Session library - storing/retrieving data containing slashes (CI 2.1.3)

[webspy]

There is a potential bug in the Session library related to storing/retrieving data containing slashes.

The issue can be reproduced using the following piece of code:

$this->load->library('session');
$data = $this->session->userdata('data');
echo var_dump($data);

$data = array('test \\ test');
$this->session->set_userdata('data', $data);
echo var_dump($data);

In CodeIgniter 2.1.3 the _serialize() method of the Session library only escapes the first level of the supplied array. When the data is unserialized on read the unserialize() function emits a warning similar to the following:

Message: unserialize(): Error at offset 42 of 45 bytes

This issue seems to be fixed in CodeIgniter 3.0 by walking the supplied array recursively.

[tubalmartin]

I confirm the bug spotted by webspy. CI 3.0 fixes it.

[blasto333]

I fixed this if you need the code before then:
https://github.com/EllisLab/CodeIgniter/commits?author=blasto333

[captbaritone]

Just a note for future travelers: As @tubalmartin mentioned, this bug is fixed in 3.0. For the curious, it was fixed in ca20d84. I wrote up a short history of what's actually going on with this issue here: #2784

This issue could probably be closed, unless the goal is to get the fix merged into the current stable branch.