Closed liepumartins closed 1 year ago
I'm sorry, but it is mentioned word for word that you shouldn't allow users to alter your cookies:
The user's wishlist will be persisted client-side as a stringified JSON. You should make use of Laravel's cookie encryption (enabled by default) or any user will be able to crash your application (because there is no validation) when the cookie values are tampered with.
You'll have to deal with this in your own application, thus the userland. When the cookies are encrypted, even if the user tries to alter them, Laravel will drop them from the cookie jar and not include any of the "corrupt" values. Thus, the cookie driver would see nothing but emptiness.
Good luck.
Thanks!
For the record cookies are encrypted, but this still happened.
I believe a bad cookie causes the unserialize error here https://github.com/dive-be/laravel-wishlist/blob/90ed61af56904d6287edf8c80d5838be6194955b/src/CookieWishlist.php#L28 Unfortunately I do not have a sample of the cookie in question.