session save bug in ISPConfig 3.1 Beta 2

Discussion in 'Developers' Forum' started by freeline, Jun 29, 2016.

  1. freeline

    freeline New Member

    Hello,

    there's a small bug in session.inc.php that prevents session data from being saved (and therefore users from logging in) if there is an active session:
    In line 96 session_data should not be passed as string but as a parameter

    Hope this helps,
    Volker
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    I'm currently working on 3.1b2 here and I'm logged in and I'm able to logout and login, so there is no such problem here. Which PHP version do you use? I tested it here with PHP 5.6 and 7.0.
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    I guess you mean to change the lines like this?

    $sql = "REPLACE INTO sys_session (session_id,date_created,last_updated,session_data,permanent) VALUES (?,NOW(),NOW(),?,?)";
    $this->db->query($sql, $session_id, $session_data, ($this->permanent ? 'y' : 'n'));

    The other way should work as well and does it here, but it might be that there was an escape error on your server, so passing it as parameter is the correct way off course.
     
  4. freeline

    freeline New Member

    Yes, that's how I modified it and it works again. I guess there was something in the session data that should have been escaped.

    I'm using php 7.0.
     

Share This Page