- Issue created by @TR
- Merge request !31Issue #3456901 by TR: Add @phpcs:ignore to test cases that unserialize fixtures β (Merged) created by TR
- Status changed to Fixed
4 days ago 4:26am 25 June 2024
PHPCS complains about our use of unserialize() being insecure. PHPCS complains about ALL uses of unserialize() because if they process user provided data this can be hazardous.
But the way we use it is in a test case to test serialization of our custom RulesExpressions, which is
and there is no way this specific usage poses a security vulnerability for any site that has Rules installed.
Additionally, this same usage of unserialize() is done in core too.
Marking these known usages with @phpcs:ignore will prevent the warnings from polluting our test results, and will serve to document the usage as intentional within the code.
Fixed
4.0
Tests