unserialize() is insecure unless allowed classes are limited. Use a safe format like JSON or use the allowed_classes option.

CommentFileSizeAuthor
#3 schema_metatag-3313577-3.patch1.55 KBrajeshreeputra

Issue fork schema_metatag-3313577

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

Rajeshreeputra created an issue. See original summary.

Rajeshreeputra opened merge request !22

rajeshreeputra’s picture

rajeshreeputra
he/him
Location Pune
commented
Status: Active » Needs review
StatusFileSize
new schema_metatag-3313577-3.patch1.55 KB

here is the patch of MR for quick access

rajeshreeputra’s picture

rajeshreeputra
he/him
Location Pune
commented
Assigned: rajeshreeputra » Unassigned
damienmckenna’s picture

damienmckenna
Location TN, USA
commented
Title: unserialize() is insecure unless allowed classes are limited. Use a safe format like JSON or use the allowed_classes option. » Add "allowed_classes" option to all unserialize() uses
damienmckenna’s picture

damienmckenna
Location TN, USA
commented
Parent issue: » #3308684: Plan for Schema.org Metatag 8.x-2.4
Related issues: +#3308682: Plan for Schema.org Metatag 8.x-1.9

This looks reasonable.

  • DamienMcKenna committed d1853ba on 8.x-1.x 
    Issue #3313577 by Rajeshreeputra, DamienMcKenna: Add "allowed_classes"...

  • DamienMcKenna committed 8ec70b2 on 8.x-2.x 
    Issue #3313577 by Rajeshreeputra, DamienMcKenna: Add "allowed_classes"...
damienmckenna’s picture

damienmckenna
Location TN, USA
commented
Status: Needs review » Fixed

Committed. Thank you.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.