Skip to content

ext/session: reject null bytes in save_path and referer_check#22578

Merged
Girgias merged 1 commit into
php:masterfrom
jorgsowa:fix/session-null-byte-validation
Jul 3, 2026
Merged

ext/session: reject null bytes in save_path and referer_check#22578
Girgias merged 1 commit into
php:masterfrom
jorgsowa:fix/session-null-byte-validation

Conversation

@jorgsowa

@jorgsowa jorgsowa commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

session.cookie_path/cookie_domain/cache_limiter reject null bytes with a warning (OnUpdateSessionStr), but session.save_path silently failed with no diagnostic and session.referer_check didn't check at all. Align both with the existing OnUpdateSessionStr behavior.

session.cookie_path/cookie_domain/cache_limiter reject null bytes with
a warning (OnUpdateSessionStr), but session.save_path silently failed
with no diagnostic and session.referer_check didn't check at all.
Align both with the existing OnUpdateSessionStr behavior.
@Girgias Girgias merged commit 19f9443 into php:master Jul 3, 2026
18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants