History | Log In     View a printable version of the current page.  
   HOME       BROWSE PROJECT       FIND ISSUES   
    QUICK SEARCH:  
Issue Details (XML | Word | Printable)

Key: ZF-2077
Type: Improvement Improvement
Status: Resolved Resolved
Resolution: Fixed
Priority: Minor Minor
Assignee: Jon Whitcraft
Reporter: Johannes H. Jensen
Votes: 1
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
Google issue summary
Zend Framework

Zend_Session_Namespace allows invalid namespaces

Created: 16/Oct/07 11:52 AM   Updated: 21/Dec/08 06:12 AM
Component/s: Zend_Session
Affects Version/s: 1.0.2
Fix Version/s: 1.7.2

Time Tracking:
Original Estimate: 3 hours
Original Estimate - 3 hours
Remaining Estimate: 3 hours
Remaining Estimate - 3 hours
Time Spent: Not Specified
Remaining Estimate - 3 hours

File Attachments: 1. Text File ZF-2077.patch (2 kb)

 Public Fields   Internal Project Management Fields   
Tags:
Participants: Adler Brediks Medrado, Darby Felton, Johannes H. Jensen, Jon Whitcraft, Ralph Schindler and Wil Sinclair
Fix Version Priority: Should Have


 Description  « Hide
Zend_Session_Namespace allows invalid namespace names like "0" to be used as the namespace. This is a problem because 0 is not a valid key of $_SESSION. From the PHP manual: http://php.net/session

"The keys in the $_SESSION associative array are subject to the same limitations as regular variable names in PHP, i.e. they cannot start with a number and must start with a letter or underscore. For more details see the section on variables in this manual."

This is because of register_globals compatibility. Also, see bug #42472: http://bugs.php.net/bug.php?id=42472

Trying to set $_SESSION[0] produces an E_NOTICE message of the following form:
Notice: Unknown: Skipping numeric key 0. in Unknown on line 0

$_SESSION[0] is never stored persistently either.

Zend_Session_Namespace should validate the namespace passed so that it meets the requirements specified in the PHP manual: It must start with a letter or underscore.

 All   Comments   Work Log   Change History   FishEye   Crucible      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Darby Felton - 07/Nov/07 12:30 PM
Any word on committing fixes for this issue? Should I reassign to myself?

[ Permlink | « Hide ]
Adler Brediks Medrado - 07/Nov/07 12:32 PM
Yes!
Please Darby.

I am having some particular issues these days and i can't look this issue now. Thank you.


[ Permlink | « Hide ]
Darby Felton - 07/Nov/07 12:46 PM
Thanks for the update; I've reassigned to myself. If you find time to work on this and it hasn't been resolved yet, please feel free to reassign.

[ Permlink | « Hide ]
Darby Felton - 07/Nov/07 12:48 PM
Changed nature of issue to Improvement and priority to minor, since an easy workaround is present (don't present keys that are illegal according to the manual).

[ Permlink | « Hide ]
Wil Sinclair - 21/Mar/08 05:05 PM
This issue should have been fixed for the 1.5 release.

[ Permlink | « Hide ]
Wil Sinclair - 18/Apr/08 01:12 PM
This doesn't appear to have been fixed in 1.5.0. Please update if this is not correct.

[ Permlink | « Hide ]
Ralph Schindler - 22/Apr/08 11:29 AM
Updating project management info.

[ Permlink | « Hide ]
Jon Whitcraft - 14/Dec/08 05:51 PM
Attached is my proposed patch.

[ Permlink | « Hide ]
Ralph Schindler - 15/Dec/08 07:37 AM
Patch looks good, commit away

[ Permlink | « Hide ]
Jon Whitcraft - 17/Dec/08 03:13 AM
This has been fixed with r13337


Powered by a free Atlassian JIRA open source license for Zend Framework. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.12.2-#300) - Bug/feature request - Atlassian news - Contact Administrators