Skip to content

Fix GH-18634: Show warning when saving session if a pipe character is used in one of the $_SESSION keys #18653

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
May 26, 2025
Merged

Fix GH-18634: Show warning when saving session if a pipe character is used in one of the $_SESSION keys #18653

merged 4 commits into from
May 26, 2025

Conversation

@mintopia
Copy link
Contributor

Added a warning that is raised on session write if one of the session key variables contains the pipe character - as this will cause the session data to not be saved. Tests are included to cover this in both request shutdown and explicitly session_write_close().

@mintopia mintopia requested a review from Girgias as a code owner May 25, 2025 11:32
SakiTakamachi
SakiTakamachi reviewed May 25, 2025
View reviewed changes
TimWolla
TimWolla reviewed May 25, 2025
View reviewed changes
Copy link
Member

@TimWolla TimWolla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree that this should not fail silently, but adding a warning in a bugfix version is probably not okay (because folks turn them into Exceptions).

@mintopia
Copy link
Contributor Author

I agree that this should not fail silently, but adding a warning in a bugfix version is probably not okay (because folks turn them into Exceptions).

I can apply this change to master and submit a PR for that if that's OK?

@Girgias Girgias changed the base branch from PHP-8.3 to master May 25, 2025 17:36
@Girgias
Copy link
Member

Girgias commented May 25, 2025

I changed the base branch of the PR to master, can you rebase the PR on top of master and force push? Otherwise, the PR looks goods to me. :)

mintopia added 3 commits May 25, 2025 19:03
Girgias
Girgias approved these changes May 25, 2025
View reviewed changes
Copy link
Member

@Girgias Girgias left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM if CI is green, please update UPGRADING and then this should be good to merge.

@mintopia
Copy link
Contributor Author

Thanks everyone for all the help and advice on my first contribution to PHP.

@TimWolla TimWolla linked an issue May 26, 2025 that may be closed by this pull request
Using pipe character in session variable key causes session data to be removed #18634
Closed
@Girgias Girgias merged commit 042a975 into php:master May 26, 2025
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TimWolla TimWolla TimWolla left review comments

@SakiTakamachi SakiTakamachi SakiTakamachi left review comments

@Girgias Girgias Girgias approved these changes

Assignees

No one assigned

Labels

Extension: session

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Using pipe character in session variable key causes session data to be removed

4 participants

@mintopia @Girgias @TimWolla @SakiTakamachi