Merge branch 'dev' of https://framagit.org/hubzilla/core into xdev_merge

author: zotlabs <mike@macgirvin.com> 2018-12-03 19:19:31 -0800
committer: zotlabs <mike@macgirvin.com> 2018-12-03 19:19:31 -0800
commit: ffc3dba6825933d8e3ddc1a9a1ee93785acb2fca (patch)
tree: 6b42761029370c325064d2790b4c3d8debb7dd38 /Zotlabs/Module/Pconfig.php
parent: 1acc5ceb5f17b3bd36eeba9245c4bb3923793c34 (diff)
parent: 5e14da67e1329947a14cc4f009cebcfe4a5ece2f (diff)
download: volse-hubzilla-ffc3dba6825933d8e3ddc1a9a1ee93785acb2fca.tar.gz
volse-hubzilla-ffc3dba6825933d8e3ddc1a9a1ee93785acb2fca.tar.bz2
volse-hubzilla-ffc3dba6825933d8e3ddc1a9a1ee93785acb2fca.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/Zotlabs/Module/Pconfig.php b/Zotlabs/Module/Pconfig.php
index 44fe5d9a9..f31d5fdf6 100644
--- a/Zotlabs/Module/Pconfig.php
+++ b/Zotlabs/Module/Pconfig.php
@@ -22,6 +22,11 @@ class Pconfig extends \Zotlabs\Web\Controller {
 		$k = trim(escape_tags($_POST['k']));
 		$v = trim($_POST['v']);
 		$aj = intval($_POST['aj']);
+
+		// Do not store "serialized" data received in the $_POST
+		if (preg_match('|^a:[0-9]+:{.*}$|s',$v) || preg_match('O:8:"stdClass":[0-9]+:{.*}$|s',$v)) {
+			return;
+		}
 	
 		if(in_array(argv(2),$this->disallowed_pconfig())) {
 			notice( t('This setting requires special processing and editing has been blocked.') . EOL);
author	zotlabs <mike@macgirvin.com>	2018-12-03 19:19:31 -0800
committer	zotlabs <mike@macgirvin.com>	2018-12-03 19:19:31 -0800
commit	ffc3dba6825933d8e3ddc1a9a1ee93785acb2fca (patch)
tree	6b42761029370c325064d2790b4c3d8debb7dd38 /Zotlabs/Module/Pconfig.php
parent	1acc5ceb5f17b3bd36eeba9245c4bb3923793c34 (diff)
parent	5e14da67e1329947a14cc4f009cebcfe4a5ece2f (diff)
download	volse-hubzilla-ffc3dba6825933d8e3ddc1a9a1ee93785acb2fca.tar.gz volse-hubzilla-ffc3dba6825933d8e3ddc1a9a1ee93785acb2fca.tar.bz2 volse-hubzilla-ffc3dba6825933d8e3ddc1a9a1ee93785acb2fca.zip