Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

upgradephp: add contributed safe_serialize()/safe_unserialize() functions #1900

Closed
robocoder opened this issue Dec 18, 2010 · 3 comments
Closed
Labels
Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc.
Milestone

Comments

@robocoder
Copy link
Contributor

Written in PHP, these compatibility functions differ from the built-ins in one respect: they don't serialize/unserialize objects.

We currently sign and apply a blacklist on cookies, so this doesn't add any security value there.

But PhpSecInfo has a test that unserializes content from php.net.

@robocoder
Copy link
Contributor Author

(In [3460]) fixes #1900 - use safe_unserialize() for third-party content; for signed cookies, replace serialize/unserialize with more compact, json_encode()/json_decode()

@mattab
Copy link
Member

mattab commented Dec 22, 2010

(In [3507]) Fixing broken tracking, json_decode returning objects but code is using the data as array Refs #1900

@robocoder
Copy link
Contributor Author

(In [3508]) refs #1900, fixes #1911

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc.
Projects
None yet
Development

No branches or pull requests

2 participants