Releases: forkcms/library
3.2.2
1.4.5
- Cast numeric values to strings
- If the form uses numeric values, PHP will automatically cast them to integers because we set them as array keys. If we don't cast it back to a string we will compare an integer to a string and it will always fail
1.4.1
Security release:
#69
If a user sets a cookie containing an object it might execute some code inside the object when unserializing the object through the __wakeup magic method.
This pull request attempts to prevent this by setting and getting cookies through json encode/decode. We've also provided some fallback by checking if the cookie's string contains a serialized object. If it doesn't, we still unserialize the cookie and re-set it using json_encode. If the cookie does contain a serialized object an exception will be thrown.
This security fix will break your website if objects are set in cookies.
See https://www.owasp.org/index.php/PHP_Object_Injection for example
2.3.9
Security release:
#69
If a user sets a cookie containing an object it might execute some code inside the object when unserializing the object through the __wakeup magic method.
This pull request attempts to prevent this by setting and getting cookies through json encode/decode. We've also provided some fallback by checking if the cookie's string contains a serialized object. If it doesn't, we still unserialize the cookie and re-set it using json_encode. If the cookie does contain a serialized object an exception will be thrown.
This security fix will break your website if objects are set in cookies.
See https://www.owasp.org/index.php/PHP_Object_Injection for example
3.2.1
3.2.0
- Composer update symfony/phpunit-bridge
- Change non existing url to a really non existing one.
- Handle SVG file as a normal image
1.3.18
3.1.1
Check if the element errors are empty strings or null before adding them to the errors
3.1.0
Concatenate form errors with newlines instead of just tacking them together