[eluser]Lewis[/eluser]
I've not tried it, but I'm pretty sure that there is a security vulnerability in the sessions library. It unserializes untrusted data when cookie encryption is disabled. You should *
never* unserialize untrusted data as there are a number of different memory and code hacks that can be performed. Luckily encoding is on by default so most of you should be Ok.
Also, whilst I'm at it:
Code:
if (strtolower($this->CI->config->item('time_reference')) == 'gmt')
{
$now = time();
$this->now = mktime(gmdate("H", $now), gmdate("i", $now), gmdate("s", $now), gmdate("m", $now), gmdate("d", $now), gmdate("Y", $now));
if (strlen($this->now) < 10)
{
$this->now = time();
log_message('error', 'The session class could not set a proper GMT timestamp so the local time() value was used.');
}
}
else
{
$this->now = time();
}
The unix timestamp is in taken in GMT, so that's completely useless.