1--TEST-- 2Bug #72681: PHP Session Data Injection Vulnerability 3--EXTENSIONS-- 4session 5--SKIPIF-- 6<?php include('skipif.inc'); ?> 7--FILE-- 8<?php 9ini_set('session.serialize_handler', 'php'); 10session_start(); 11$GLOBALS['ryat'] = $_SESSION; 12$_SESSION['ryat'] = 'ryat|O:8:"stdClass":0:{}'; 13session_write_close(); 14session_start(); 15var_dump($ryat); 16var_dump($_SESSION); 17?> 18--EXPECT-- 19array(0) { 20} 21array(1) { 22 ["ryat"]=> 23 string(24) "ryat|O:8:"stdClass":0:{}" 24} 25