MDL-78647 files: safer unserializing of file reference data.

moodle · Aug 9, 2023 · b786630 · b786630
1 parent 90346de
commit b786630
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/filestorage/file_storage.php b/lib/filestorage/file_storage.php
@@ -1957,7 +1957,7 @@ public static function unpack_reference($str, $cleanparams = false) {
         if ($decoded === false) {
             throw new file_reference_exception(null, $str, null, null, 'Invalid base64 format');
         }
-        $params = @unserialize($decoded); // hide E_NOTICE
+        $params = unserialize_array($decoded);
         if ($params === false) {
             throw new file_reference_exception(null, $decoded, null, null, 'Not an unserializeable value');
         }