merged branch mvrhov/dbal_sessstorage_fix (PR #2384)
Commits
-------
0907111
session data needs to be encoded because it can contain non binary safe characters e.g null. Fixes #2067
Discussion
----------
session data needs to be encoded because it can contain non binary safe characters e.g null., part 2
Bug fix: yes
Feature addition: no
Backwards compatibility break: yes
Symfony2 tests pass: yes
Fixes the following tickets: #2067
I'm marking this as a compatibility break because session table should be cleared and even if not cleared all currently logged in users will be logged out.
This is the fix for a same issue in DBAL session storage made against master.
---------------------------------------------------------------------------
by schmittjoh at 2011/10/12 02:44:19 -0700
If I understand this correctly, only the PgSqlPlatform is affected by this. What do you think about adding an ``ìnstanceof PgSqlPlatform`` check?
---------------------------------------------------------------------------
by mvrhov at 2011/10/12 03:47:52 -0700
It's the same for sqlite, it just happens that mysql escapes \0, so we can say it's driver dependent.
The Drupal guys had the same issue http://drupal.org/node/690746 , they changed to column type to bytea for pgsql and for mysql to blob, also in Drupal report you can find that storing this into a session hash_file('md5', 'CHANGELOG.txt', TRUE) will trigger the similar problem in mysql.
The other thing to consider is what I mentioned in original bugreport, e.g igbinary as default serializer for session data.
This commit is contained in:
commit
a4d4d4c1f8
@ -132,7 +132,7 @@ class DbalSessionStorage extends NativeSessionStorage
|
||||
))->fetchColumn();
|
||||
|
||||
if (false !== $data) {
|
||||
return $data;
|
||||
return base64_decode($data);
|
||||
}
|
||||
|
||||
// session does not exist, create it
|
||||
@ -170,7 +170,8 @@ class DbalSessionStorage extends NativeSessionStorage
|
||||
$rowCount = $this->con->exec(sprintf(
|
||||
$sql,
|
||||
$this->con->quote($id),
|
||||
$this->con->quote($data),
|
||||
//session data can contain non binary safe characters so we need to encode it
|
||||
$this->con->quote(base64_encode($data)),
|
||||
time()
|
||||
));
|
||||
|
||||
@ -196,7 +197,8 @@ class DbalSessionStorage extends NativeSessionStorage
|
||||
{
|
||||
$this->con->exec(sprintf("INSERT INTO {$this->tableName} (sess_id, sess_data, sess_time) VALUES (%s, %s, %d)",
|
||||
$this->con->quote($id),
|
||||
$this->con->quote($data),
|
||||
//session data can contain non binary safe characters so we need to encode it
|
||||
$this->con->quote(base64_encode($data)),
|
||||
time()
|
||||
));
|
||||
|
||||
|
Reference in New Issue
Block a user