1--TEST-- 2Bug #72681: PHP Session Data Injection Vulnerability 3--SKIPIF-- 4<?php include('skipif.inc'); ?> 5--FILE-- 6<?php 7ini_set('session.serialize_handler', 'php'); 8session_start(); 9$GLOBALS['ryat'] = $_SESSION; 10$_SESSION['ryat'] = 'ryat|O:8:"stdClass":0:{}'; 11session_write_close(); 12session_start(); 13var_dump($ryat); 14var_dump($_SESSION); 15?> 16--EXPECT-- 17array(0) { 18} 19array(1) { 20 ["ryat"]=> 21 string(24) "ryat|O:8:"stdClass":0:{}" 22} 23
