In chapter 11 (data filtering) it is advised that "If you absolutely must unserialize data from untrusted sources", you can "use PHP 7’s allowed_classes ...".
This is against PHP's own advice as the code might still be executed. See also the warning on unserialize
Xymph
commented
1 year ago
In chapter 11 (data filtering) it is advised that "If you absolutely must unserialize data from untrusted sources", you can "use PHP 7’s allowed_classes ...".
This is against PHP's own advice as the code might still be executed. See also the warning on unserialize