Actually better to define cms_unserialize under secure_serialized_data

ocproducts · May 21, 2019 · 06a853b · 06a853b
1 parent 52ea96f
commit 06a853b
Showing 1 changed file with 16 additions and 16 deletions.
diff --git a/sources/global3.php b/sources/global3.php
@@ -1576,22 +1576,6 @@ function cms_tempnam($prefix = 'cms')
     return _cms_tempnam($prefix);
 }
 
-/**
- * Creates a PHP value from a stored representation.
- * Wraps the fact that new versions of PHP have better security, but old ones won't let you pass the extra parameter.
- *
- * @param  string $str Serialized string.
- * @param  ?array $options Extra options (null: none).
- * @return ~mixed What was originally serialised (false: bad data given, or actually false was serialized).
- */
-function cms_unserialize($data)
-{
-    if (version_compare(PHP_VERSION, '7.0.0') >= 0) {
-        return unserialize($data, array('allowed_classes' => false));
-    }
-    return unserialize($data);
-}
-
 /**
  * Peek at a stack element.
  *
@@ -3498,6 +3482,22 @@ function secure_serialized_data(&$data, $safe_replacement = null)
     }
 }
 
+/**
+ * Creates a PHP value from a stored representation.
+ * Wraps the fact that new versions of PHP have better security, but old ones won't let you pass the extra parameter.
+ *
+ * @param  string $str Serialized string.
+ * @param  ?array $options Extra options (null: none).
+ * @return ~mixed What was originally serialised (false: bad data given, or actually false was serialized).
+ */
+function cms_unserialize($data)
+{
+    if (version_compare(PHP_VERSION, '7.0.0') >= 0) {
+        return unserialize($data, array('allowed_classes' => false));
+    }
+    return unserialize($data);
+}
+
 /**
  * Update a catalogue content field reference, to a new value.
  *