Hi Julien, On Fri, Jan 15, 2016 at 9:10 AM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > > On Fri, Jan 15, 2016 at 4:32 AM, Stanislav Malyshev <smalys...@gmail.com> > wrote: >> >>> However, previous my fix (Raise warning and return false) was wrong fix. >>> Therefore, I would like to correct (Provide new session ID and continue) >>> it in 5.5 also. Does this make sense? >> >> Yes, but nit sure if it's for 5.5. It's for Julian to decide, >> ultimately, but it doesn't look like 5.5 has a security issue right now >> with it? Or am I wrong? > > No. It does not have security bug, but has wrong fix for the security bug.
I'll commit the fix from PHP 5.6. If you think this should be included for PHP 5.5, please cherry pick. I prefer to have this in PHP 5.5, but it's not mandatory. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
