Fixes issue #439 some slashes not escaped in session data

1 files changed, 29 insertions, 16 deletions

diff --git a/system/libraries/Session.php b/system/libraries/Session.php
index 8ee08c5b2..dd951c325 100644
--- a/system/libraries/Session.php
+++ b/system/libraries/Session.php
@@ -688,13 +688,7 @@ class CI_Session {
 	{
 		if (is_array($data))
 		{
-			foreach ($data as $key => $val)
-			{
-				if (is_string($val))
-				{
-					$data[$key] = str_replace('\\', '{{slash}}', $val);
-				}
-			}
+			array_walk_recursive($data, array(&$this, '_escape_slashes'));
 		}
 		else
 		{
@@ -703,9 +697,23 @@ class CI_Session {
 				$data = str_replace('\\', '{{slash}}', $data);
 			}
 		}
-
 		return serialize($data);
 	}
+	
+	/**
+	 * Escape slashes
+	 *
+	 * This function converts any slashes found into a temporary marker
+	 *
+	 * @access	private
+	 */
+	function _escape_slashes(&$val, $key)
+	{
+		if (is_string($val))
+		{
+			$val = str_replace('\\', '{{slash}}', $val);
+		}
+	}
 
 	// --------------------------------------------------------------------
 
@@ -725,19 +733,24 @@ class CI_Session {
 
 		if (is_array($data))
 		{
-			foreach ($data as $key => $val)
-			{
-				if (is_string($val))
-				{
-					$data[$key] = str_replace('{{slash}}', '\\', $val);
-				}
-			}
-
+			array_walk_recursive($data, array(&$this, '_unescape_slashes'));
 			return $data;
 		}
 
 		return (is_string($data)) ? str_replace('{{slash}}', '\\', $data) : $data;
 	}
+	
+	/**
+	 * Unescape slashes
+	 *
+	 * This function converts any slash markers back into actual slashes
+	 *
+	 * @access	private
+	 */
+	function _unescape_slashes(&$val, $key)
+	{
+	 	$val= str_replace('{{slash}}', '\\', $val);
+	}
 
 	// --------------------------------------------------------------------