xref: /PHP-8.2/ext/session/tests/bug72681.phpt (revision b5a14e6c)
1--TEST--
2Bug #72681: PHP Session Data Injection Vulnerability
3--EXTENSIONS--
4session
5--SKIPIF--
6<?php include('skipif.inc'); ?>
7--FILE--
8<?php
9ini_set('session.serialize_handler', 'php');
10session_start();
11$GLOBALS['ryat'] = $_SESSION;
12$_SESSION['ryat'] = 'ryat|O:8:"stdClass":0:{}';
13session_write_close();
14session_start();
15var_dump($ryat);
16var_dump($_SESSION);
17?>
18--EXPECT--
19array(0) {
20}
21array(1) {
22  ["ryat"]=>
23  string(24) "ryat|O:8:"stdClass":0:{}"
24}
25