Disallow unserializing class.

Signed-off-by: Mior Muhammad Zaki <crynobone@gmail.com>
orchestral · Aug 16, 2018 · 808b12d · 808b12d
1 parent 26e26cd
commit 808b12d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/MessageBag.php b/src/MessageBag.php
@@ -79,7 +79,7 @@ public function retrieve()
             $this->instance->setSessionStore($this->session);
 
             if ($this->session->has('message')) {
-                $messages = unserialize($this->session->pull('message'));
+                $messages = unserialize($this->session->pull('message'), ['allowed_classes' => false]);
             }
 
             if (is_array($messages)) {