Skip to content

Commit 94e7e54

Browse files
fabpotfabpot
committed
merged branch mvrhov/pdo_sessstorage_fix (PR #2382)
Commits ------- edfa29b session data needs to be encoded because it can contain non binary safe characters e.g null. Fixes #2067 Discussion ---------- session data needs to be encoded because it can contain non binary safe characters e.g null. Bug fix: yes Feature addition: no Backwards compatibility break: yes Symfony2 tests pass: yes Fixes the following tickets: #2067 I'm marking this as a compatibility break because session table should be cleared and even if not cleared all currently logged in users will be logged out. --------------------------------------------------------------------------- by mvrhov at 2011/10/11 12:52:25 -0700 P.S. I know there was a talk about doctrine based session storage but I cannot find this in core. It probably has the same problem. --------------------------------------------------------------------------- by eventhorizonpl at 2011/10/11 14:34:08 -0700 Thanks for tracking down and fixing this issue! Best regards, Michal --------------------------------------------------------------------------- by stof at 2011/10/11 16:24:18 -0700 @mvrhov The Doctrine based storage is only available in master, not in 2.0
2 parents 6c2f093 + edfa29b commit 94e7e54

File tree

1 file changed

+7
-3
lines changed

1 file changed

+7
-3
lines changed

src/Symfony/Component/HttpFoundation/SessionStorage/PdoSessionStorage.php

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -181,7 +181,7 @@ public function sessionRead($id)
181181
$sessionRows = $stmt->fetchAll(\PDO::FETCH_NUM);
182182

183183
if (count($sessionRows) == 1) {
184-
return $sessionRows[0][0];
184+
return base64_decode($sessionRows[0][0]);
185185
}
186186

187187
// session does not exist, create it
@@ -217,9 +217,11 @@ public function sessionWrite($id, $data)
217217
: "UPDATE $dbTable SET $dbDataCol = :data, $dbTimeCol = :time WHERE $dbIdCol = :id";
218218

219219
try {
220+
//session data can contain non binary safe characters so we need to encode it
221+
$encoded = base64_encode($data);
220222
$stmt = $this->db->prepare($sql);
221223
$stmt->bindParam(':id', $id, \PDO::PARAM_STR);
222-
$stmt->bindParam(':data', $data, \PDO::PARAM_STR);
224+
$stmt->bindParam(':data', $encoded, \PDO::PARAM_STR);
223225
$stmt->bindValue(':time', time(), \PDO::PARAM_INT);
224226
$stmt->execute();
225227

@@ -251,9 +253,11 @@ private function createNewSession($id, $data = '')
251253

252254
$sql = "INSERT INTO $dbTable ($dbIdCol, $dbDataCol, $dbTimeCol) VALUES (:id, :data, :time)";
253255

256+
//session data can contain non binary safe characters so we need to encode it
257+
$encoded = base64_encode($data);
254258
$stmt = $this->db->prepare($sql);
255259
$stmt->bindParam(':id', $id, \PDO::PARAM_STR);
256-
$stmt->bindParam(':data', $data, \PDO::PARAM_STR);
260+
$stmt->bindParam(':data', $encoded, \PDO::PARAM_STR);
257261
$stmt->bindValue(':time', time(), \PDO::PARAM_INT);
258262
$stmt->execute();
259263

0 commit comments

Comments
 (0)