diff --git a/app/code/core/Mage/Core/Helper/UnserializeArray.php b/app/code/core/Mage/Core/Helper/UnserializeArray.php
index c5437673dcf..564189e8600 100644
--- a/app/code/core/Mage/Core/Helper/UnserializeArray.php
+++ b/app/code/core/Mage/Core/Helper/UnserializeArray.php
@@ -29,6 +29,9 @@ class Mage_Core_Helper_UnserializeArray
      */
     public function unserialize($str)
     {
+        if (!is_string($str) || $str === '') {
+            throw new Exception('Error unserializing data.');
+        }
         try {
             $result = unserialize($str, ['allowed_classes' => false]);
             if ($result === false && $str !== serialize(false)) {