SECURITY Using JSON instead of serialize() to stringify user data in PageCommentsInterface

2024-10-22 11:05:49 +02:00 · 2011-09-15 16:37:10 +02:00 · 2011-09-15 16:37:10 +02:00 · 5b014b8496
commit 5b014b8496
parent 462eac835a
1 changed files with 2 additions and 2 deletions
--- a/code/controllers/CommentingController.php
+++ b/code/controllers/CommentingController.php
@ -134,7 +134,7 @@ class CommentingController extends Controller {

 		// load any data from the cookies
 		if($data = Cookie::get('CommentsForm_UserData')) {
-			$data = unserialize($data); 
+			$data = Convert::json2array($data); 
 			
 			$form->loadDataFrom(array(
 				"Name"		=> isset($data['Name']) ? $data['Name'] : '',
@ -164,7 +164,7 @@ class CommentingController extends Controller {
 		if(!$class) user_error("No OwnerClass set on CommentingController.", E_USER_ERROR);
 		
 		// cache users data
-		Cookie::set("CommentsForm_UserData", serialize($data));
+		Cookie::set("CommentsForm_UserData", Convert::raw2json($data));
 		Cookie::set("CommentsForm_Comment", $data['Comment']);
 		
 		// extend hook to allow extensions. Also see onAfterPostComment