Fix - Partial revoke of security fix regarding serialized objects - H…

…as issues with Page Builders corrupting data, plus WordPress itself handles serialized data the same.
short-pixel-optimizer · Sep 21, 2023 · 09712fc · 09712fc
1 parent 6f95a46
commit 09712fc
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/build/shortpixel/replacer/src/Replacer.php b/build/shortpixel/replacer/src/Replacer.php
@@ -318,7 +318,7 @@ private function replaceContent($content, $search, $replace, $in_deep = false)
 	    if ( true === is_serialized($content))
 			{
 				$serialized_content = $content; // use to return content back if incomplete classes are found, prevent destroying the original information
-	    	$content = Unserialize::unserialize($content, array('allowed_classes' => false));
+	    	$content = Unserialize::unserialize($content);
 				// bail directly on incomplete classes. In < PHP 7.2 is_object is false on incomplete objects!
 				if (true === $this->checkIncomplete($content))
 				{
@@ -500,7 +500,7 @@ private function findNearestSize($sizeName)
   /* Check if given content is JSON format. */
   private function isJSON($content)
   {
-      if (is_array($content) || is_object($content))
+      if (is_array($content) || is_object($content) || is_null($content))
         return false; // can never be.
 
       $json = json_decode($content);