Fixes issue #439 some slashes not escaped in session data
diff --git a/system/libraries/Session.php b/system/libraries/Session.php
index 8ee08c5..dd951c3 100644
--- a/system/libraries/Session.php
+++ b/system/libraries/Session.php
@@ -688,13 +688,7 @@
{
if (is_array($data))
{
- foreach ($data as $key => $val)
- {
- if (is_string($val))
- {
- $data[$key] = str_replace('\\', '{{slash}}', $val);
- }
- }
+ array_walk_recursive($data, array(&$this, '_escape_slashes'));
}
else
{
@@ -703,9 +697,23 @@
$data = str_replace('\\', '{{slash}}', $data);
}
}
-
return serialize($data);
}
+
+ /**
+ * Escape slashes
+ *
+ * This function converts any slashes found into a temporary marker
+ *
+ * @access private
+ */
+ function _escape_slashes(&$val, $key)
+ {
+ if (is_string($val))
+ {
+ $val = str_replace('\\', '{{slash}}', $val);
+ }
+ }
// --------------------------------------------------------------------
@@ -725,19 +733,24 @@
if (is_array($data))
{
- foreach ($data as $key => $val)
- {
- if (is_string($val))
- {
- $data[$key] = str_replace('{{slash}}', '\\', $val);
- }
- }
-
+ array_walk_recursive($data, array(&$this, '_unescape_slashes'));
return $data;
}
return (is_string($data)) ? str_replace('{{slash}}', '\\', $data) : $data;
}
+
+ /**
+ * Unescape slashes
+ *
+ * This function converts any slash markers back into actual slashes
+ *
+ * @access private
+ */
+ function _unescape_slashes(&$val, $key)
+ {
+ $val= str_replace('{{slash}}', '\\', $val);
+ }
// --------------------------------------------------------------------