[Phpmyadmin-devel] unserialize in user preferences
Marc Delisle
marc at infomarc.info
Wed Feb 9 11:31:19 CET 2011
Le 2011-02-09 05:28, Michal Čihař a écrit :
> Hi all
>
> while looking at user preferences I've noticed that it uses
> serialize/unserialize for storing the data in database. As this
> functions is quite famous in terms of security, I think we
> should avoid this.
>
> Any reason for not using json encoding there instead? It encodes just
> the data and would not possibly call PHP code as unserialize could do
> because of objects with __wakeup() methods.
It's also used in PHPExcel, TCPDF and tracking feature.
--
Marc Delisle
http://infomarc.info
More information about the Developers
mailing list