diff --git a/moodle/Sniffs/PHP/ForbiddenFunctionsSniff.php b/moodle/Sniffs/PHP/ForbiddenFunctionsSniff.php index 84e03a3..502a9ae 100644 --- a/moodle/Sniffs/PHP/ForbiddenFunctionsSniff.php +++ b/moodle/Sniffs/PHP/ForbiddenFunctionsSniff.php @@ -19,8 +19,6 @@ // phpcs:disable moodle.NamingConventions use PHP_CodeSniffer\Standards\Generic\Sniffs\PHP\ForbiddenFunctionsSniff as GenericForbiddenFunctionsSniff; -use PHP_CodeSniffer\Sniffs\Sniff; -use PHP_CodeSniffer\Files\File; /** * Sniff for debugging and other functions that we don't want used in finished code. @@ -65,5 +63,6 @@ class ForbiddenFunctionsSniff extends GenericForbiddenFunctionsSniff { 'print_object' => null, // Dangerous functions. From coding style. 'extract' => null, + 'unserialize' => null, ]; } diff --git a/moodle/Tests/MoodleStandardTest.php b/moodle/Tests/MoodleStandardTest.php index 074ec67..3f7489e 100644 --- a/moodle/Tests/MoodleStandardTest.php +++ b/moodle/Tests/MoodleStandardTest.php @@ -470,6 +470,7 @@ public function test_moodle_php_forbiddenfunctions() { 15 => 0, 16 => 0, 17 => 0, + 20 => 'function unserialize() is forbidden', )); $this->set_warnings(array()); diff --git a/moodle/Tests/fixtures/moodle_php_forbiddenfunctions.php b/moodle/Tests/fixtures/moodle_php_forbiddenfunctions.php index 9a643ad..824cfe6 100644 --- a/moodle/Tests/fixtures/moodle_php_forbiddenfunctions.php +++ b/moodle/Tests/fixtures/moodle_php_forbiddenfunctions.php @@ -16,5 +16,6 @@ a: echo 'Goto labels, oh my!' b: echo 'More goto labels, re-oh my!' -// Fair enough. +// Fair enough. Unserialize can be dangerous too, better catch it. +$a = unserialize($b);