From 8047a04148733c8ce89f4b03eab70599c79e029e Mon Sep 17 00:00:00 2001
From: Andreas Kellas <andreas.kellas@columbia.edu>
Date: Thu, 22 Jun 2023 12:02:30 -0400
Subject: [PATCH] Hook fugio_unserialize for old PHP compatibility

---
 Files/sensitive_functions_list.txt | 1 +
 Utils/HookFiles/HookHead.php       | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/Files/sensitive_functions_list.txt b/Files/sensitive_functions_list.txt
index 6051b00..d8ccd8a 100644
--- a/Files/sensitive_functions_list.txt
+++ b/Files/sensitive_functions_list.txt
@@ -2,6 +2,7 @@
 
 
 unserialize|1
+fugio_unserialize|1
 # ==== NEED TO SET VULN INJECT POINT NUMBERS!! ====
 copy|1
 file_exists|1
diff --git a/Utils/HookFiles/HookHead.php b/Utils/HookFiles/HookHead.php
index 0a7c58c..adb3e8d 100644
--- a/Utils/HookFiles/HookHead.php
+++ b/Utils/HookFiles/HookHead.php
@@ -290,7 +290,7 @@ function get_declared_traits_r353t() {
 
 function filter_allowed_classes($array, $trigger_func, $func_argv) {
   $return_array = $array;
-  if ($trigger_func == "unserialize" && count($func_argv) > 1) {
+  if (($trigger_func == "unserialize" || $trigger_func == "fugio_unserialize") && count($func_argv) > 1) {
       if (array_key_exists("allowed_classes", $func_argv[1])) {
           if (gettype($func_argv[1]["allowed_classes"]) == "boolean") {
               if ($func_argv[1]["allowed_classes"] == false) {