PHP curl_setopt() error invalid characters

Question

I have some code of a website in which cURL is used (not quite "mine"..part of an open source project) and after loading up the site on localhost of my VM for the first time in months because I want to help with a recent issue that has arisen, which is unrelated to cURL, I had fixed one local problem which was obvious to me and now when trying to log in to the site I get this error

curl_setopt(): Curl option contains invalid characters (\0)

Whatever I have messed up though, this seems to happen trying to load any page not just login page. This is the line of code it points to

curl_setopt($re, CURLOPT_COOKIE, "slim_session=".$_COOKIE['slim_session'].";");

If it helps, through error_log() 'ing I found that the value of $_COOKIE['slim_session'] is a:4:{s:10:"slim.flash";a:0:{}s:11:"AccessToken";O:48:"SolasMatch\\\\Common\\\\Protobufs\\\\Models\\\\OAuthResponse":4:{s:8:"

Unfortunately cURL is not my strong suit, but I can provide more info on the situation as needed. You can see the full function the above code is from here .

Answer 1

The problem is that protected properties are serialised in a special way, ie:

s:14:"\000*\000_descriptor";N

And those null characters are disallowed when setting cURL options as part of the changes made due to this security issue .

Passing serialised objects in this manner is risky, unless the values are either coming from a trusted source or bear a tamper proof signature. You may be able to make it work by first URL encoding the serialised value.

curl_setopt($re, CURLOPT_COOKIE, "slim_session=" . urlencode($_COOKIE['slim_session']) . ";");