PHP 7's security improved unserialize() function

PHP 7 has introduced options parameter in infamously abused unserialize function.   This options parameter enables developers to explicitly define allowed classes to prevent potential code injections.

Hope other languages can inherit from this approach.

http://php.net/manual/en/function.unserialize.php




Comments

Popular posts from this blog

XSS: Gaining access to HttpOnly Cookie in 2012

secure configurations for Laravel - The PHP Framework

HttpOnly Session ID in URL and Page Body | Cross Site Scripting