From 808b12df8613d108e4e65d88d59f938c690342b3 Mon Sep 17 00:00:00 2001
From: Mior Muhammad Zaki <crynobone@gmail.com>
Date: Thu, 16 Aug 2018 14:05:58 +0800
Subject: [PATCH] Disallow unserializing class.

Signed-off-by: Mior Muhammad Zaki <crynobone@gmail.com>
---
 src/MessageBag.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/MessageBag.php b/src/MessageBag.php
index 595daf4..fc4e2d5 100644
--- a/src/MessageBag.php
+++ b/src/MessageBag.php
@@ -79,7 +79,7 @@ public function retrieve()
             $this->instance->setSessionStore($this->session);
 
             if ($this->session->has('message')) {
-                $messages = unserialize($this->session->pull('message'));
+                $messages = unserialize($this->session->pull('message'), ['allowed_classes' => false]);
             }
 
             if (is_array($messages)) {