composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-05-18 06:48:50 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°9379 - PHP unserialze function - security hardening

Browse Source 
- code review
This commit is contained in:
Benjamin DALSASS
2026-04-13 08:08:52 +02:00
parent 43121a5a4b
commit 3debf2e11a
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
application/menunode.class.inc.php
View File

@@ -1548,6 +1548,12 @@ class ShortcutMenuNode extends MenuNode
$sContext = $this->oShortcut->Get('context'); $sContext = $this->oShortcut->Get('context');
try { try {
$aContext = utils::Unserialize($sContext, ['allowed_classes' => false]); $aContext = utils::Unserialize($sContext, ['allowed_classes' => false]);
if (isset($aContext['menu'])) {
unset($aContext['menu']);
}
foreach ($aContext as $sArgName => $sArgValue) {
$aExtraParams[$sArgName] = $sArgValue;
}
} catch (Exception $e) { } catch (Exception $e) {
IssueLog::Warning("User shortcut corrupted, delete the shortcut", LogChannels::CONSOLE, [ IssueLog::Warning("User shortcut corrupted, delete the shortcut", LogChannels::CONSOLE, [
'shortcut_name' => $this->oShortcut->GetName(), 'shortcut_name' => $this->oShortcut->GetName(),
@@ -1556,12 +1562,6 @@ class ShortcutMenuNode extends MenuNode
// delete the shortcut // delete the shortcut
$this->oShortcut->DBDelete(); $this->oShortcut->DBDelete();
} }
if (isset($aContext['menu'])) {
unset($aContext['menu']);
}
foreach ($aContext as $sArgName => $sArgValue) {
$aExtraParams[$sArgName] = $sArgValue;
}
return parent::GetHyperlink($aExtraParams); return parent::GetHyperlink($aExtraParams);
} }