E_NOTICE generated by unserialize on strings from untrusted data

Created on 25 April 2012, about 13 years ago

Updated 15 May 2025, 2 days ago

Although mostly addressed by #1369660: "Namespace" cookie names to support subdomains. → , we have still see situations where users have invalid cookies (usually from the wrong domain) cause notices from Bakery. A malicious user could do the same, which we have tests for internally. These notices cause failures in our test system, a minor issue of course.

I couldn't help but notice a lot of repetition around the code to decrypt and unserialize "cookies", so I hope to DRY that up as well.

📌 Task

Status

Active

Version

3.0

Component

Code

Created by

🇺🇸United States glennpratt

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment 2 days ago →
🇦🇺Australia purencool
Test to see if this still is happening in the latest version.
Comment about 16 hours ago →
🇮🇹Italy apaderno Brescia, 🇮🇹

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024