From 5d6b9c597a9870f55a65bcfcb301d19d83447078 Mon Sep 17 00:00:00 2001 From: Jordan Eldredge Date: Sat, 21 Dec 2013 13:56:41 -0800 Subject: Remove unneeded manual escaping of session data --- .../libraries/Session/drivers/Session_cookie.php | 63 ++-------------------- 1 file changed, 3 insertions(+), 60 deletions(-) diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php index cd8074474..124e0098e 100644 --- a/system/libraries/Session/drivers/Session_cookie.php +++ b/system/libraries/Session/drivers/Session_cookie.php @@ -739,86 +739,29 @@ class CI_Session_cookie extends CI_Session_driver { /** * Serialize an array * - * This function first converts any slashes found in the array to a temporary - * marker, so when it gets unserialized the slashes will be preserved + * This function serializes an array * * @param mixed Data to serialize * @return string Serialized data */ protected function _serialize($data) { - if (is_array($data)) - { - array_walk_recursive($data, array(&$this, '_escape_slashes')); - } - elseif (is_string($data)) - { - $data = str_replace('\\', '{{slash}}', $data); - } - return serialize($data); } // ------------------------------------------------------------------------ - /** - * Escape slashes - * - * This function converts any slashes found into a temporary marker - * - * @param string Value - * @param string Key - * @return void - */ - protected function _escape_slashes(&$val, $key) - { - if (is_string($val)) - { - $val = str_replace('\\', '{{slash}}', $val); - } - } - - // ------------------------------------------------------------------------ - /** * Unserialize * - * This function unserializes a data string, then converts any - * temporary slash markers back to actual slashes + * This function unserializes a data string * * @param mixed Data to unserialize * @return mixed Unserialized data */ protected function _unserialize($data) { - $data = @unserialize(trim($data)); - - if (is_array($data)) - { - array_walk_recursive($data, array(&$this, '_unescape_slashes')); - return $data; - } - - return is_string($data) ? str_replace('{{slash}}', '\\', $data) : $data; - } - - // ------------------------------------------------------------------------ - - /** - * Unescape slashes - * - * This function converts any slash markers back into actual slashes - * - * @param string Value - * @param string Key - * @return void - */ - protected function _unescape_slashes(&$val, $key) - { - if (is_string($val)) - { - $val = str_replace('{{slash}}', '\\', $val); - } + return @unserialize(trim($data)); } // ------------------------------------------------------------------------ -- cgit v1.2.3-24-g4f1b From 5306cad2e40596a3a6fcac787e54689a7095e769 Mon Sep 17 00:00:00 2001 From: Jordan Eldredge Date: Mon, 23 Dec 2013 11:10:51 -0800 Subject: Remove _serialize() and _unserialize() methods Since removing the unneeded manual escaping code, there is no-longer any reason to have the serialization functions abstracted. This also allows us to only suppress errors when unserializing cookie data, and only trim when we are unserializing database data (see commit 6b8312). --- .../libraries/Session/drivers/Session_cookie.php | 38 +++------------------- 1 file changed, 4 insertions(+), 34 deletions(-) diff --git a/system/libraries/Session/drivers/Session_cookie.php b/system/libraries/Session/drivers/Session_cookie.php index 124e0098e..dc75d8e8e 100644 --- a/system/libraries/Session/drivers/Session_cookie.php +++ b/system/libraries/Session/drivers/Session_cookie.php @@ -397,7 +397,7 @@ class CI_Session_cookie extends CI_Session_driver { } // Unserialize the session array - $session = $this->_unserialize($session); + $session = @unserialize($session); // Is the session data we unserialized an array with the correct format? if ( ! is_array($session) OR ! isset($session['session_id'], $session['ip_address'], $session['user_agent'], $session['last_activity'])) @@ -472,7 +472,7 @@ class CI_Session_cookie extends CI_Session_driver { $row = $query->row(); if ( ! empty($row->user_data)) { - $custom_data = $this->_unserialize($row->user_data); + $custom_data = unserialize(trim($row->user_data)); if (is_array($custom_data)) { @@ -608,7 +608,7 @@ class CI_Session_cookie extends CI_Session_driver { if ( ! empty($userdata)) { // Serialize the custom data array so we can store it - $set['user_data'] = $this->_serialize($userdata); + $set['user_data'] = serialize($userdata); } // Reset query builder values. @@ -696,7 +696,7 @@ class CI_Session_cookie extends CI_Session_driver { : $this->userdata; // Serialize the userdata for the cookie - $cookie_data = $this->_serialize($cookie_data); + $cookie_data = serialize($cookie_data); if ($this->sess_encrypt_cookie === TRUE) { @@ -736,36 +736,6 @@ class CI_Session_cookie extends CI_Session_driver { // ------------------------------------------------------------------------ - /** - * Serialize an array - * - * This function serializes an array - * - * @param mixed Data to serialize - * @return string Serialized data - */ - protected function _serialize($data) - { - return serialize($data); - } - - // ------------------------------------------------------------------------ - - /** - * Unserialize - * - * This function unserializes a data string - * - * @param mixed Data to unserialize - * @return mixed Unserialized data - */ - protected function _unserialize($data) - { - return @unserialize(trim($data)); - } - - // ------------------------------------------------------------------------ - /** * Garbage collection * -- cgit v1.2.3-24-g4f1b