diff options
author | Stefan Giehl <stefan@matomo.org> | 2021-05-12 02:11:45 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-05-12 02:11:45 +0300 |
commit | ba6be4072538eaf54625ebfcead626107836c818 (patch) | |
tree | 6a83f871a4be249465d689a504bf8910e6f73165 /libs | |
parent | c40c4b3d65e8f08dd44522b47cd5d1bba416009b (diff) |
Use Common::safe_unserialize for session data (#17539)
* Use safe_unserialize in Session
* Allow Notification class in session
* update readme
Diffstat (limited to 'libs')
-rw-r--r-- | libs/README.md | 4 | ||||
-rw-r--r-- | libs/Zend/Session.php | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/libs/README.md b/libs/README.md index 999c5c732c..8e911a9e72 100644 --- a/libs/README.md +++ b/libs/README.md @@ -13,10 +13,8 @@ third-party libraries: - in r3040, exception classes don't follow PEAR naming convention * Zend/ - strip require_once (to support autoloading) - - in r3694, fix ZF-10888 and ZF-10835 - - ZF-10871 - undefined variables when socket support disabled - fix #6980 ("Array to string conversion") in `Zend/Session/Exception.php` - - fix Zend/Validate using deprecated iconv_set_encoding() + - various adjustments to remove unused parts of Zend Framework - Make sure sessions work when storing notifications * materialize/ - in materialize.min.css removed the loading of Roboto fonts as the paths do not match and couldn't be loaded. Also diff --git a/libs/Zend/Session.php b/libs/Zend/Session.php index f097920613..cc7dae12b3 100644 --- a/libs/Zend/Session.php +++ b/libs/Zend/Session.php @@ -521,7 +521,9 @@ class Zend_Session extends Zend_Session_Abstract } if (isset($_SESSION['data']) && is_string($_SESSION['data'])) { - $_SESSION = unserialize(base64_decode($_SESSION['data'])); + $_SESSION = \Piwik\Common::safe_unserialize(base64_decode($_SESSION['data']), [ + \Piwik\Notification::class + ]); } // run validators if they exist |