From 28900477130f8638ad5b2b818fde85b7713700ab Mon Sep 17 00:00:00 2001
From: Lars Kneschke <lkeschke@alumni.egroupware.org>
Date: Sun, 15 Apr 2001 21:49:50 +0000
Subject: [PATCH] we did a double serialize, that's bad!!!! i was searching the
 whole day. but maybe i'm a bad coder! :)

---
 phpgwapi/inc/class.sessions.inc.php | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/phpgwapi/inc/class.sessions.inc.php b/phpgwapi/inc/class.sessions.inc.php
index c4a1ed350d..99ca95685e 100644
--- a/phpgwapi/inc/class.sessions.inc.php
+++ b/phpgwapi/inc/class.sessions.inc.php
@@ -404,8 +404,7 @@
 				// This was not properly decoding structures saved into session data properly
 //				$data = $phpgw->common->decrypt($data);
 //				$data = stripslashes($data);
-				$data = $phpgw->crypto->decrypt($data);
-				return unserialize($data);
+				return $phpgw->crypto->decrypt($data);
 
 			} else {
 				$phpgw->db->query("select content from phpgw_app_sessions where "
@@ -415,14 +414,15 @@
 				if ($phpgw->db->num_rows()==0) {
 
 					// I added these into seperate steps for easier debugging
-					$data = serialize($data);
 					$data = $phpgw->crypto->encrypt($data);
+					$data = addslashes($data);
 
 					$phpgw->db->query("INSERT INTO phpgw_app_sessions (sessionid,loginid,app,location,content,session_dla) "
 					. "VALUES ('".$this->sessionid."','".$this->account_id."','".$appname
 					. "','".$location."','".$data."','" . time() . "')",__LINE__,__FILE__);
 				} else {
-	 				$data = $phpgw->crypto->encrypt(serialize($data));
+					$data = $phpgw->crypto->encrypt($data);
+					$data = addslashes($data);
 					$phpgw->db->query("update phpgw_app_sessions set content = '".$data."'"
 					. "where sessionid = '".$this->sessionid."'"
 					. "and loginid = '".$this->account_id."' and app = '".$appname."'"
@@ -437,11 +437,13 @@
 		{
 			global $phpgw;
 			
-			$serializedData = $this->appsession();
-			$sessionData = unserialize($serializedData);
+			$sessionData = $this->appsession("sessiondata");
+			print "Tyoe: ".$sessionData;
+#			$sessionData = unserialize($serializedData);
 			
 			if (is_array($sessionData))
 			{
+				print "is Array<br>";
 				reset($sessionData);
 				while(list($key,$value) = each($sessionData))
 				{
@@ -469,7 +471,7 @@
 						$sessionData[$key] = $$key;
 					}
 				}
-				$this->appsession($sessionData);
+				$this->appsession("sessiondata",'',$sessionData);
 			}
 		}