You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When reading cookies that were encrypted using v4.8 in v5.1 I'm seeing exceptions with the message 'Expected hexadecimal character'.
RangeException: Expected hexadecimal character in vendor/paragonie/constant_time_encoding/src/Hex.php:132
Stack trace: #0 vendor/paragonie/halite/src/Cookie.php(139): ParagonIE\ConstantTime\Hex::decode() # 1 vendor/paragonie/halite/src/Cookie.php(100): ParagonIE\Halite\Cookie::getConfig()
I see non-hex version prefixes being passed if fails the hash_equals() check in getConfig(). Seemed OK after just removing the call to Hex::decode() at line 139 in Cookie.php, but haven't checked what other impact that could have.
Not a huge deal since can just invalidate the cookies and create new. But maybe something that could be patched for future versions?
The text was updated successfully, but these errors were encountered:
When reading cookies that were encrypted using v4.8 in v5.1 I'm seeing exceptions with the message 'Expected hexadecimal character'.
RangeException: Expected hexadecimal character in vendor/paragonie/constant_time_encoding/src/Hex.php:132
Stack trace: #0 vendor/paragonie/halite/src/Cookie.php(139): ParagonIE\ConstantTime\Hex::decode() # 1 vendor/paragonie/halite/src/Cookie.php(100): ParagonIE\Halite\Cookie::getConfig()
I see non-hex version prefixes being passed if fails the hash_equals() check in getConfig(). Seemed OK after just removing the call to Hex::decode() at line 139 in Cookie.php, but haven't checked what other impact that could have.
Not a huge deal since can just invalidate the cookies and create new. But maybe something that could be patched for future versions?
The text was updated successfully, but these errors were encountered: