From 4f2329be85c03554c42fc32b10cdb0e2b450a1d1 Mon Sep 17 00:00:00 2001
From: croxton <mcroxton@hallmark-design.co.uk>
Date: Thu, 2 Feb 2017 18:09:59 +0000
Subject: [PATCH] Beef up cookie tampering prevention. Added <textarea>s for
 variable values in debug output.

---
 README.md                              | 2 +-
 system/user/addons/stash/config.php    | 2 +-
 system/user/addons/stash/mod.stash.php | 8 ++++----
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 6f2d26f..983e85b 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 ##Stash
 
-![Release](https://img.shields.io/badge/release-3.0.4-brightgreen.svg)
+![Release](https://img.shields.io/badge/release-3.0.5-brightgreen.svg)
 
 Stash for ExpressionEngine 3.
 
diff --git a/system/user/addons/stash/config.php b/system/user/addons/stash/config.php
index 27bd7aa..e868d67 100755
--- a/system/user/addons/stash/config.php
+++ b/system/user/addons/stash/config.php
@@ -2,7 +2,7 @@
 if (! defined('STASH_VER'))
 {
     define('STASH_NAME', 'Stash');
-    define('STASH_VER',  '3.0.4');
+    define('STASH_VER',  '3.0.5');
     define('STASH_AUTHOR',  'Mark Croxton, Hallmark Design');
     define('STASH_AUTHOR_URL',  'http://hallmark-design.co.uk');
     define('STASH_DOCS',  'http://github.com/croxton/Stash/');
diff --git a/system/user/addons/stash/mod.stash.php b/system/user/addons/stash/mod.stash.php
index 9532e18..273f2cd 100755
--- a/system/user/addons/stash/mod.stash.php
+++ b/system/user/addons/stash/mod.stash.php
@@ -767,7 +767,7 @@ public function set($params=array(), $value='', $type='variable', $scope='user')
                 self::$bundles[$bundle][$name] = $this->_stash[$name];
             }
 
-            ee()->TMPL->log_item('Stash: SET '. $name . ' to value ' . $this->_stash[$name]);  
+            ee()->TMPL->log_item('Stash: SET '. $name . ' to value: ' . '<textarea rows="6" cols="60" style="width:100%;">' . htmlentities($this->_stash[$name]) . '</textarea>');  
         }
         
         if ($output)
@@ -1065,7 +1065,7 @@ public function get($params='', $type='variable', $scope='user')
             $value = $this->set();  
         }
             
-        ee()->TMPL->log_item('Stash: RETRIEVED '. $name . ' with value ' . $value);
+        ee()->TMPL->log_item('Stash: RETRIEVED '. $name . ' with value: <textarea rows="6" cols="60" style="width:100%;">' . htmlentities($value) . '</textarea>');
         
         // save to bundle
         if ($bundle !== NULL)
@@ -5100,7 +5100,7 @@ private function _get_boolean_config_item($item, $default = TRUE)
      */ 
     private function _set_stash_cookie($unique_id)
     { 
-        $cookie_data = serialize(array(
+        $cookie_data = json_encode(array(
            'id' => $unique_id,
            'dt' => ee()->localize->now
         ));
@@ -5123,7 +5123,7 @@ private function _set_stash_cookie($unique_id)
      */ 
     private function _get_stash_cookie()
     { 
-        $cookie_data = @unserialize(ee()->input->cookie($this->stash_cookie));
+        $cookie_data = @json_decode(ee()->input->cookie($this->stash_cookie), TRUE);
         
         if ($cookie_data !== FALSE)
         {