Unserialize function warning in PDb_Update.class.php | ww.wp.xz.cn

IT247365
(@it247365)

8 years, 11 months ago
unserialize() [function.unserialize]:
File: participants-database/classes/PDb_Update.class.php Line: 143
```
/**
   * Get information about the remote version
   * @return bool|object
   */
  public function getRemote_information()
  {
    $request = wp_remote_post($this->update_path, array('body' => array('action' => 'info')));
    if (!is_wp_error($request) || wp_remote_retrieve_response_code($request) === 200) {
      return unserialize($request['body']);
    }
    return false;
  }
```
Warning
Do not pass untrusted user input to unserialize() regardless of the options value of allowed_classes. Unserialization can result in code being loaded and executed due to object instantiation and autoloading, and a malicious user may be able to exploit this.

Viewing 1 replies (of 1 total)

Plugin Author Roland Barker
(@xnau)

8 years, 11 months ago

thanks for this, I’ll get a fix for this in the next release.

Viewing 1 replies (of 1 total)

The topic ‘Unserialize function warning in PDb_Update.class.php’ is closed to new replies.

1 reply
2 participants
Last reply from: Roland Barker
Last activity: 8 years, 11 months ago
Status: not resolved