From d030a6098f4a1ff0638c6d0c31f942a00ddd18e9 Mon Sep 17 00:00:00 2001 From: Christian Schneider Date: Fri, 29 Mar 2024 13:11:03 +0100 Subject: Ignore array values in cookie (fuzzer warning mail2502) --- it_session.class | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/it_session.class b/it_session.class index 7b8a97c..0e17293 100644 --- a/it_session.class +++ b/it_session.class @@ -94,7 +94,7 @@ function init() it::fatal('it_session requires secret to be set'); /* Got a cookie? */ - if ($this->hascookies = isset($_COOKIE[$this->cookiename])) + if ($this->hascookies = isset($_COOKIE[$this->cookiename]) && is_string($_COOKIE[$this->cookiename])) $this->cookie = $_COOKIE[$this->cookiename]; else $this->cookie = ''; -- cgit v1.2.3