Security release 5.5.42 "disables all serialization / unserialization of cookie values" - https://laravel-news.com/laravel-5-6-30 But I have my values serialized still, only not unserialized. While I do
Cookie::get('key')
I get something like
"s:5:"value";"
Setting protected static $serialize = true; in App\Http\Middleware\EncryptCookies helps, and so does
unserialize(Cookie::get('key'))
But as I understand unserialize() itself is the source of the problem with this security release, not what I do with the unserialized value later, so this kinda beats the purpose of the update. Why are my cookies serialized here and how to fix this?
from Newest questions tagged laravel-5 - Stack Overflow https://ift.tt/2BIUjCD
via IFTTT
Aucun commentaire:
Enregistrer un commentaire