The calls to serialize()/unserialize() functions do need to be changed out since opauth is currently vulnerable to PHP Object Injection. However, you only replaced the calls to serialize() with json_encode() in your pull request which would make it so that a json encoded value would be sent to callback.php to be unserialized. You need to replaces unserialize() with json_decode() in order to keep from breaking the build.
The calls to
serialize()/unserialize()
functions do need to be changed out since opauth is currently vulnerable to PHP Object Injection. However, you only replaced the calls toserialize()
withjson_encode()
in your pull request which would make it so that a json encoded value would be sent tocallback.php
to be unserialized. You need to replacesunserialize()
withjson_decode()
in order to keep from breaking the build.