Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Adding an array cast to fix issues where users could modify cookie

values causing iteration errors.  Fixes #1309
  • Loading branch information...
commit 1dfe2ac43111838d05c44cce6ea67e88f7af8bf0 1 parent 390a7ae
@markstory markstory authored
View
4 cake/libs/controller/components/cookie.php
@@ -405,7 +405,7 @@ function __decrypt($values) {
$decrypted = array();
$type = $this->__type;
- foreach ($values as $name => $value) {
+ foreach ((array)$values as $name => $value) {
if (is_array($value)) {
foreach ($value as $key => $val) {
$pos = strpos($val, 'Q2FrZQ==.');
@@ -481,4 +481,4 @@ function __explode($string) {
return $array;
}
}
-?>
+?>
View
13 cake/tests/cases/libs/controller/components/cookie.test.php
@@ -408,6 +408,17 @@ function testReadingCookieDataWithoutStartup() {
unset($_COOKIE['CakeTestCookie']);
}
/**
+ * test that no error is issued for non array data.
+ *
+ * @return void
+ */
+ function testNoErrorOnNonArrayData() {
+ $this->Controller->Cookie->destroy();
+ $_COOKIE['CakeTestCookie'] = 'kaboom';
+
+ $this->assertNull($this->Controller->Cookie->read('value'));
+ }
+/**
* encrypt method
*
* @param mixed $value
@@ -435,4 +446,4 @@ function __implode($array) {
return substr($string, 1);
}
}
-?>
+?>
Please sign in to comment.
Something went wrong with that request. Please try again.