Having backslash in flashdata destroys the session |
|||
|---|---|---|---|
| Date: | 10/04/2008 | Severity: | Minor |
| Status: | Resolved | Reporter: | ljubodrag |
| Version: | 1.7.0 SVN | ||
| Keywords: | Libraries, Session Class | ||
Description
If I have at least 1 backslash in my set_flashdata the session is destroyed.
This is because in Session Library we do strip_slashes on line 161:
$session = @unserialize(strip_slashes($session));
and line on 219:
$custom_data = @unserialize(strip_slashes($row->user_data));
This way unserialize() recieves malformed string variable and fires an PHP error (Notice) “Error at offset…” .
Maybe we could solve it using base64_encode in our set_flashdata() and base64_decode in flashdata() or by replacing backslash in set_flashdata with something and then replacing it back to backslash in flashdata.
Code Sample
$characters = ';\\';
$this->session->set_flashdata('success_message', 'Disallowed characters are: ' .$characters );
Expected Result
Setting a status message.
Actual Result
Destroyed session.
