mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-13 12:32:08 +02:00
Code Issues Projects Releases Wiki Activity

MDL-71957 auth_shibboleth: safer session retrieval during logout.

Browse Source
This commit is contained in:
Paul Holden 2021-06-21 09:29:07 +01:00 committed by Eloy Lafuente (stronk7)
parent 23f60fe84f
commit 5bc561ee7a
1 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
auth/shibboleth/classes/helper.php
View File

@ -113,11 +113,22 @@ class helper {
*/
private static function unserializesession($serializedstring) {
$variables = array();
$a = preg_split("/(\w+)\|/", $serializedstring, -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE);
$counta = count($a);
for ($i = 0; $i < $counta; $i = $i + 2) {
$variables[$a[$i]] = unserialize($a[$i + 1]);
$index = 0;
// Find next delimiter after current index. It's key being the characters between those points.
while ($delimiterpos = strpos($serializedstring, '|', $index)) {
$key = substr($serializedstring, $index, $delimiterpos - $index);
// Start unserializing immediately after the delimiter. PHP will read as much valid data as possible.
$value = unserialize(substr($serializedstring, $delimiterpos + 1),
['allowed_classes' => ['stdClass']]);
$variables[$key] = $value;
// Advance index beyond the length of the previously captured serialized value.
$index = $delimiterpos + 1 + strlen(serialize($value));
}
return $variables;
}
}