Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

SECURITY Using JSON instead of serialize() to stringify user data in …

…PageCommentsInterface
  • Loading branch information...
commit d15e8509b01ff2dbbe3028a055021a29b1065b22 1 parent b5ea2f6
@chillu chillu authored
Showing with 3 additions and 3 deletions.
  1. +3 −3 code/sitefeatures/PageCommentInterface.php
View
6 code/sitefeatures/PageCommentInterface.php
@@ -222,7 +222,7 @@ function PostCommentForm() {
foreach($fields as $field) {
if(!$field instanceof HiddenField) $visibleFields[] = $field->Name();
}
- $form->loadDataFrom(unserialize($cookie), false, $visibleFields);
+ $form->loadDataFrom(Convert::json2array($cookie), false, $visibleFields);
}
return $form;
@@ -272,7 +272,7 @@ function DeleteAllLink() {
*/
class PageCommentInterface_Form extends Form {
function postcomment($data) {
- Cookie::set("PageCommentInterface_Data", serialize($data));
+ Cookie::set("PageCommentInterface_Data", Convert::raw2json($data));
// Spam filtering
if(SSAkismet::isEnabled()) {
@@ -333,7 +333,7 @@ function postcomment($data) {
$comment->write();
unset($data['Comment']);
- Cookie::set("PageCommentInterface_Data", serialize($data));
+ Cookie::set("PageCommentInterface_Data", Convert::raw2json($data));
$moderationMsg = _t('PageCommentInterface_Form.AWAITINGMODERATION', "Your comment has been submitted and is now awaiting moderation.");
Please sign in to comment.
Something went wrong with that request. Please try again.