Allow uppercase letters, as well as commas and minus signs in session IDs #77

Merged
merged 1 commit into from Apr 29, 2012

Projects

None yet

2 participants

@drench
Contributor
drench commented Apr 29, 2012

I am running punbb on the same domain as another application, and I noticed sessions getting clobbered. I realize punbb always sets the hash argument to true when calling random_key(), making the existing regex work, but in my situation, I am deliberately sharing punbb sessions with this other application. The session IDs PHP's file session handler generates can contain uppercase letters, as well as commas and minus signs (see http://www.php.net/manual/en/function.session-id.php).

As a workaround I could write a fn_forum_session_start_start hook to override forum_session_start() but I'd like you to consider loosening the regex as in this patch.

@drench drench Allow uppercase letters, '-' and ',' in session ID
ref: http://www.php.net/manual/en/function.session-id.php
"The , (comma) and - (minus) characters are allowed in the file session handler."
d297112
@dimkalinux dimkalinux merged commit a7228f0 into punbb:master Apr 29, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment