In chapter 11 (data filtering) it is advised that "If you absolutely must unserialize data from untrusted sources", you can "use PHP 7’s allowed_classes ...".
This is against PHP's own advice as the code might still be executed. See also the warning on unserialize
In chapter 11 (data filtering) it is advised that "If you absolutely must unserialize data from untrusted sources", you can "use PHP 7’s allowed_classes ...".
This is against PHP's own advice as the code might still be executed. See also the warning on unserialize