composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-05-19 23:32:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°9379 - PHP unserialze function - security hardening

Browse Source 
- code review
This commit is contained in:
Benjamin DALSASS
2026-04-13 08:13:54 +02:00
parent 3debf2e11a
commit 9be12a5ab4
3 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
application/menunode.class.inc.php
View File

@@ -1547,7 +1547,7 @@ class ShortcutMenuNode extends MenuNode
{ {
$sContext = $this->oShortcut->Get('context'); $sContext = $this->oShortcut->Get('context');
try { try {
$aContext = utils::Unserialize($sContext, ['allowed_classes' => false]); $aContext = utils::Unserialize($sContext);
if (isset($aContext['menu'])) { if (isset($aContext['menu'])) {
unset($aContext['menu']); unset($aContext['menu']);
} }

2
application/utils.inc.php
View File

@@ -3263,7 +3263,7 @@ TXT
* @return mixed PHP @unserialise return * @return mixed PHP @unserialise return
* @throws Exception * @throws Exception
*/ */
public static function Unserialize(mixed $data, array $aOptions, bool $bThrowNotAllowedObjectClassException = true): mixed public static function Unserialize(mixed $data, array $aOptions = ['allowed_classes' => false], bool $bThrowNotAllowedObjectClassException = true): mixed
{ {
$data = unserialize($data, $aOptions); $data = unserialize($data, $aOptions);

2
sources/Application/UI/Base/Component/DataTable/DataTableSettings.php
View File

@@ -135,7 +135,7 @@ class DataTableSettings
*/ */
public function unserialize($sData) public function unserialize($sData)
{ {
$aData = utils::Unserialize($sData, ['allowed_classes' => false]); $aData = utils::Unserialize($sData);
if (!is_array($aData)) { if (!is_array($aData)) {
throw new CoreException('Wrong data table settings format, expected an array', ['datatable_settings_data' => $aData]); throw new CoreException('Wrong data table settings format, expected an array', ['datatable_settings_data' => $aData]);
} }