mirror of
https://github.com/silverstripe/silverstripe-reports
synced 2024-09-18 23:45:59 +02:00
SECURITY Using JSON instead of serialize() to stringify user data in PageCommentsInterface
This commit is contained in:
parent
b5ea2f68fe
commit
d15e8509b0
@ -222,7 +222,7 @@ class PageCommentInterface extends RequestHandler {
|
|||||||
foreach($fields as $field) {
|
foreach($fields as $field) {
|
||||||
if(!$field instanceof HiddenField) $visibleFields[] = $field->Name();
|
if(!$field instanceof HiddenField) $visibleFields[] = $field->Name();
|
||||||
}
|
}
|
||||||
$form->loadDataFrom(unserialize($cookie), false, $visibleFields);
|
$form->loadDataFrom(Convert::json2array($cookie), false, $visibleFields);
|
||||||
}
|
}
|
||||||
|
|
||||||
return $form;
|
return $form;
|
||||||
@ -272,7 +272,7 @@ class PageCommentInterface extends RequestHandler {
|
|||||||
*/
|
*/
|
||||||
class PageCommentInterface_Form extends Form {
|
class PageCommentInterface_Form extends Form {
|
||||||
function postcomment($data) {
|
function postcomment($data) {
|
||||||
Cookie::set("PageCommentInterface_Data", serialize($data));
|
Cookie::set("PageCommentInterface_Data", Convert::raw2json($data));
|
||||||
|
|
||||||
// Spam filtering
|
// Spam filtering
|
||||||
if(SSAkismet::isEnabled()) {
|
if(SSAkismet::isEnabled()) {
|
||||||
@ -333,7 +333,7 @@ class PageCommentInterface_Form extends Form {
|
|||||||
$comment->write();
|
$comment->write();
|
||||||
|
|
||||||
unset($data['Comment']);
|
unset($data['Comment']);
|
||||||
Cookie::set("PageCommentInterface_Data", serialize($data));
|
Cookie::set("PageCommentInterface_Data", Convert::raw2json($data));
|
||||||
|
|
||||||
$moderationMsg = _t('PageCommentInterface_Form.AWAITINGMODERATION', "Your comment has been submitted and is now awaiting moderation.");
|
$moderationMsg = _t('PageCommentInterface_Form.AWAITINGMODERATION', "Your comment has been submitted and is now awaiting moderation.");
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user