diff options
author | Chris Muench <me@chrismuench.com> | 2011-10-16 20:14:04 +0200 |
---|---|---|
committer | Chris Muench <me@chrismuench.com> | 2011-10-16 20:14:04 +0200 |
commit | 9593349964e9ba557b14e8cda9c16b16498a55a5 (patch) | |
tree | 48a062875c93db0088f309711c4ae7be022d7c57 /system/libraries/Session.php | |
parent | 3078bb622c63315b04b2a0488103dddd44c0960f (diff) |
Fixes issue #439 some slashes not escaped in session data
Diffstat (limited to 'system/libraries/Session.php')
-rw-r--r-- | system/libraries/Session.php | 45 |
1 files changed, 29 insertions, 16 deletions
diff --git a/system/libraries/Session.php b/system/libraries/Session.php index 8ee08c5b2..dd951c325 100644 --- a/system/libraries/Session.php +++ b/system/libraries/Session.php @@ -688,13 +688,7 @@ class CI_Session { { if (is_array($data)) { - foreach ($data as $key => $val) - { - if (is_string($val)) - { - $data[$key] = str_replace('\\', '{{slash}}', $val); - } - } + array_walk_recursive($data, array(&$this, '_escape_slashes')); } else { @@ -703,9 +697,23 @@ class CI_Session { $data = str_replace('\\', '{{slash}}', $data); } } - return serialize($data); } + + /** + * Escape slashes + * + * This function converts any slashes found into a temporary marker + * + * @access private + */ + function _escape_slashes(&$val, $key) + { + if (is_string($val)) + { + $val = str_replace('\\', '{{slash}}', $val); + } + } // -------------------------------------------------------------------- @@ -725,19 +733,24 @@ class CI_Session { if (is_array($data)) { - foreach ($data as $key => $val) - { - if (is_string($val)) - { - $data[$key] = str_replace('{{slash}}', '\\', $val); - } - } - + array_walk_recursive($data, array(&$this, '_unescape_slashes')); return $data; } return (is_string($data)) ? str_replace('{{slash}}', '\\', $data) : $data; } + + /** + * Unescape slashes + * + * This function converts any slash markers back into actual slashes + * + * @access private + */ + function _unescape_slashes(&$val, $key) + { + $val= str_replace('{{slash}}', '\\', $val); + } // -------------------------------------------------------------------- |