Skip to content
Permalink
Browse files

Actually better to define cms_unserialize under secure_serialized_data

  • Loading branch information...
chrisgraham committed May 21, 2019
1 parent 52ea96f commit 06a853be936e944d88053c7f8dba48154d30173e
Showing with 16 additions and 16 deletions.
  1. +16 −16 sources/global3.php
@@ -1576,22 +1576,6 @@ function cms_tempnam($prefix = 'cms')
return _cms_tempnam($prefix);
}
/**
* Creates a PHP value from a stored representation.
* Wraps the fact that new versions of PHP have better security, but old ones won't let you pass the extra parameter.
*
* @param string $str Serialized string.
* @param ?array $options Extra options (null: none).
* @return ~mixed What was originally serialised (false: bad data given, or actually false was serialized).
*/
function cms_unserialize($data)
{
if (version_compare(PHP_VERSION, '7.0.0') >= 0) {
return unserialize($data, array('allowed_classes' => false));
}
return unserialize($data);
}
/**
* Peek at a stack element.
*
@@ -3498,6 +3482,22 @@ function secure_serialized_data(&$data, $safe_replacement = null)
}
}
/**
* Creates a PHP value from a stored representation.
* Wraps the fact that new versions of PHP have better security, but old ones won't let you pass the extra parameter.
*
* @param string $str Serialized string.
* @param ?array $options Extra options (null: none).
* @return ~mixed What was originally serialised (false: bad data given, or actually false was serialized).
*/
function cms_unserialize($data)
{
if (version_compare(PHP_VERSION, '7.0.0') >= 0) {
return unserialize($data, array('allowed_classes' => false));
}
return unserialize($data);
}
/**
* Update a catalogue content field reference, to a new value.
*

0 comments on commit 06a853b

Please sign in to comment.
You can’t perform that action at this time.