Cookies security increase in 2.0.16 #7
Description
This mod is not compatible with 2.0.16.
{"STATUS":"AUTH FAILED"}
I read about cookies changes in 2.0.16.
This is the function:
function initCookies() {
global $cookiename;
if (isset($_COOKIE[$cookiename]) && preg_match('~^a:[34]:\{i:0;(i:\d{1,6}|s:[1-8]:"\d{1,8}");i:1;s:(0|40):"([a-fA-F0-9]{40})?";i:2;[id]:\d{1,14};(i:3;i:\d;)?\}$~i', $_COOKIE[$cookiename]) == 1) {
list ($member_id, $password) = @unserialize($_COOKIE[$cookiename]);
$member_id = !empty($member_id) && strlen($password) > 0 ? (int) $member_id :
return array($member_id, $password);
} elseif (isset($_COOKIE[$cookiename])) {
list ($member_id, $password) = @unserialize(stripslashes($_COOKIE[$cookiename]));
$member_id = !empty($member_id) && strlen($password) > 0 ? (int) $member_id :
return array($member_id, $password);
}
}
It must be change to new cookie security.