get rid of serialization completely to avoid possible code execution, fixes #555

Signed-off-by: Michael Kaufmann <michael.kaufmann@aixit.com>
2018-05-29 15:47:41 +02:00
parent 10330f8a7a
commit c1e62e6be7
13 changed files with 71 additions and 42 deletions
--- a/scripts/jobs/cron_backup.php
+++ b/scripts/jobs/cron_backup.php
@@ -79,7 +79,7 @@ $all_jobs = $result_tasks_stmt->fetchAll();
 foreach ($all_jobs as $row) {

 	if ($row['data'] != '') {
-		$row['data'] = unserialize($row['data']);
+		$row['data'] = json_decode($row['data'], true);
 	}

 	if (is_array($row['data'])) {
--- a/scripts/jobs/cron_tasks.php
+++ b/scripts/jobs/cron_tasks.php
@@ -43,7 +43,7 @@ while ($row = $result_tasks_stmt->fetch(PDO::FETCH_ASSOC)) {
 	$resultIDs[] = $row['id'];

 	if ($row['data'] != '') {
-		$row['data'] = unserialize($row['data']);
+		$row['data'] = json_decode($row['data'], true);
 	}

 	/**