Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
--TEST-- Bug #73529 session_decode() silently fails on wrong input --EXTENSIONS-- session ..
Decoded Output download
--TEST--
Bug #73529 session_decode() silently fails on wrong input
--EXTENSIONS--
session
--SKIPIF--
<?php include('skipif.inc'); ?>
--FILE--
<?php
ob_start();
ini_set("session.serialize_handler", "php_serialize");
session_start();
$result1 = session_decode('foo|s:3:"bar";');
$session1 = $_SESSION;
session_destroy();
ini_set("session.serialize_handler", "php");
session_start();
$result2 = session_decode(serialize(["foo" => "bar"]));
$session2 = $_SESSION;
session_destroy();
echo ob_get_clean();
var_dump($result1);
var_dump($session1);
var_dump($result2);
var_dump($session2);
?>
--EXPECTF--
Warning: session_decode(): Failed to decode session object. Session has been destroyed in %s on line %d
Warning: session_destroy(): Trying to destroy uninitialized session in %s on line %d
Warning: session_decode(): Failed to decode session object. Session has been destroyed in %s on line %d
Warning: session_destroy(): Trying to destroy uninitialized session in %s on line %d
bool(false)
array(0) {
}
bool(false)
array(0) {
}
Did this file decode correctly?
Original Code
--TEST--
Bug #73529 session_decode() silently fails on wrong input
--EXTENSIONS--
session
--SKIPIF--
<?php include('skipif.inc'); ?>
--FILE--
<?php
ob_start();
ini_set("session.serialize_handler", "php_serialize");
session_start();
$result1 = session_decode('foo|s:3:"bar";');
$session1 = $_SESSION;
session_destroy();
ini_set("session.serialize_handler", "php");
session_start();
$result2 = session_decode(serialize(["foo" => "bar"]));
$session2 = $_SESSION;
session_destroy();
echo ob_get_clean();
var_dump($result1);
var_dump($session1);
var_dump($result2);
var_dump($session2);
?>
--EXPECTF--
Warning: session_decode(): Failed to decode session object. Session has been destroyed in %s on line %d
Warning: session_destroy(): Trying to destroy uninitialized session in %s on line %d
Warning: session_decode(): Failed to decode session object. Session has been destroyed in %s on line %d
Warning: session_destroy(): Trying to destroy uninitialized session in %s on line %d
bool(false)
array(0) {
}
bool(false)
array(0) {
}
Function Calls
None |
Stats
MD5 | 78ba601419398dc781c1f7e79c278f60 |
Eval Count | 0 |
Decode Time | 97 ms |