kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2026-01-06 06:01:21 +00:00
Code Issues Projects Releases Wiki Activity

Avoid using serialised preferences for security purposes. This might break existing preferences.

Browse Source
This commit is contained in:
James Cole
2018-04-01 19:22:30 +02:00
parent 66019fdbbf
commit 40d94e7a62
2 changed files with 18 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
app/Support/Preferences.php
View File

@@ -27,6 +27,7 @@ use Exception;
use FireflyIII\Models\Preference;
use FireflyIII\User;
use Illuminate\Support\Collection;
use Log;
use Session;
/**
@@ -134,6 +135,14 @@ class Preferences
}
$preference = Preference::where('user_id', $user->id)->where('name', $name)->first(['id', 'name', 'data']);
if (null !== $preference && null === $preference->data) {
try {
$preference->delete();
} catch (Exception $e) {
Log::debug(sprintf('Could not delete preference #%d', $preference->id));
}
$preference = false;
}
if ($preference) {
Cache::forever($fullName, $preference);
@@ -156,7 +165,7 @@ class Preferences
{
$lastActivity = microtime();
$preference = $this->get('lastActivity', microtime());
if (null !== $preference) {
if (null !== $preference && null !== $preference->data) {
$lastActivity = $preference->data;
}
if (is_array($lastActivity)) {