The calls to serialize()/unserialize() functions do need to be changed out since opauth is currently vulnerable to PHP Object Injection. However, you only replaced the calls to serialize() with json_encode() in your pull request which would make it so that a json encoded value would be sent to callback.php to be unserialized. You need to replaces unserialize() with json_decode() in order to keep from breaking the build.
The calls to
serialize()/unserialize()functions do need to be changed out since opauth is currently vulnerable to PHP Object Injection. However, you only replaced the calls toserialize()withjson_encode()in your pull request which would make it so that a json encoded value would be sent tocallback.phpto be unserialized. You need to replacesunserialize()withjson_decode()in order to keep from breaking the build.