Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Use json_encode/json_decode instead of serialize/unserialize in report generator #5302
JSON is limited to simple constructs like arrays, strings, and numbers.
This is a potential security issue -- PHP
This is corrected in OJS/OMP 3.1.2-2 or newer. See #5302 (comment) for patching instructions for older versions.
Affects OJS 3.x and OMP installations 3.1.2-1 and older.
Thanks to Franek Kalinowski, Isec.pl Research Team for discovering and reporting the issue! This has been assigned CVE ID CVE-2019-19909.
To patch an existing OJS 3.x or OMP installation, apply this patch in the
You should get something like:
If you see any error messages, double-check that the patch applied correctly.
This issue will be fixed in OJS and OMP 3.1.2-2 and newer.