diff options
| author | robocoder <anthon.pang@gmail.com> | 2010-11-26 10:45:54 +0300 |
|---|---|---|
| committer | robocoder <anthon.pang@gmail.com> | 2010-11-26 10:45:54 +0300 |
| commit | 2ba23539307835b42314ec8a2b25d61f0f1067af (patch) | |
| tree | 2372df6621db4e9cab92c9cee4b760488c125b51 /core/Cookie.php | |
| parent | ab70e8dc835eb3ecd5a799bbf8afee6fe2db7531 (diff) | |
workaround what appears to be a substr_compare() validation bug (negative offset vs positive length)
git-svn-id: http://dev.piwik.org/svn/trunk@3373 59fd770c-687e-43c8-a1e3-f5a4ff64c105
Diffstat (limited to 'core/Cookie.php')
| -rw-r--r-- | core/Cookie.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/core/Cookie.php b/core/Cookie.php index d50a58ef97..02bb1a2aee 100644 --- a/core/Cookie.php +++ b/core/Cookie.php @@ -193,7 +193,7 @@ class Piwik_Cookie private function extractSignedContent($content) { $signature = substr($content, -40); - if(!substr_compare($content, self::VALUE_SEPARATOR . '_=', -43, 3) && + if(substr($content, -43, 3) == self::VALUE_SEPARATOR . '_=' && $signature == sha1(substr($content, 0, -40) . Piwik_Common::getSalt())) { // strip trailing: VALUE_SEPARATOR '_=' signature" |