Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-442f-wcwq-fpcf
  • Loading branch information
marcovtwout committed Nov 21, 2022
2 parents 991a162 + 5660bc8 commit ed67b7c
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 9 deletions.
1 change: 1 addition & 0 deletions CHANGELOG
Expand Up @@ -5,6 +5,7 @@ Version 1.1.27 under development
--------------------------------

- Bug: PHP 8.1 compatibility: Fix CFileCache call of file_get_contents (Bregi)
- Bug: CVE-2022-41922. Prevent RCE when deserializing untrusted user input (fi3wey, marcovtwout)

Version 1.1.26 September 30, 2022
--------------------------------
Expand Down
21 changes: 12 additions & 9 deletions framework/db/schema/CDbCriteria.php
Expand Up @@ -168,18 +168,21 @@ public function __wakeup()
{
$map=array();
$params=array();
foreach($this->params as $name=>$value)
if(is_array($this->params))
{
if(strpos($name,self::PARAM_PREFIX)===0)
foreach($this->params as $name=>$value)
{
$newName=self::PARAM_PREFIX.self::$paramCount++;
$map[$name]=$newName;
}
else
{
$newName=$name;
if(strpos($name,self::PARAM_PREFIX)===0)
{
$newName=self::PARAM_PREFIX.self::$paramCount++;
$map[$name]=$newName;
}
else
{
$newName=$name;
}
$params[$newName]=$value;
}
$params[$newName]=$value;
}
if (!empty($map))
{
Expand Down

0 comments on commit ed67b7c

Please sign in to comment.