Skip to content

Commit d124b24

Browse files
added allowed_classes=false param to unserialize func
1 parent b2aecbb commit d124b24

File tree

3 files changed

+5
-5
lines changed

3 files changed

+5
-5
lines changed

Diff for: src/Controller/FrontPluginsController.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -89,7 +89,7 @@ public function renderPluginModalAction()
8989

9090
$pluginHardcodedConfig = html_entity_decode($pluginHardcodedConfig, ENT_QUOTES);
9191
$pluginHardcodedConfig = html_entity_decode($pluginHardcodedConfig, ENT_QUOTES);
92-
$pluginHardcodedConfig = unserialize($pluginHardcodedConfig);
92+
$pluginHardcodedConfig = unserialize($pluginHardcodedConfig, ['allowed_classes' => false]);
9393

9494
$errors = '';
9595
$tag = '';

Diff for: src/Controller/SitesConfigController.php

+2-2
Original file line numberDiff line numberDiff line change
@@ -141,14 +141,14 @@ private function prepareDbConfigs($siteId, $siteName, &$dbConfigs)
141141
if ($dbConfig['sconf_lang_id'] == '-1') {
142142
$dbConfig['sconf_datas'] = [
143143
'site' => [
144-
$siteName => unserialize($dbConfig['sconf_datas'])
144+
$siteName => unserialize($dbConfig['sconf_datas'], ['allowed_classes' => false])
145145
],
146146
];
147147
} else {
148148
$dbConfig['sconf_datas'] = [
149149
'site' => [
150150
$siteName => [
151-
$siteId => unserialize($dbConfig['sconf_datas'])
151+
$siteId => unserialize($dbConfig['sconf_datas'], ['allowed_classes' => false])
152152
],
153153
],
154154
];

Diff for: src/Controller/SitesController.php

+2-2
Original file line numberDiff line numberDiff line change
@@ -1537,14 +1537,14 @@ private function prepareDbConfigs($siteId, $siteName, &$dbConfigs)
15371537
if ($dbConfig['sconf_lang_id'] == '-1') {
15381538
$dbConfig['sconf_datas'] = [
15391539
'site' => [
1540-
$siteName => unserialize($dbConfig['sconf_datas']),
1540+
$siteName => unserialize($dbConfig['sconf_datas'], ['allowed_classes' => false]),
15411541
],
15421542
];
15431543
} else {
15441544
$dbConfig['sconf_datas'] = [
15451545
'site' => [
15461546
$siteName => [
1547-
$siteId => unserialize($dbConfig['sconf_datas'])
1547+
$siteId => unserialize($dbConfig['sconf_datas'], ['allowed_classes' => false])
15481548
],
15491549
],
15501550
];

0 commit comments

Comments
 (0)