Hook fugio_unserialize for old PHP compatibility

wunused · Jun 22, 2023 · 8047a04 · 8047a04
1 parent b8671a4
commit 8047a04
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/Files/sensitive_functions_list.txt b/Files/sensitive_functions_list.txt
@@ -2,6 +2,7 @@
 
 
 unserialize|1
+fugio_unserialize|1
 # ==== NEED TO SET VULN INJECT POINT NUMBERS!! ====
 copy|1
 file_exists|1

diff --git a/Utils/HookFiles/HookHead.php b/Utils/HookFiles/HookHead.php
@@ -290,7 +290,7 @@ function get_declared_traits_r353t() {
 
 function filter_allowed_classes($array, $trigger_func, $func_argv) {
   $return_array = $array;
-  if ($trigger_func == "unserialize" && count($func_argv) > 1) {
+  if (($trigger_func == "unserialize" || $trigger_func == "fugio_unserialize") && count($func_argv) > 1) {
       if (array_key_exists("allowed_classes", $func_argv[1])) {
           if (gettype($func_argv[1]["allowed_classes"]) == "boolean") {
               if ($func_argv[1]["allowed_classes"] == false) {