Skip to:
Content

BuddyPress.org

Changeset 9017


Ignore:
Timestamp:
09/15/2014 03:01:19 PM (6 years ago)
Author:
boonebgorges
Message:

Use JSON encoding rather than PHP serialization for storing group creation details in a browser cookie

PHP serialization and unserialization of user-provided input introduces
security vulnerabilities.

Props DJPaul

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.0/bp-groups/bp-groups-actions.php

    r8125 r9017  
    5858    // Fetch the currently completed steps variable
    5959    if ( isset( $_COOKIE['bp_completed_create_steps'] ) && !isset( $reset_steps ) )
    60         $bp->groups->completed_create_steps = unserialize( stripslashes( $_COOKIE['bp_completed_create_steps'] ) );
     60        $bp->groups->completed_create_steps = json_decode( base64_decode( stripslashes( $_COOKIE['bp_completed_create_steps'] ) ) );
    6161
    6262    // Set the ID of the new group, if it has already been created in a previous step
    6363    if ( isset( $_COOKIE['bp_new_group_id'] ) ) {
    64         $bp->groups->new_group_id = $_COOKIE['bp_new_group_id'];
     64        $bp->groups->new_group_id = (int) $_COOKIE['bp_new_group_id'];
    6565        $bp->groups->current_group = groups_get_group( array( 'group_id' => $bp->groups->new_group_id ) );
    6666
     
    150150        // Reset cookie info
    151151        setcookie( 'bp_new_group_id', $bp->groups->new_group_id, time()+60*60*24, COOKIEPATH );
    152         setcookie( 'bp_completed_create_steps', serialize( $bp->groups->completed_create_steps ), time()+60*60*24, COOKIEPATH );
     152        setcookie( 'bp_completed_create_steps', base64_encode( json_encode( $bp->groups->completed_create_steps ) ), time()+60*60*24, COOKIEPATH );
    153153
    154154        // If we have completed all steps and hit done on the final step we
Note: See TracChangeset for help on using the changeset viewer.