upgradephp: add contributed safe_serialize()/safe_unserialize() functions #1900
Labels
Enhancement
For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc.
Milestone
Written in PHP, these compatibility functions differ from the built-ins in one respect: they don't serialize/unserialize objects.
We currently sign and apply a blacklist on cookies, so this doesn't add any security value there.
But PhpSecInfo has a test that unserializes content from php.net.
The text was updated successfully, but these errors were encountered: