« Previous | Next » 

Revision d52449e2

Parent c2e61874
Child 5949d25a

Added by Helmut Hummel almost 7 years ago

[TASK] Remove inaccessible code from ArrayConverter

Remove code that is currently inaccessible, because the constant
STRING_FORMAT_SERIALIZED is not defined in the class.

Unserializing from untrusted sources should not be done anyway
so we remove this possibility completely instead of adding the constant.

A use case which would require an unserialize for array conversion is complex
enough to be handled in a dedicated type converter class which exactly fits the use case
instead of providing a potentially insecure shortcut for that (unserialize) in the framework.

Releases: master, 2.3, 2.2
Change-Id: I299f5ce713f35727e4d24fffafcce96036bca2d3

  • added
  • modified
  • copied
  • renamed
  • deleted