Permalink
Browse files

(Fixes issue 776)

  • Loading branch information...
1 parent 6a66df4 commit b195893015e61790c40be0b911337a2f9a73b3dc qiang.xue committed Feb 20, 2010
Showing with 3 additions and 2 deletions.
  1. +1 −0 CHANGELOG
  2. +2 −2 framework/web/auth/CWebUser.php
View
@@ -7,6 +7,7 @@ Version 1.0.12 to be released
- Bug #731: When using CWebService to generate WSDL, it may cause the error about Premature end of data in tag definitions in SoapClient (Qiang)
- Bug #740: CDbCriteria::addColumnCondition() should handle NULL parameter correctly (Qiang)
- Bug #742: CEmailValidator should allow upper case email addresses (Qiang)
+- Bug #776: CWebUser may fail when unserializing invalid cookie data (Qiang)
- Bug #788: CHttpRequest.sendFile() gives incorrect content length when output_handler is enabled (Qiang)
- Bug #801: CCaptcha allows unlimited tests if the CAPTCHA image is not reloaded (Qiang)
- Bug #832: CJavaScript::quote() should also escape the sequence "</" (Qiang)
@@ -310,8 +310,8 @@ protected function restoreFromCookie()
$cookie=$app->getRequest()->getCookies()->itemAt($this->getStateKeyPrefix());
if($cookie && !empty($cookie->value) && ($data=$app->getSecurityManager()->validateData($cookie->value))!==false)
{
- $data=unserialize($data);
- if(isset($data[0],$data[1],$data[2]))
+ $data=@unserialize($data);
+ if(is_array($data) && isset($data[0],$data[1],$data[2]))
{
list($id,$name,$states)=$data;
$this->changeIdentity($id,$name,$states);

0 comments on commit b195893

Please sign in to comment.