Switch to using json_encode/decode for the cookie and strict equality…

… checking. Fixes #267
ganglia · Oct 1, 2015 · f8cc170 · f8cc170
1 parent b2fcf9b
commit f8cc170
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/lib/GangliaAuth.php b/lib/GangliaAuth.php
@@ -37,13 +37,13 @@ public function init() {
       if($this->getMagicQuotesGpc()) {
         $cookie = stripslashes($cookie);
       }
-      $data = unserialize($cookie);
+      $data = json_decode($cookie, TRUE);
 
       if(array_keys($data) != array('user','group','token')) {
         return false;
       }
 
-      if($this->getAuthToken($data['user']) == $data['token']) {
+      if($this->getAuthToken($data['user']) === $data['token']) {
         $this->tokenIsValid = true;
         $this->user = $data['user'];
         $this->group = $data['group'];
@@ -82,7 +82,7 @@ public function getAuthToken($user) {
 
   // this is how a user 'logs in'.
   public function setAuthCookie($user, $group=null) {
-    setcookie('ganglia_auth', serialize( array('user'=>$user, 'group'=>$group, 'token'=>$this->getAuthToken($user)) ) );
+    setcookie('ganglia_auth', json_encode( array('user'=>$user, 'group'=>$group, 'token'=>$this->getAuthToken($user)) ) );
     $this->user = $user;
     $this->group = $group;
     $this->tokenIsValid = true;