search

appserver-io / appserver

A multithreaded application server for PHP, written in PHP.
http://appserver.io/
Open Software License 3.0
965 stars 104 forks source link

Validate session identifier before lookup in filesystem #1139

Closed pathmissing closed 4 years ago

pathmissing commented 4 years ago

Prevents an attacker from including (and thereby temporarily locking) arbitrary files by using manipulated input within FilesystemSessionHandler::load().