Skip to content
Browse files

SECURITY Using JSON instead of serialize() to stringify user data in …

…PageCommentsInterface
  • Loading branch information...
1 parent b5ea2f6 commit d15e8509b01ff2dbbe3028a055021a29b1065b22 @chillu chillu committed Sep 8, 2011
Showing with 3 additions and 3 deletions.
  1. +3 −3 code/sitefeatures/PageCommentInterface.php
View
6 code/sitefeatures/PageCommentInterface.php
@@ -222,7 +222,7 @@ function PostCommentForm() {
foreach($fields as $field) {
if(!$field instanceof HiddenField) $visibleFields[] = $field->Name();
}
- $form->loadDataFrom(unserialize($cookie), false, $visibleFields);
+ $form->loadDataFrom(Convert::json2array($cookie), false, $visibleFields);
}
return $form;
@@ -272,7 +272,7 @@ function DeleteAllLink() {
*/
class PageCommentInterface_Form extends Form {
function postcomment($data) {
- Cookie::set("PageCommentInterface_Data", serialize($data));
+ Cookie::set("PageCommentInterface_Data", Convert::raw2json($data));
// Spam filtering
if(SSAkismet::isEnabled()) {
@@ -333,7 +333,7 @@ function postcomment($data) {
$comment->write();
unset($data['Comment']);
- Cookie::set("PageCommentInterface_Data", serialize($data));
+ Cookie::set("PageCommentInterface_Data", Convert::raw2json($data));
$moderationMsg = _t('PageCommentInterface_Form.AWAITINGMODERATION', "Your comment has been submitted and is now awaiting moderation.");

0 comments on commit d15e850

Please sign in to comment.
Something went wrong with that request. Please try again.