xref: /PHP-8.2/ext/session/tests/bug73529.phpt (revision b5a14e6c)
1--TEST--
2Bug #73529 session_decode() silently fails on wrong input
3--EXTENSIONS--
4session
5--SKIPIF--
6<?php include('skipif.inc'); ?>
7--FILE--
8<?php
9ob_start();
10
11ini_set("session.serialize_handler", "php_serialize");
12session_start();
13
14$result1 = session_decode('foo|s:3:"bar";');
15$session1 = $_SESSION;
16session_destroy();
17
18ini_set("session.serialize_handler", "php");
19session_start();
20
21$result2 = session_decode(serialize(["foo" => "bar"]));
22$session2 = $_SESSION;
23session_destroy();
24
25echo ob_get_clean();
26
27var_dump($result1);
28var_dump($session1);
29var_dump($result2);
30var_dump($session2);
31
32?>
33--EXPECTF--
34Warning: session_decode(): Failed to decode session object. Session has been destroyed in %s on line %d
35
36Warning: session_destroy(): Trying to destroy uninitialized session in %s on line %d
37
38Warning: session_decode(): Failed to decode session object. Session has been destroyed in %s on line %d
39
40Warning: session_destroy(): Trying to destroy uninitialized session in %s on line %d
41bool(false)
42array(0) {
43}
44bool(false)
45array(0) {
46}
47