Add safety check for unpacked session cookie data

diff --git a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
index 0cdeb4e337069d5ff2b9ea606b5e5e8ed0f985d1..d51d8229b3612a21791c9a251c1ecce54d83d129 100644 (file)
--- a/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
+++ b/wcfsetup/install/files/lib/system/session/SessionHandler.class.php
@@ -242,6 +242,8 @@ final class SessionHandler extends SingletonFactory
                 ));
             }
             $data = \unpack('Cversion/a20sessionId/Ctimestep', $value);
+            \assert($data['version'] === 1);
+            \assert(\strlen($data['sessionId']) === 20);
             $data['sessionId'] = Hex::encode($data['sessionId']);
 
             return $data;