Project

General

Profile

Actions
Copy link

Epic #76311

closed

Use PHP7 unserialize('daString', false); feature everywhere

Added by Christian Kuhn almost 8 years ago. Updated about 7 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Christian Kuhn
Category:
Security
Target version:
8 LTS
Start date:
2016-05-27
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Sprint Focus:

Description

master only

Subtasks 3 (0 open3 closed)

Task #76320: unserialize() without objects for extConfClosed2016-05-27

Actions
Task #76323: Obsolete unserialize(serialize())Closed2016-05-27

Actions
Task #76327: unserialize() without objects in impexpClosed2016-05-27

Actions
Actions
Copy link
 #1

Updated by Stephan Großberndt almost 8 years ago

in order to disallow any class unserialization

Actions
Copy link
 #2

Updated by Christian Kuhn almost 8 years ago

  • Assignee set to Christian Kuhn
Actions
Copy link
 #3

Updated by Christian Kuhn almost 8 years ago

unserialize($sFoo, ['allowed_classes' => false]);

Actions
Copy link
 #4

Updated by Christian Kuhn almost 8 years ago

  • Tracker changed from Task to Epic
Actions
Copy link
 #6

Updated by Christian Kuhn over 7 years ago

abandoned patch https://review.typo3.org/#/c/48300/ shows a lot of places that might be tackled in small parts ...

Actions
Copy link
 #7

Updated by Riccardo De Contardi over 7 years ago

  • Category set to Security
  • Target version set to 8 LTS
Actions
Copy link
 #8

Updated by Benni Mack about 7 years ago

  • Status changed from New to Closed
Actions
Copy link

Also available in: Atom PDF