Skip to content

Use strict comparison to prevent Cookie Signature Bypass Through PHP Type Confusion #14760

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
diosmosis merged 1 commit into from
Aug 16, 2019
Merged

Use strict comparison to prevent Cookie Signature Bypass Through PHP Type Confusion #14760

diosmosis merged 1 commit into from
Aug 16, 2019

Conversation

@mattab
Copy link
Member

@mattab mattab commented Aug 12, 2019

We got a security report, as below, which recommends changing this comparison operator:

Report

Screenshot from 2019-08-13 10-17-01
Screenshot from 2019-08-13 10-17-16

@mattab
Use strict comparison to prevent Cookie Signature Bypass Through PHP …
9bfdcee 
…Type Confusion

We got a security report, as below, which recommends changing this comparison operator:
@mattab mattab added the c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. label Aug 12, 2019
@mattab mattab added this to the 3.12.0 milestone Aug 12, 2019
@diosmosis diosmosis merged commit fe57607 into 3.x-dev Aug 16, 2019
@diosmosis diosmosis deleted the cookie_signature branch August 16, 2019 01:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.

Milestone

3.12.0

Development

Successfully merging this pull request may close these issues.

3 participants

@mattab @diosmosis