merged branch mvrhov/dbal_sessstorage_fix (PR #2384)

Commits ------- 0907111 session data needs to be encoded because it can contain non binary safe characters e.g null. Fixes #2067 Discussion ---------- session data needs to be encoded because it can contain non binary safe characters e.g null., part 2 Bug fix: yes Feature addition: no Backwards compatibility break: yes Symfony2 tests pass: yes Fixes the following tickets: #2067 I'm marking this as a compatibility break because session table should be cleared and even if not cleared all currently logged in users will be logged out. This is the fix for a same issue in DBAL session storage made against master. --------------------------------------------------------------------------- by schmittjoh at 2011/10/12 02:44:19 -0700 If I understand this correctly, only the PgSqlPlatform is affected by this. What do you think about adding an ``ìnstanceof PgSqlPlatform`` check? --------------------------------------------------------------------------- by mvrhov at 2011/10/12 03:47:52 -0700 It's the same for sqlite, it just happens that mysql escapes \0, so we can say it's driver dependent. The Drupal guys had the same issue http://drupal.org/node/690746 , they changed to column type to bytea for pgsql and for mysql to blob, also in Drupal report you can find that storing this into a session hash_file('md5', 'CHANGELOG.txt', TRUE) will trigger the similar problem in mysql. The other thing to consider is what I mentioned in original bugreport, e.g igbinary as default serializer for session data.
2011-10-25 17:18:25 +02:00 · 2011-10-25 17:18:25 +02:00 · a4d4d4c1f8
commit a4d4d4c1f8
parent 95ec41b075 090711183d
1 changed files with 5 additions and 3 deletions
--- a/src/Symfony/Bridge/Doctrine/HttpFoundation/DbalSessionStorage.php
+++ b/src/Symfony/Bridge/Doctrine/HttpFoundation/DbalSessionStorage.php
@ -132,7 +132,7 @@ class DbalSessionStorage extends NativeSessionStorage
            ))->fetchColumn();

            if (false !== $data) {
-                return $data;
+                return base64_decode($data);
            }

            // session does not exist, create it
@ -170,7 +170,8 @@ class DbalSessionStorage extends NativeSessionStorage
            $rowCount = $this->con->exec(sprintf(
                $sql,
                $this->con->quote($id),
-                $this->con->quote($data),
+                //session data can contain non binary safe characters so we need to encode it
+                $this->con->quote(base64_encode($data)),
                time()
            ));

@ -196,7 +197,8 @@ class DbalSessionStorage extends NativeSessionStorage
    {
        $this->con->exec(sprintf("INSERT INTO {$this->tableName} (sess_id, sess_data, sess_time) VALUES (%s, %s, %d)",
            $this->con->quote($id),
-            $this->con->quote($data),
+            //session data can contain non binary safe characters so we need to encode it
+            $this->con->quote(base64_encode($data)),
            time()
        ));