Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use strict comparison to prevent Cookie Signature Bypass Through PHP Type Confusion #14760

Merged
merged 1 commit into from Aug 16, 2019

Conversation

mattab
Copy link
Member

@mattab mattab commented Aug 12, 2019

We got a security report, as below, which recommends changing this comparison operator:

Report

Screenshot from 2019-08-13 10-17-01
Screenshot from 2019-08-13 10-17-16

…Type Confusion

We got a security report, as below, which recommends changing this comparison operator:
@mattab mattab added the c: Security label Aug 12, 2019
@mattab mattab added this to the 3.12.0 milestone Aug 12, 2019
@diosmosis diosmosis merged commit fe57607 into 3.x-dev Aug 16, 2019
0 of 2 checks passed
@diosmosis diosmosis deleted the cookie_signature branch Aug 16, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c: Security
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants