 (Using pipe character in session variable key causes session data to be removed - explicit session write) +--EXTENSIONS-- +session +--SKIPIF-- + +--FILE-- + +--EXPECTF-- +Warning: session_write_close(): Failed to write session data. Data contains invalid key "foo|bar" in %s on line %d