ZF-2077: Zend_Session_Namespace allows invalid namespaces

Issue Type: Improvement Created: 2007-10-16T11:52:46.000+0000 Last Updated: 2008-12-21T06:12:31.000+0000 Status: Resolved Fix version(s): - 1.7.2 (23/Dec/08)

Reporter: Johannes H. Jensen (joh) Assignee: Jon Whitcraft (sidhighwind) Tags: - Zend_Session

Related issues: Attachments: - ZF-2077.patch


Zend_Session_Namespace allows invalid namespace names like "0" to be used as the namespace. This is a problem because 0 is not a valid key of $_SESSION. From the PHP manual:

"The keys in the $_SESSION associative array are subject to the same limitations as regular variable names in PHP, i.e. they cannot start with a number and must start with a letter or underscore. For more details see the section on variables in this manual."

This is because of register_globals compatibility. Also, see bug #42472:

Trying to set $_SESSION[0] produces an E_NOTICE message of the following form: Notice: Unknown: Skipping numeric key 0. in Unknown on line 0

$_SESSION[0] is never stored persistently either.

Zend_Session_Namespace should validate the namespace passed so that it meets the requirements specified in the PHP manual: It must start with a letter or underscore.


Posted by Darby Felton (darby) on 2007-11-07T12:30:02.000+0000

Any word on committing fixes for this issue? Should I reassign to myself?

Posted by Adler Brediks Medrado (adlermedrado) on 2007-11-07T12:32:53.000+0000

Yes! Please Darby.

I am having some particular issues these days and i can't look this issue now. Thank you.

Posted by Darby Felton (darby) on 2007-11-07T12:46:29.000+0000

Thanks for the update; I've reassigned to myself. :) If you find time to work on this and it hasn't been resolved yet, please feel free to reassign.

Posted by Darby Felton (darby) on 2007-11-07T12:48:00.000+0000

Changed nature of issue to Improvement and priority to minor, since an easy workaround is present (don't present keys that are illegal according to the manual).

Posted by Wil Sinclair (wil) on 2008-03-21T17:05:31.000+0000

This issue should have been fixed for the 1.5 release.

Posted by Wil Sinclair (wil) on 2008-04-18T13:12:01.000+0000

This doesn't appear to have been fixed in 1.5.0. Please update if this is not correct.

Posted by Ralph Schindler (ralph) on 2008-04-22T11:29:54.000+0000

Updating project management info.

Posted by Jon Whitcraft (sidhighwind) on 2008-12-14T17:51:51.000+0000

Attached is my proposed patch.

Posted by Ralph Schindler (ralph) on 2008-12-15T07:37:27.000+0000

Patch looks good, commit away

Posted by Jon Whitcraft (sidhighwind) on 2008-12-17T03:13:44.000+0000

This has been fixed with r13337

Have you found an issue?

See the Overview section for more details.


© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.