xref: /PHP-7.4/ext/session/tests/bug72681.phpt (revision a3740dad)
1--TEST--
2Bug #72681: PHP Session Data Injection Vulnerability
3--SKIPIF--
4<?php include('skipif.inc'); ?>
5--FILE--
6<?php
7ini_set('session.serialize_handler', 'php');
8session_start();
9$GLOBALS['ryat'] = $_SESSION;
10$_SESSION['ryat'] = 'ryat|O:8:"stdClass":0:{}';
11session_write_close();
12session_start();
13var_dump($ryat);
14var_dump($_SESSION);
15?>
16--EXPECT--
17array(0) {
18}
19array(1) {
20  ["ryat"]=>
21  string(24) "ryat|O:8:"stdClass":0:{}"
22}
23