Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

upgradephp: add contributed safe_serialize()/safe_unserialize() functions #1900

Closed
robocoder opened this Issue · 3 comments

2 participants

@robocoder
Collaborator

Written in PHP, these compatibility functions differ from the built-ins in one respect: they don't serialize/unserialize objects.

We currently sign and apply a blacklist on cookies, so this doesn't add any security value there.

But PhpSecInfo has a test that unserializes content from php.net.

@robocoder
Collaborator

(In [3460]) fixes #1900 - use safe_unserialize() for third-party content; for signed cookies, replace serialize/unserialize with more compact, json_encode()/json_decode()

@mattab
Owner

(In [3507]) Fixing broken tracking, json_decode returning objects but code is using the data as array Refs #1900

@robocoder
Collaborator

(In [3508]) refs #1900, fixes #1911

@robocoder robocoder added this to the Piwik 1.1 milestone
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.