[TASK] Use secure deserialization in extension manager
[Packages/TYPO3.CMS.git] / typo3 / sysext / extensionmanager / Classes / Utility / EmConfUtility.php
index 4815f23..d150d6e 100644 (file)
@@ -54,7 +54,7 @@ class EmConfUtility implements SingletonInterface
     public function constructEmConf(array $extensionData, \TYPO3\CMS\Extensionmanager\Domain\Model\Extension $extension = null)
     {
         if (is_object($extension) && empty($extensionData['EM_CONF']['constraints'])) {
-            $extensionData['EM_CONF']['constraints'] = unserialize($extension->getSerializedDependencies());
+            $extensionData['EM_CONF']['constraints'] = unserialize($extension->getSerializedDependencies(), ['allowed_classes' => false]);
         }
         $emConf = $this->fixEmConf($extensionData['EM_CONF']);
         $emConf = var_export($emConf, true);