Implements wrapper method for a more secure unserialize with PHP 7 (#13285)

* Implements wrapper method for a more secure unserialize * run AllTests on PHP 7 * trigger a debug message if unserialize fails on PHP 7 + tests * Add string to deserialize to debug log.
author: Stefan Giehl <stefan@piwik.org> 2018-10-11 02:00:43 +0300
committer: diosmosis <diosmosis@users.noreply.github.com> 2018-10-11 02:00:43 +0300
commit: eb965d4ff002943ce926c99267511af55dee10cf (patch)
tree: 61e3f6607e9f4e4c97621e9220771251f3a3491e /plugins/Annotations
parent: 8c07b4d61e662c77f1eb249d22256c5fa98ab496 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/plugins/Annotations/AnnotationList.php b/plugins/Annotations/AnnotationList.php
index 823c7bf125..845cbfe9ae 100644
--- a/plugins/Annotations/AnnotationList.php
+++ b/plugins/Annotations/AnnotationList.php
@@ -9,6 +9,7 @@
 namespace Piwik\Plugins\Annotations;
 
 use Exception;
+use Piwik\Common;
 use Piwik\Date;
 use Piwik\Option;
 use Piwik\Piwik;
@@ -330,7 +331,7 @@ class AnnotationList
             $serialized = Option::get($optionName);
 
             if ($serialized !== false) {
-                $result[$id] = @unserialize($serialized);
+                $result[$id] = Common::safe_unserialize($serialized);
                 if (empty($result[$id])) {
                     // in case unserialize failed
                     $result[$id] = array();
author	Stefan Giehl <stefan@piwik.org>	2018-10-11 02:00:43 +0300
committer	diosmosis <diosmosis@users.noreply.github.com>	2018-10-11 02:00:43 +0300
commit	eb965d4ff002943ce926c99267511af55dee10cf (patch)
tree	61e3f6607e9f4e4c97621e9220771251f3a3491e /plugins/Annotations
parent	8c07b4d61e662c77f1eb249d22256c5fa98ab496 (diff)