Skip to content

ext/session: reject non-numeric session.upload_progress.freq#22579

Open
jorgsowa wants to merge 2 commits into
php:masterfrom
jorgsowa:fix/session-upload-progress-freq-parsing
Open

ext/session: reject non-numeric session.upload_progress.freq#22579
jorgsowa wants to merge 2 commits into
php:masterfrom
jorgsowa:fix/session-upload-progress-freq-parsing

Conversation

@jorgsowa

@jorgsowa jorgsowa commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

OnUpdateRfc1867Freq silently truncates trailing characters (e.g. "5 apples" becomes 5), the same parsing bug recently fixed for session.cookie_lifetime. Switch to is_numeric_string_ex() to validate the numeric portion strictly, still allowing the optional trailing "%" for percentage mode.

jorgsowa added 2 commits July 3, 2026 18:51
OnUpdateRfc1867Freq used ZEND_ATOL(), which silently truncates
trailing garbage (e.g. "5 apples" becomes 5), the same parsing bug
recently fixed for session.cookie_lifetime. Switch to
is_numeric_string_ex() to validate the numeric portion strictly,
still allowing the optional trailing "%" for percentage mode.
Covers the "%"-suffixed form of session.upload_progress.freq, alongside
the plain-integer case added in rfc1867_invalid_settings_3.phpt.
Comment thread ext/session/session.c
int new_freq = ZEND_ATOL(ZSTR_VAL(new_value));
const char *str = ZSTR_VAL(new_value);
size_t len = ZSTR_LEN(new_value);
bool is_percentage = len > 0 && str[len - 1] == '%';

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What happens with trailing spaces? Not sure how our INI parser deals with those.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants