Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

SECURITY Using JSON instead of serialize() to stringify user data in …

…PageCommentsInterface
  • Loading branch information...
commit d15e8509b01ff2dbbe3028a055021a29b1065b22 1 parent b5ea2f6
Ingo Schommer chillu authored
Showing with 3 additions and 3 deletions.
  1. +3 −3 code/sitefeatures/PageCommentInterface.php
6 code/sitefeatures/PageCommentInterface.php
View
@@ -222,7 +222,7 @@ function PostCommentForm() {
foreach($fields as $field) {
if(!$field instanceof HiddenField) $visibleFields[] = $field->Name();
}
- $form->loadDataFrom(unserialize($cookie), false, $visibleFields);
+ $form->loadDataFrom(Convert::json2array($cookie), false, $visibleFields);
}
return $form;
@@ -272,7 +272,7 @@ function DeleteAllLink() {
*/
class PageCommentInterface_Form extends Form {
function postcomment($data) {
- Cookie::set("PageCommentInterface_Data", serialize($data));
+ Cookie::set("PageCommentInterface_Data", Convert::raw2json($data));
// Spam filtering
if(SSAkismet::isEnabled()) {
@@ -333,7 +333,7 @@ function postcomment($data) {
$comment->write();
unset($data['Comment']);
- Cookie::set("PageCommentInterface_Data", serialize($data));
+ Cookie::set("PageCommentInterface_Data", Convert::raw2json($data));
$moderationMsg = _t('PageCommentInterface_Form.AWAITINGMODERATION', "Your comment has been submitted and is now awaiting moderation.");
Please sign in to comment.
Something went wrong with that request. Please try again.