Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use strict comparison to prevent Cookie Signature Bypass Through PHP Type Confusion #14760

Merged
merged 1 commit into from
Aug 16, 2019

Conversation

mattab
Copy link
Member

@mattab mattab commented Aug 12, 2019

We got a security report, as below, which recommends changing this comparison operator:

Report

Screenshot from 2019-08-13 10-17-01
Screenshot from 2019-08-13 10-17-16

…Type Confusion

We got a security report, as below, which recommends changing this comparison operator:
@mattab mattab added the c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. label Aug 12, 2019
@mattab mattab added this to the 3.12.0 milestone Aug 12, 2019
@diosmosis diosmosis merged commit fe57607 into 3.x-dev Aug 16, 2019
@diosmosis diosmosis deleted the cookie_signature branch August 16, 2019 01:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants