Adding an array cast to fix issues where users could modify cookie

values causing iteration errors. Fixes #1309
cakephp · Nov 25, 2010 · 1dfe2ac · 1dfe2ac
1 parent 390a7ae
commit 1dfe2ac
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 3 deletions.
diff --git a/cake/libs/controller/components/cookie.php b/cake/libs/controller/components/cookie.php
@@ -405,7 +405,7 @@ function __decrypt($values) {
 		$decrypted = array();
 		$type = $this->__type;
 
-		foreach ($values as $name => $value) {
+		foreach ((array)$values as $name => $value) {
 			if (is_array($value)) {
 				foreach ($value as $key => $val) {
 					$pos = strpos($val, 'Q2FrZQ==.');
@@ -481,4 +481,4 @@ function __explode($string) {
 		return $array;
 	}
 }
-?>
+?>
diff --git a/cake/tests/cases/libs/controller/components/cookie.test.php b/cake/tests/cases/libs/controller/components/cookie.test.php
@@ -407,6 +407,17 @@ function testReadingCookieDataWithoutStartup() {
 		$this->Controller->Cookie->destroy();
 		unset($_COOKIE['CakeTestCookie']);
 	}
+/**
+ * test that no error is issued for non array data.
+ *
+ * @return void
+ */
+	function testNoErrorOnNonArrayData() {
+		$this->Controller->Cookie->destroy();
+		$_COOKIE['CakeTestCookie'] = 'kaboom';
+
+		$this->assertNull($this->Controller->Cookie->read('value'));
+	}
 /**
  * encrypt method
  *
@@ -435,4 +446,4 @@ function __implode($array) {
 		return substr($string, 1);
 	}
 }
-?>
+?>