From d93ace2eaef8d7077fe93f27a1528f936ffe1172 Mon Sep 17 00:00:00 2001
From: Igor Scheller <igor.scheller@igorshp.de>
Date: Tue, 7 Aug 2018 02:38:41 +0200
Subject: Prevent object serialization in session

---
 includes/pages/user_shifts.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'includes/pages')

diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php
index 8f81f542..186301db 100644
--- a/includes/pages/user_shifts.php
+++ b/includes/pages/user_shifts.php
@@ -177,18 +177,19 @@ function view_user_shifts()
     $rooms = load_rooms();
     $types = load_types();
 
-    if (!$session->has('ShiftsFilter')) {
+    if (!$session->has('shifts-filter')) {
         $room_ids = [
             $rooms[0]['id']
         ];
         $type_ids = array_map('get_ids_from_array', $types);
         $shiftsFilter = new ShiftsFilter(in_array('user_shifts_admin', $privileges), $room_ids, $type_ids);
-        $session->set('ShiftsFilter', $shiftsFilter);
+        $session->set('shifts-filter', $shiftsFilter->sessionExport());
     }
 
-    /** @var ShiftsFilter $shiftsFilter */
-    $shiftsFilter = $session->get('ShiftsFilter');
+    $shiftsFilter = new ShiftsFilter();
+    $shiftsFilter->sessionImport($session->get('shifts-filter'));
     update_ShiftsFilter($shiftsFilter, in_array('user_shifts_admin', $privileges), $days);
+    $session->set('shifts-filter', $shiftsFilter->sessionExport());
 
     $shiftCalendarRenderer = shiftCalendarRendererByShiftFilter($shiftsFilter);
 
-- 
cgit v1.2.3-54-g00ecf