From 5f280625f45c12e0dd20245723a0e64bfd9c03da Mon Sep 17 00:00:00 2001
From: Tim Otten <totten@civicrm.org>
Date: Mon, 28 Oct 2019 18:55:18 -0700
Subject: [PATCH] SavedSearch API - Only accept safe inputs

---
 api/v3/SavedSearch.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/v3/SavedSearch.php b/api/v3/SavedSearch.php
index a379b7f4a4..3146cda4ea 100644
--- a/api/v3/SavedSearch.php
+++ b/api/v3/SavedSearch.php
@@ -57,7 +57,7 @@ function civicrm_api3_saved_search_create($params) {
     }
     else {
       // Assume that form_values is serialized.
-      $params["formValues"] = CRM_Utils_String::unserialize($params["form_values"]);
+      $params["formValues"] = \CRM_Utils_String::unserialize($params["form_values"]);
     }
   }
 
@@ -109,7 +109,7 @@ function _civicrm_api3_saved_search_result_cleanup(&$result) {
     // Only clean up the values if there are values. (A getCount operation
     // for example does not return values.)
     foreach ($result['values'] as $key => $value) {
-      $result['values'][$key]['form_values'] = CRM_Utils_String::unserialize($value['form_values']);
+      $result['values'][$key]['form_values'] = \CRM_Utils_String::unserialize($value['form_values']);
     }
   }
 }
-- 
2.25.1