The recent security fix is NOT correct;
http://cgit.drupalcode.org/session_cache/commit/?id=14adaa31041b1a3b5221...
$data = ['test' => 'this', 'and' => 'that'];
$serialize = serialize($data);
$json = json_encode($data);
dpm(unserialize($serialize));
dpm(json_decode($json));The two methods return data in different breaking ways, one is an array, the other an object. This functionality breaks anywhere that calls/ utilises the module for a session_cache_get() call.
Discovered while testing for: https://www.drupal.org/node/2901021
| Comment | File | Size | Author |
|---|---|---|---|
| #6 | session_cache-json-decode-returns-object-2901020-6.patch | 1.73 KB | pobster |
Comments
Comment #2
pobster commentedSimplest solution is to cast to an array, this maintains the previous expectation of functionality.Okay ... there's an option which can be passed into json_decode ~ we'll use that instead. Thank you WidgetsBurritos!
Comment #3
pobster commentedComment #4
pobster commentedAdded child issue, I'm sure there must be others as well. Off the top of my head I know about: https://www.drupal.org/project/smart_ip
Comment #5
WidgetsBurritos commented+1
Comment #6
pobster commentedUpdated patch.
Comment #7
WidgetsBurritos commented+1 on the updated patch. More elegant solution than typecasting.
Comment #10
rdeboer@pobster and @WidgetsBurritos:
Thanks for the patch. Applied with attribution.
Created 7.x-1.6 to replace 7.x-1.5
Comment #11
ciss commentedIs there a reason why this commit deleted the README.txt?
Comment #12
rdeboer@ciss:
You are right.
?? How did that happen ??
Thanks for reporting.
I've put the README back and created version 7.x-1.7
Comment #13
rdeboer