Do not store serialized pconfig value received via to Module/Pconfig.php
This commit is contained in:
parent
9bbd6ff67d
commit
6b02c664fb
@ -22,6 +22,11 @@ class Pconfig extends \Zotlabs\Web\Controller {
|
|||||||
$k = trim(escape_tags($_POST['k']));
|
$k = trim(escape_tags($_POST['k']));
|
||||||
$v = trim($_POST['v']);
|
$v = trim($_POST['v']);
|
||||||
$aj = intval($_POST['aj']);
|
$aj = intval($_POST['aj']);
|
||||||
|
|
||||||
|
// Do not store "serialized" data received in the $_POST
|
||||||
|
if (preg_match('|^a:[0-9]+:{.*}$|s',$v) || preg_match('O:8:"stdClass":[0-9]+:{.*}$|s',$v)) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if(in_array(argv(2),$this->disallowed_pconfig())) {
|
if(in_array(argv(2),$this->disallowed_pconfig())) {
|
||||||
notice( t('This setting requires special processing and editing has been blocked.') . EOL);
|
notice( t('This setting requires special processing and editing has been blocked.') . EOL);
|
||||||
|
Reference in New Issue
Block a user