[SECURITY] Unsafe unserialize of GET parameter in Add-Wizard
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / Controller / EditDocumentController.php
index fdba0d0..79f6846 100644 (file)
@@ -1419,7 +1419,7 @@ class EditDocumentController {
                }
                // If ->returnEditConf is set, then add the current content of editconf to the ->retUrl variable: (used by other scripts, like wizard_add, to know which records was created or so...)
                if ($this->returnEditConf && $this->retUrl != 'dummy.php') {
-                       $this->retUrl .= '&returnEditConf=' . rawurlencode(serialize($this->editconf));
+                       $this->retUrl .= '&returnEditConf=' . rawurlencode(json_encode($this->editconf));
                }
                // If code is NOT set OR set to 1, then make a header location redirect to $this->retUrl
                if (!$code || $code == 1) {