parse_ini_fileis used anywhere directly (but shouldn't be the case. Maybe also check if this implementation had fixes that are missing in the component
globis checked as an optional function in the system check
file_get_contentswas disabled and this was used instead to download files?
ProxyHttp::serverStaticFile, but only advantage seems to be supporting partial files (which is used nowhere in Matomo)
This is mostly a proof of concept. It would be great if someone who knows more about why these functions exist could take over.
Guess we could simply use
serialize instead, as we always should use
safe_unserialize, which then should block unseralizing bad objects. Or we introduce a
Common::safe_serialize, that similar to
allowed_classes as new param and blocks all other objects from being serialized.
possibly still needed. Maybe find a better place for them
I'd suggest to require
I'd suggest to require symfony/polyfill-mbstring instead
That's a good idea. As it is already a dependency of twig adding it explicitly shouldn't even add any code.