Le 06/08/2017 à 00:49, Stanislav Malyshev a écrit : > Hi! > >> https://bugs.php.net/bug.php?id=75006 has been marked as a non-security >> bug, with the justification that unserialize() should not be fed untrusted >> input. While we do document that unserialize() shouldn't be used on >> untrusted input, we have always treated these as security bugs in the past. > > Not always, but sometimes we did. I think we should stop doing it, as to > not validate the idea that unserialize can safely be used with untrusted > data
+1
signature.asc
Description: OpenPGP digital signature