- fix for CAN-2003-0442 (XSS in session.use_trans_sid) from RH

author Jakub Bogusz <qboosh@pld-linux.org>

Mon, 3 Nov 2003 11:10:15 +0000 (11:10 +0000)

committer cvs2git <feedback@pld-linux.org>

Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)
author Jakub Bogusz <qboosh@pld-linux.org>
Mon, 3 Nov 2003 11:10:15 +0000 (11:10 +0000)
committer cvs2git <feedback@pld-linux.org>
Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)
diff --git a/php-sessid.patch b/php-sessid.patch

new file mode 100644 (file)

index 0000000..582fe86
--- /dev/null
+++ b/php-sessid.patch
@@ -0,0 +1,16 @@
+
+Fix for XSS in session.use_trans_sid support: CAN-2003-0442.
+
+--- php-4.2.2/ext/session/session.c.sessid
++++ php-4.2.2/ext/session/session.c
+@@ -84,7 +84,9 @@
+ static void php_session_output_handler(char *output, uint output_len, char **handled_output, uint *handled_output_len, int mode TSRMLS_DC)
+ {
+       if ((PS(session_status) == php_session_active)) {
+-              *handled_output = url_adapt_ext_ex(output, output_len, PS(session_name), PS(id), handled_output_len, (zend_bool) (mode&PHP_OUTPUT_HANDLER_END ? 1 : 0) TSRMLS_CC);
++              char *encoded = php_url_encode(PS(id), strlen(PS(id)), NULL);
++              *handled_output = url_adapt_ext_ex(output, output_len, PS(session_name), encoded, handled_output_len, (zend_bool) (mode&PHP_OUTPUT_HANDLER_END ? 1 : 0) TSRMLS_CC);
++              efree(encoded);
+       } else {
+               *handled_output = NULL;
+       }
author	Jakub Bogusz <qboosh@pld-linux.org>
	Mon, 3 Nov 2003 11:10:15 +0000 (11:10 +0000)
committer	cvs2git <feedback@pld-linux.org>
	Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)