projects / civicrm-core.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Implement xKerman/restricted-unserialize package to guard against unsafe unserialize
[civicrm-core.git] / CRM / Core / BAO / ConfigSetting.php
diff --git a/CRM/Core/BAO/ConfigSetting.php b/CRM/Core/BAO/ConfigSetting.php
index 8919a6d79095ec8cbb583e4a82875029bb12e897..c30f7ae1ce89ec1607442d74a9ebbe647261bed5 100644 (file)
--- a/CRM/Core/BAO/ConfigSetting.php
+++ b/CRM/Core/BAO/ConfigSetting.php
@@ -63,7 +63,7 @@ class CRM_Core_BAO_ConfigSetting {
     $domain->id = CRM_Core_Config::domainID();
     $domain->find(TRUE);
     if ($domain->config_backend) {
-      $params = array_merge(unserialize($domain->config_backend), $params);
+      $params = array_merge(CRM_Utils_String::unserialize($domain->config_backend), $params);
     }
 
     $params = CRM_Core_BAO_ConfigSetting::filterSkipVars($params);
@@ -106,7 +106,7 @@ class CRM_Core_BAO_ConfigSetting {
     $domain->id = CRM_Core_Config::domainID();
     $domain->find(TRUE);
     if ($domain->config_backend) {
-      $defaults = unserialize($domain->config_backend);
+      $defaults = CRM_Utils_String::unserialize($domain->config_backend);
       if ($defaults === FALSE || !is_array($defaults)) {
         $defaults = [];
         return FALSE;