From 9fa651474eb4d3bb0ce40dd5a55c51bb861c2658 Mon Sep 17 00:00:00 2001
From: Scott Arciszewski <scott@arciszewski.me>
Date: Sun, 1 Mar 2015 21:12:41 -0500
Subject: [PATCH] Fix #1034 (CVE-2015-2171)

---
 Slim/Middleware/SessionCookie.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Slim/Middleware/SessionCookie.php b/Slim/Middleware/SessionCookie.php
index a467475d0..76943c1d2 100644
--- a/Slim/Middleware/SessionCookie.php
+++ b/Slim/Middleware/SessionCookie.php
@@ -124,7 +124,7 @@ protected function loadSession()
 
         if ($value) {
             try {
-                $_SESSION = unserialize($value);
+                $_SESSION = json_decode($value, true);
             } catch (\Exception $e) {
                 $this->app->getLog()->error('Error unserializing session cookie value! ' . $e->getMessage());
             }
@@ -138,7 +138,7 @@ protected function loadSession()
      */
     protected function saveSession()
     {
-        $value = serialize($_SESSION);
+        $value = json_encode($_SESSION);
 
         if (strlen($value) > 4096) {
             $this->app->getLog()->error('WARNING! Slim\Middleware\SessionCookie data size is larger than 4KB. Content save failed.');