Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Session library - storing/retrieving data containing slashes (CI 2.1.3) #1990

webspy opened this Issue Nov 10, 2012 · 3 comments


None yet
5 participants

webspy commented Nov 10, 2012

There is a potential bug in the Session library related to storing/retrieving data containing slashes.

The issue can be reproduced using the following piece of code:

$data = $this->session->userdata('data');
echo var_dump($data);

$data = array('test \\ test');
$this->session->set_userdata('data', $data);
echo var_dump($data);

In CodeIgniter 2.1.3 the _serialize() method of the Session library only escapes the first level of the supplied array. When the data is unserialized on read the unserialize() function emits a warning similar to the following:

Message: unserialize(): Error at offset 42 of 45 bytes

This issue seems to be fixed in CodeIgniter 3.0 by walking the supplied array recursively.


tubalmartin commented Apr 18, 2013

I confirm the bug spotted by webspy. CI 3.0 fixes it.


blasto333 commented Aug 30, 2013

I fixed this if you need the code before then:


captbaritone commented Dec 23, 2013

Just a note for future travelers: As @tubalmartin mentioned, this bug is fixed in 3.0. For the curious, it was fixed in ca20d84. I wrote up a short history of what's actually going on with this issue here: EllisLab#2784

This issue could probably be closed, unless the goal is to get the fix merged into the current stable branch.

@narfbg narfbg closed this Dec 24, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment