Beef up cookie tampering prevention. Added <textarea>s for variable v…

…alues in debug output.
croxton · Feb 2, 2017 · 4f2329b · 4f2329b
1 parent 641e169
commit 4f2329b
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 ##Stash
 
-![Release](https://img.shields.io/badge/release-3.0.4-brightgreen.svg)
+![Release](https://img.shields.io/badge/release-3.0.5-brightgreen.svg)
 
 Stash for ExpressionEngine 3.
 

diff --git a/system/user/addons/stash/config.php b/system/user/addons/stash/config.php
@@ -2,7 +2,7 @@
 if (! defined('STASH_VER'))
 {
     define('STASH_NAME', 'Stash');
-    define('STASH_VER',  '3.0.4');
+    define('STASH_VER',  '3.0.5');
     define('STASH_AUTHOR',  'Mark Croxton, Hallmark Design');
     define('STASH_AUTHOR_URL',  'http://hallmark-design.co.uk');
     define('STASH_DOCS',  'http://github.com/croxton/Stash/');

diff --git a/system/user/addons/stash/mod.stash.php b/system/user/addons/stash/mod.stash.php
@@ -767,7 +767,7 @@ public function set($params=array(), $value='', $type='variable', $scope='user')
                 self::$bundles[$bundle][$name] = $this->_stash[$name];
             }
 
-            ee()->TMPL->log_item('Stash: SET '. $name . ' to value ' . $this->_stash[$name]);  
+            ee()->TMPL->log_item('Stash: SET '. $name . ' to value: ' . '<textarea rows="6" cols="60" style="width:100%;">' . htmlentities($this->_stash[$name]) . '</textarea>');  
         }
 
         if ($output)
@@ -1065,7 +1065,7 @@ public function get($params='', $type='variable', $scope='user')
             $value = $this->set();  
         }
 
-        ee()->TMPL->log_item('Stash: RETRIEVED '. $name . ' with value ' . $value);
+        ee()->TMPL->log_item('Stash: RETRIEVED '. $name . ' with value: <textarea rows="6" cols="60" style="width:100%;">' . htmlentities($value) . '</textarea>');
 
         // save to bundle
         if ($bundle !== NULL)
@@ -5100,7 +5100,7 @@ private function _get_boolean_config_item($item, $default = TRUE)
      */ 
     private function _set_stash_cookie($unique_id)
     { 
-        $cookie_data = serialize(array(
+        $cookie_data = json_encode(array(
            'id' => $unique_id,
            'dt' => ee()->localize->now
         ));
@@ -5123,7 +5123,7 @@ private function _set_stash_cookie($unique_id)
      */ 
     private function _get_stash_cookie()
     { 
-        $cookie_data = @unserialize(ee()->input->cookie($this->stash_cookie));
+        $cookie_data = @json_decode(ee()->input->cookie($this->stash_cookie), TRUE);
 
         if ($cookie_data !== FALSE)
         {