From ff2f10e5b6f6b47614f8d399326e9d9972a215bb Mon Sep 17 00:00:00 2001 From: Benjamin DALSASS Date: Thu, 9 Apr 2026 15:26:49 +0200 Subject: [PATCH] =?UTF-8?q?N=C2=B09379=20-=20PHP=20unserialze=20function?= =?UTF-8?q?=20-=20security=20hardening=20-=20ormcaselog=20index?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- core/attributedef.class.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/attributedef.class.inc.php b/core/attributedef.class.inc.php index a7554f29ce..afc52329bc 100644 --- a/core/attributedef.class.inc.php +++ b/core/attributedef.class.inc.php @@ -4829,7 +4829,7 @@ class AttributeCaseLog extends AttributeLongText } if (strlen($sIndex) > 0) { - $aIndex = unserialize($sIndex); + $aIndex = utils::Unserialize($sIndex, ['allowed_classes' => false], false); $value = new ormCaseLog($sLog, $aIndex); } else { $value = new ormCaseLog($sLog);