diff options
author | robocoder <anthon.pang@gmail.com> | 2011-01-12 04:58:22 +0300 |
---|---|---|
committer | robocoder <anthon.pang@gmail.com> | 2011-01-12 04:58:22 +0300 |
commit | 32adc1933dee83b5fdfdc809f98e2d608e4220d0 (patch) | |
tree | 3c7cda583724bb53eaa45ea5182be65ec009f4db /core/Cookie.php | |
parent | 02531f1e908aafc1754b90e5d476e02e3d65a223 (diff) |
refs #1958 - discard entire cookie content if any part fails to unserialize
git-svn-id: http://dev.piwik.org/svn/trunk@3712 59fd770c-687e-43c8-a1e3-f5a4ff64c105
Diffstat (limited to 'core/Cookie.php')
-rw-r--r-- | core/Cookie.php | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/core/Cookie.php b/core/Cookie.php index 6f16ae4664..4b01fa499f 100644 --- a/core/Cookie.php +++ b/core/Cookie.php @@ -226,7 +226,17 @@ class Piwik_Cookie // no numeric value are base64 encoded so we need to decode them if(!is_numeric($varValue)) { - $varValue = safe_unserialize(base64_decode($varValue)); + $tmpValue = base64_decode($varValue); + $varValue = safe_unserialize(tmpValue); + + // discard entire cookie + // note: this assumes we never serialize a boolean + if($varValue === false && $varValue !== 'b:0;') + { + $this->value = array(); + unset($_COOKIE[$this->name]); + break; + } } $this->value[$varName] = $varValue; |