[TASK] Use secure deserialization in extension manager
[Packages/TYPO3.CMS.git] / typo3 / sysext / extensionmanager / Classes / Utility / ExtensionModelUtility.php
index 5977ea5..4f6946e 100644 (file)
@@ -61,7 +61,7 @@ class ExtensionModelUtility
     public function convertDependenciesToObjects($dependencies)
     {
         $dependenciesObject = new \SplObjectStorage();
-        $unserializedDependencies = unserialize($dependencies);
+        $unserializedDependencies = unserialize($dependencies, ['allowed_classes' => false]);
         if (!is_array($unserializedDependencies)) {
             return $dependenciesObject;
         }