From b38578b468d694534db5fabe356db5ffdc58bd6e Mon Sep 17 00:00:00 2001 From: Stefan Giehl Date: Fri, 15 Jan 2021 08:53:48 +0100 Subject: Introduce PHP CS to improve code quality (#16755) * Adds PHP CS with a basic config * automatically check coding style for pull requests * Disallow usage of eval & create_function and force using Common::safe_unserialize instead of unserialize * Forbid inline control structures * fix test --- core/Common.php | 1 + core/Updates/3.8.0-b3.php | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'core') diff --git a/core/Common.php b/core/Common.php index fd67308062..7085aea33f 100644 --- a/core/Common.php +++ b/core/Common.php @@ -319,6 +319,7 @@ class Common public static function safe_unserialize($string, $allowedClasses = [], $rethrow = false) { try { + // phpcs:ignore Generic.PHP.ForbiddenFunctions return unserialize($string, ['allowed_classes' => empty($allowedClasses) ? false : $allowedClasses]); } catch (\Throwable $e) { if ($rethrow) { diff --git a/core/Updates/3.8.0-b3.php b/core/Updates/3.8.0-b3.php index 93a29a94a2..967533cbb2 100644 --- a/core/Updates/3.8.0-b3.php +++ b/core/Updates/3.8.0-b3.php @@ -49,7 +49,7 @@ class Updates_3_8_0_b3 extends PiwikUpdates if (Plugin\Manager::getInstance()->isPluginActivated('GoogleAuthenticator')) { foreach (Option::getLike('GoogleAuthentication.%') as $name => $value) { - $value = @unserialize($value); + $value = @Common::safe_unserialize($value); if (!empty($value['isActive']) && !empty($value['secret'])) { $login = str_replace('GoogleAuthentication.', '', $name); -- cgit v1.2.3