Add cookie value checks

Created on 29 April 2022, over 2 years ago
Updated 2 June 2024, 7 months ago

Problem/Motivation

The LegalLogin form does not perform any checks on the values retrieved from cookies. If the cookie values get tampered with this can cause a fatal PHP error.

Steps to reproduce

Setup the module and log in with a user who's required to accept legal terms. When viewing the terms, go to the inspector and find the cookie values. Edit the Drupal.visitor.legal_id value to be a non-existing user ID integer. Submit the form and notice the PHP error.

Proposed resolution

Add some more checks to exit gracefully if the cookie value is not a valid ID.

Remaining tasks

n/a

User interface changes

n/a

API changes

n/a

Data model changes

n/a

📌 Task
Status

Fixed

Version

3.0

Component

Code

Created by

🇸🇮Slovenia alecsmrekar

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024