fix: remove unserialize() in old()

I can't think of any use cases.
obozdag · Dec 9, 2021 · 18138fa · 18138fa
1 parent 76ad2ad
commit 18138fa
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 6 deletions.
diff --git a/system/Common.php b/system/Common.php
@@ -813,11 +813,6 @@ function old(string $key, $default = null, $escape = 'html')
             return $default;
         }
 
-        // If the result was serialized array or string, then unserialize it for use...
-        if (is_string($value) && (strpos($value, 'a:') === 0 || strpos($value, 's:') === 0)) {
-            $value = unserialize($value);
-        }
-
         return $escape === false ? $value : esc($value, $escape);
     }
 }

diff --git a/tests/system/CommonFunctionsTest.php b/tests/system/CommonFunctionsTest.php
@@ -300,7 +300,7 @@ public function testOldInput()
         $_GET     = ['foo' => 'bar'];
         $_POST    = [
             'bar'    => 'baz',
-            'zibble' => serialize('fritz'),
+            'zibble' => 'fritz',
         ];
 
         $response = new RedirectResponse(new App());