From 9ba8ba3ad9bd90823568770ee96034c35a132c33 Mon Sep 17 00:00:00 2001
From: Benjamin DALSASS <benjamin.dalsass@combodo.com>
Date: Mon, 13 Apr 2026 08:56:30 +0200
Subject: [PATCH] =?UTF-8?q?N=C2=B09379=20-=20PHP=20unserialze=20function?=
 =?UTF-8?q?=20-=20security=20hardening=20-=20code=20review?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 application/utils.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/application/utils.inc.php b/application/utils.inc.php
index 8f1f848dbc..84ee1b28fd 100644
--- a/application/utils.inc.php
+++ b/application/utils.inc.php
@@ -3256,14 +3256,14 @@ TXT
 	/**
 	 * PHP unserialize encapsulation, allow throwing exception when not allowed object class is detected (for security hardening)
 	 *
-	 * @param mixed $data data to unserialize
+	 * @param string $data data to unserialize
 	 * @param array $aOptions PHP @unserialise options
 	 * @param bool $bThrowNotAllowedObjectClassException flag to throw exception
 	 *
 	 * @return mixed PHP @unserialise return
 	 * @throws Exception
 	 */
-	public static function Unserialize(mixed $data, array $aOptions = ['allowed_classes' => false], bool $bThrowNotAllowedObjectClassException = true): mixed
+	public static function Unserialize(string $data, array $aOptions = ['allowed_classes' => false], bool $bThrowNotAllowedObjectClassException = true): mixed
 	{
 		$data = unserialize($data, $aOptions);