Changeset 9017

Timestamp:

09/15/2014 03:01:19 PM (9 years ago)

Author:

boonebgorges

Message:

Use JSON encoding rather than PHP serialization for storing group creation details in a browser cookie

PHP serialization and unserialization of user-provided input introduces
security vulnerabilities.

Props DJPaul

File:

• branches/2.0/bp-groups/bp-groups-actions.php (modified) (2 diffs)

branches/2.0/bp-groups/bp-groups-actions.php

@@ -58 +58 @@
     // Fetch the currently completed steps variable
     if ( isset( $_COOKIE['bp_completed_create_steps'] ) && !isset( $reset_steps ) )
-        $bp->groups->completed_create_steps = unserialize( stripslashes( $_COOKIE['bp_completed_create_steps'] ) );
+        $bp->groups->completed_create_steps = json_decode( base64_decode( stripslashes( $_COOKIE['bp_completed_create_steps'] ) ) );
 
     // Set the ID of the new group, if it has already been created in a previous step
     if ( isset( $_COOKIE['bp_new_group_id'] ) ) {
-        $bp->groups->new_group_id = $_COOKIE['bp_new_group_id'];
+        $bp->groups->new_group_id = (int) $_COOKIE['bp_new_group_id'];
         $bp->groups->current_group = groups_get_group( array( 'group_id' => $bp->groups->new_group_id ) );
 
@@ -150 +150 @@
         // Reset cookie info
         setcookie( 'bp_new_group_id', $bp->groups->new_group_id, time()+60*60*24, COOKIEPATH );
-        setcookie( 'bp_completed_create_steps', serialize( $bp->groups->completed_create_steps ), time()+60*60*24, COOKIEPATH );
+        setcookie( 'bp_completed_create_steps', base64_encode( json_encode( $bp->groups->completed_create_steps ) ), time()+60*60*24, COOKIEPATH );
 
         // If we have completed all steps and hit done on the final step we