Add function to wrap Unserialize::unserialize function

7 years ago · fa8b097564
parent 45e885b7fd
commit fa8b097564
23 changed files with 152 additions and 239 deletions
--- a/main/admin/career_diagram.php
+++ b/main/admin/career_diagram.php
@ -14,11 +14,7 @@ UPDATE extra_field_values SET updated_at = NULL WHERE CAST(updated_at AS CHAR(20
 ALTER TABLE extra_field_values modify column value longtext null;
 */
 use Brumann\Polyfill\Unserialize;
 use Fhaculty\Graph\Graph;
 use Fhaculty\Graph\Set\Edges;
 use Fhaculty\Graph\Set\Vertices;
 use Fhaculty\Graph\Set\VerticesMap;
 $cidReset = true;
 require_once __DIR__.'/../inc/global.inc.php';
@ -113,17 +109,7 @@ $tpl = new Template(get_lang('Diagram'));
 $html = Display::page_subheader2($careerInfo['name'].$urlToString);
 if (!empty($item) && isset($item['value']) && !empty($item['value'])) {
    /** @var Graph $graph */
-    $graph = Unserialize::unserialize(
+    $graph = api_unserialize_content('carrer', $item['value']);
        $item['value'],
        [
            'allowed_classes' => [
                Graph::class,
                VerticesMap::class,
                Vertices::class,
                Edges::class,
            ],
        ]
    );
    $html .= Career::renderDiagramByColumn($graph, $tpl);
 } else {
    Display::addFlash(
--- a/main/admin/gradebook_list.php
+++ b/main/admin/gradebook_list.php
@ -1,7 +1,6 @@
 <?php
 /* For licensing terms, see /license.txt */
 use Brumann\Polyfill\Unserialize;
 use Chamilo\CoreBundle\Entity\GradebookCategory;
 use Doctrine\Common\Collections\Criteria;
 use Knp\Component\Pager\Paginator;
@ -189,10 +188,7 @@ switch ($action) {
            $options = [];
            if (!empty($categoryData['depends'])) {
-                $list = Unserialize::unserialize(
+                $list = api_unserialize_content('not_allowed_classes', $categoryData['depends']);
                    $categoryData['depends'],
                    ['allowed_classes' => false]
                );
                foreach ($list as $itemId) {
                    $courseInfo = api_get_course_info_by_id($itemId);
                    $options[$itemId] = $courseInfo['name'];
--- a/main/auth/sso/sso.Drupal.class.php
+++ b/main/auth/sso/sso.Drupal.class.php
@ -1,7 +1,6 @@
 <?php
 /* For licensing terms, see /license.txt */
 use Brumann\Polyfill\Unserialize;
 use ChamiloSession as Session;
 /**
@ -294,9 +293,9 @@ class ssoDrupal
     */
    private function decode_cookie($cookie)
    {
-        return Unserialize::unserialize(
+        return api_unserialize_content(
-            base64_decode($cookie),
+            'not_allowed_classes',
-            ['allowed_classes' => false]
+            base64_decode($cookie)
        );
    }
 }
--- a/main/auth/sso/sso.class.php
+++ b/main/auth/sso/sso.class.php
@ -1,7 +1,6 @@
 <?php
 /* For licensing terms, see /license.txt */
 use Brumann\Polyfill\Unserialize;
 use ChamiloSession as Session;
 /**
@ -297,9 +296,9 @@ class sso
     */
    private function decode_cookie($cookie)
    {
-        return Unserialize::unserialize(
+        return api_unserialize_content(
-            base64_decode($cookie),
+            'not_allowed_classes',
-            ['allowed_classes' => false]
+            base64_decode($cookie)
        );
    }
 }
--- a/main/course_home/course_home.php
+++ b/main/course_home/course_home.php
@ -1,12 +1,8 @@
 <?php
 /* For licensing terms, see /license.txt */
 use Brumann\Polyfill\Unserialize;
 use ChamiloSession as Session;
 use Fhaculty\Graph\Graph;
 use Fhaculty\Graph\Set\Edges;
 use Fhaculty\Graph\Set\Vertices;
 use Fhaculty\Graph\Set\VerticesMap;
 /**
 * HOME PAGE FOR EACH COURSE.
@ -397,11 +393,10 @@ if ($allow === true) {
                );
                if (!empty($item) && isset($item['value']) && !empty($item['value'])) {
-                    $graph = Unserialize::unserialize(
+                    /** @var Graph $graph */
-                        $item['value'],
+                    $graph = api_unserialize_content(
-                        [
+                        'career',
-                            'allowed_classes' => [Graph::class, VerticesMap::class, Vertices::class, Edges::class],
+                        $item['value']
                        ]
                    );
                    $diagram = Career::renderDiagram($careerInfo, $graph);
                }
--- a/main/exercise/hotspot_admin.inc.php
+++ b/main/exercise/hotspot_admin.inc.php
@ -1,7 +1,6 @@
 <?php
 /* For licensing terms, see /license.txt */
 use Brumann\Polyfill\Unserialize;
 use ChamiloSession as Session;
 /**
@ -57,14 +56,13 @@ if ($modifyIn) {
        $objAnswer = new Answer($questionId);
    }
-    $color = Unserialize::unserialize($color, ['allowed_classes' => false]);
+    $color = api_unserialize_content('not_allowed_classes', $color);
-    $reponse = Unserialize::unserialize($reponse, ['allowed_classes' => false]);
+    $reponse = api_unserialize_content('not_allowed_classes', $reponse);
-    $comment = Unserialize::unserialize($comment, ['allowed_classes' => false]);
+    $comment = api_unserialize_content('not_allowed_classes', $comment);
-    $comment = Unserialize::unserialize($comment, ['allowed_classes' => false]);
+    $weighting = api_unserialize_content('not_allowed_classes', $weighting);
-    $weighting = Unserialize::unserialize($weighting, ['allowed_classes' => false]);
+    $hotspot_coordinates = api_unserialize_content('not_allowed_classes', $hotspot_coordinates);
-    $hotspot_coordinates = Unserialize::unserialize($hotspot_coordinates, ['allowed_classes' => false]);
+    $hotspot_type = api_unserialize_content('not_allowed_classes', $hotspot_type);
-    $hotspot_type = Unserialize::unserialize($hotspot_type, ['allowed_classes' => false]);
+    $destination = api_unserialize_content('not_allowed_classes', $destination);
    $destination = Unserialize::unserialize($destination, ['allowed_classes' => false]);
    unset($buttonBack);
 }
--- a/main/exercise/question.class.php
+++ b/main/exercise/question.class.php
@ -1,7 +1,6 @@
 <?php
 /* For licensing terms, see /license.txt */
 use Brumann\Polyfill\Unserialize;
 use Chamilo\CourseBundle\Entity\CQuizAnswer;
 /**
@ -1146,9 +1145,9 @@ abstract class Question
                $se_doc = $di->get_document((int) $se_ref['search_did']);
                if ($se_doc !== false) {
                    if (($se_doc_data = $di->get_document_data($se_doc)) !== false) {
-                        $se_doc_data = Unserialize::unserialize(
+                        $se_doc_data = api_unserialize_content(
-                            $se_doc_data,
+                            'not_allowed_classes',
-                            ['allowed_classes' => false]
+                            $se_doc_data
                        );
                        if (isset($se_doc_data[SE_DATA]['type']) &&
                            $se_doc_data[SE_DATA]['type'] == SE_DOCTYPE_EXERCISE_QUESTION
--- a/main/exercise/upload_exercise.php
+++ b/main/exercise/upload_exercise.php
@ -1,7 +1,6 @@
 <?php
 /* For licensing terms, see /license.txt */
 use Brumann\Polyfill\Unserialize;
 use ChamiloSession as Session;
 /**
@ -550,19 +549,7 @@ function lp_upload_quiz_action_handling()
        if (!empty($lpObject)) {
            /** @var learnpath $oLP */
-            $oLP = Unserialize::unserialize(
+            $oLP = api_unserialize_content('lp', $lpObject);
                $lpObject,
                [
                    'allowed_classes' => [
                        learnpath::class,
                        learnpathItem::class,
                        aiccItem::class,
                        scormItem::class,
                        Link::class,
                        LpItem::class,
                    ],
                ]
            );
            if (is_object($oLP)) {
                if ((empty($oLP->cc)) || $oLP->cc != api_get_course_id()) {
                    $oLP = null;
--- a/main/extra/upgrade_school_calendar.php
+++ b/main/extra/upgrade_school_calendar.php
@ -2,7 +2,6 @@
 /* For licensing terms, see /license.txt */
 // not used??
 use Brumann\Polyfill\Unserialize;
 exit;
@ -31,9 +30,9 @@ $d_number = (int) $d_number;
 $sql4 = "UPDATE set_module SET cal_day_num = $d_number WHERE id = $d_id ";
 Database::query($sql4);
 print_r(
-    Unserialize::unserialize(
+    api_unserialize_content(
-        Security::remove_XSS($_POST['aaa']),
+        'not_allowed_classes',
-        ['allowed_classes' => false]
+        Security::remove_XSS($_POST['aaa'])
    )
 );
--- a/main/gradebook/lib/be/category.class.php
+++ b/main/gradebook/lib/be/category.class.php
@ -1,7 +1,6 @@
 <?php
 /* For licensing terms, see /license.txt */
 use Brumann\Polyfill\Unserialize;
 use Chamilo\CoreBundle\Entity\GradebookCategory;
 use ChamiloSession as Session;
@ -267,10 +266,7 @@ class Category implements GradebookItem
    {
        $this->courseDependency = [];
-        $unserialized = @Unserialize::unserialize(
+        $unserialized = api_unserialize_content('not_allowed_classes', $value, true);
            $value,
            ['allowed_classes' => false]
        );
        if (false !== $unserialized) {
            $this->courseDependency = $unserialized;
--- a/main/inc/lib/api.lib.php
+++ b/main/inc/lib/api.lib.php
@ -3,9 +3,41 @@
 use Brumann\Polyfill\Unserialize;
 use Chamilo\CoreBundle\Entity\SettingsCurrent;
 use Chamilo\CourseBundle\Component\CourseCopy\Course;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\Announcement;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\Attendance;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\CalendarEvent;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseCopyLearnpath;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseCopyTestCategory;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseDescription;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseSession;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\Document;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\Forum;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\ForumCategory;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\ForumPost;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\ForumTopic;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\Glossary;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\GradeBookBackup;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\Link;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\LinkCategory;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\Quiz;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\QuizQuestion;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\QuizQuestionOption;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\ScormDocument;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\Survey;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\SurveyInvitation;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\SurveyQuestion;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\Thematic;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\ToolIntro;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\Wiki;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\Work;
 use Chamilo\CourseBundle\Entity\CItemProperty;
 use Chamilo\UserBundle\Entity\User;
 use ChamiloSession as Session;
 use Fhaculty\Graph\Graph;
 use Fhaculty\Graph\Set\Edges;
 use Fhaculty\Graph\Set\Vertices;
 use Fhaculty\Graph\Set\VerticesMap;
 use Symfony\Component\Finder\Finder;
 /**
@ -2768,10 +2800,7 @@ function api_get_plugin_setting($plugin, $variable)
    if (isset($result[$plugin])) {
        $value = $result[$plugin];
-        $unserialized = @Unserialize::unserialize(
+        $unserialized = api_unserialize_content('not_allowed_classes', $value, true);
            $value,
            ['allowed_classes' => false]
        );
        if (false !== $unserialized) {
            $value = $unserialized;
@ -9305,3 +9334,79 @@ function api_get_relative_path($from, $to)
    return implode('/', $relPath);
 }
 /**
 * Unserialize content using Brummann\Polyfill\Unserialize.
 *
 * @param string $type
 * @param string $serialized
 * @param bool   $ignoreErrors. Optional.
 *
 * @return mixed
 */
 function api_unserialize_content($type, $serialized, $ignoreErrors = false)
 {
    switch ($type) {
        case 'career':
            $allowedClasses = [Graph::class, VerticesMap::class, Vertices::class, Edges::class];
            break;
        case 'lp':
            $allowedClasses = [
                learnpath::class,
                learnpathItem::class,
                aiccItem::class,
                scormItem::class,
                Link::class,
                LpItem::class,
            ];
            break;
        case 'course':
            $allowedClasses = [
                Course::class,
                Announcement::class,
                Attendance::class,
                CalendarEvent::class,
                CourseCopyLearnpath::class,
                CourseCopyTestCategory::class,
                CourseDescription::class,
                CourseSession::class,
                Document::class,
                Forum::class,
                ForumCategory::class,
                ForumPost::class,
                ForumTopic::class,
                Glossary::class,
                GradeBookBackup::class,
                Link::class,
                LinkCategory::class,
                Quiz::class,
                QuizQuestion::class,
                QuizQuestionOption::class,
                ScormDocument::class,
                Survey::class,
                SurveyInvitation::class,
                SurveyQuestion::class,
                Thematic::class,
                ToolIntro::class,
                Wiki::class,
                Work::class,
                stdClass::class,
            ];
            break;
        case 'not_allowed_classes':
        default:
            $allowedClasses = false;
    }
    if ($ignoreErrors) {
        return @Unserialize::unserialize(
            $serialized,
            ['allowed_classes' => $allowedClasses]
        );
    }
    return Unserialize::unserialize(
        $serialized,
        ['allowed_classes' => $allowedClasses]
    );
 }
--- a/main/inc/lib/array.lib.php
+++ b/main/inc/lib/array.lib.php
@ -6,7 +6,6 @@
 *
 * @package chamilo.library
 */
 use Brumann\Polyfill\Unserialize;
 /**
 * Removes duplicate values from a dimensional array.
@ -28,7 +27,7 @@ function array_unique_dimensional($array)
    $array = array_unique($array);
    foreach ($array as &$myvalue) {
-        $myvalue = Unserialize::unserialize($myvalue, ['allowed_classes' => false]);
+        $myvalue = api_unserialize_content('not_allowed_clases', $myvalue);
    }
    return $array;
--- a/main/inc/lib/plugin.class.php
+++ b/main/inc/lib/plugin.class.php
@ -1,7 +1,6 @@
 <?php
 /* For licensing terms, see /license.txt */
 use Brumann\Polyfill\Unserialize;
 use Chamilo\CourseBundle\Entity\CTool;
 /**
@ -323,10 +322,7 @@ class Plugin
        $settings = $this->get_settings();
        foreach ($settings as $setting) {
            if ($setting['variable'] == $this->get_name().'_'.$name) {
-                $unserialized = @Unserialize::unserialize(
+                $unserialized = api_unserialize_content('not_allowed_classes', $setting['selected_value'], true);
                    $setting['selected_value'],
                    ['allowed_classes' => false]
                );
                if (!empty($setting['selected_value']) &&
                    false !== $unserialized
--- a/main/inc/lib/plugin.lib.php
+++ b/main/inc/lib/plugin.lib.php
@ -1,7 +1,6 @@
 <?php
 /* See license terms in /license.txt */
 use Brumann\Polyfill\Unserialize;
 use ChamiloSession as Session;
 /**
@ -438,10 +437,7 @@ class AppPlugin
            $settings_filtered = [];
            foreach ($plugin_settings as $item) {
                if (!empty($item['selected_value'])) {
-                    $unserialized = @Unserialize::unserialize(
+                    $unserialized = api_unserialize_content('not_allowed_classes', $item['selected_value'], true);
                        $item['selected_value'],
                        ['allowed_classes' => false]
                    );
                    if (false !== $unserialized) {
                        $item['selected_value'] = $unserialized;
                    }
--- a/main/inc/lib/statistics.lib.php
+++ b/main/inc/lib/statistics.lib.php
@ -1,8 +1,6 @@
 <?php
 /* For licensing terms, see /license.txt */
 use Brumann\Polyfill\Unserialize;
 /**
 * This class provides some functions for statistics.
 *
@ -307,10 +305,7 @@ class Statistics
            } else {
                if (!empty($row[2])) {
                    $originalData = str_replace('\\', '', $row[2]);
-                    $row[2] = Unserialize::unserialize(
+                    $row[2] = api_unserialize_content('not_allowed_classes', $originalData);
                        $originalData,
                        ['allowed_classes' => false]
                    );
                    if (is_array($row[2]) && !empty($row[2])) {
                        $row[2] = implode_with_key(', ', $row[2]);
                    } else {
--- a/main/lp/aicc_api.php
+++ b/main/lp/aicc_api.php
@ -1,7 +1,6 @@
 <?php
 /* For licensing terms, see /license.txt */
 use Brumann\Polyfill\Unserialize;
 use ChamiloSession as Session;
 /**
@ -37,19 +36,7 @@ require_once __DIR__.'/../inc/global.inc.php';
 // Is this needed? This is probabaly done in the header file.
 $file = Session::read('file');
 /** @var learnpath $oLP */
-$oLP = Unserialize::unserialize(
+$oLP = api_unserialize_content('lp', Session::read('lpobject'));
    Session::read('lpobject'),
    [
        'allowed_classes' => [
            learnpath::class,
            learnpathItem::class,
            aiccItem::class,
            scormItem::class,
            Link::class,
            LpItem::class,
        ],
    ]
 );
 $oItem = $oLP->items[$oLP->current];
 if (!is_object($oItem)) {
    error_log('New LP - scorm_api - Could not load oItem item', 0);
--- a/main/lp/aicc_hacp.php
+++ b/main/lp/aicc_hacp.php
@ -1,7 +1,6 @@
 <?php
 /* For licensing terms, see /license.txt */
 use Brumann\Polyfill\Unserialize;
 use ChamiloSession as Session;
 /**
@ -65,18 +64,9 @@ if ($debug > 2) {
 // Is this needed? This is probabaly done in the header file.
 $file = Session::read('file');
 /** @var learnpath $oLP */
-$oLP = Unserialize::unserialize(
+$oLP = api_unserialize_content(
-    Session::read('lpobject'),
+    'not_allowed_classes',
-    [
+    Session::read('lpobject')
        'allowed_classes' => [
            learnpath::class,
            learnpathItem::class,
            aiccItem::class,
            scormItem::class,
            Link::class,
            LpItem::class,
        ],
    ]
 );
 $oItem = &$oLP->items[$oLP->current];
 if (!is_object($oItem)) {
--- a/main/lp/learnpath.class.php
+++ b/main/lp/learnpath.class.php
@ -1,7 +1,6 @@
 <?php
 /* For licensing terms, see /license.txt */
 use Brumann\Polyfill\Unserialize;
 use Chamilo\CoreBundle\Entity\Repository\CourseRepository;
 use Chamilo\CoreBundle\Entity\Repository\ItemPropertyRepository;
 use Chamilo\CourseBundle\Component\CourseCopy\CourseArchiver;
@ -12691,19 +12690,7 @@ EOD;
        $learnPath = null;
        $lpObject = Session::read('lpobject');
        if ($lpObject !== null) {
-            $learnPath = Unserialize::unserialize(
+            $learnPath = api_unserialize_content('lp', $lpObject);
                $lpObject,
                [
                    'allowed_classes' => [
                        learnpath::class,
                        learnpathItem::class,
                        aiccItem::class,
                        scormItem::class,
                        Link::class,
                        LpItem::class,
                    ],
                ]
            );
            if ($debug) {
                error_log('getLpFromSession: unserialize');
                error_log('------getLpFromSession------');
--- a/main/lp/lp_controller.php
+++ b/main/lp/lp_controller.php
@ -1,7 +1,6 @@
 <?php
 /* For licensing terms, see /license.txt */
 use Brumann\Polyfill\Unserialize;
 use ChamiloSession as Session;
 /**
@ -215,20 +214,8 @@ if (!empty($lpObject)) {
    if ($debug) {
        error_log(' SESSION[lpobject] is defined');
    }
-    /** @var learnpath $olP */
+    /** @var learnpath $oLP */
-    $olP = Unserialize::unserialize(
+    $oLP = api_unserialize_content('lp', $lpObject);
        $lpObject,
        [
            'allowed_classes' => [
                learnpath::class,
                learnpathItem::class,
                aiccItem::class,
                scormItem::class,
                Link::class,
                LpItem::class,
            ],
        ]
    );
    if (isset($oLP) && is_object($oLP)) {
        if ($debug) {
            error_log(' oLP is object');
--- a/main/mySpace/my_career.php
+++ b/main/mySpace/my_career.php
@ -1,11 +1,7 @@
 <?php
 /* For licensing terms, see /license.txt */
 use Brumann\Polyfill\Unserialize;
 use Fhaculty\Graph\Graph;
 use Fhaculty\Graph\Set\Edges;
 use Fhaculty\Graph\Set\Vertices;
 use Fhaculty\Graph\Set\VerticesMap;
 require_once __DIR__.'/../inc/global.inc.php';
@ -48,17 +44,7 @@ foreach ($sessionCategories as $category) {
                    );
                    if ($diagram && !empty($diagram['value'])) {
                        /** @var Graph $graph */
-                        $graph = Unserialize::unserialize(
+                        $graph = api_unserialize_content('career', $diagram['value']);
                            $diagram['value'],
                            [
                                'allowed_classess' => [
                                    Graph::class,
                                    VerticesMap::class,
                                    Vertices::class,
                                    Edges::class,
                                ],
                            ]
                        );
                        $content .= Career::renderDiagram($careerInfo, $graph);
                    }
                }
--- a/plugin/ims_lti/Entity/ImsLtiTool.php
+++ b/plugin/ims_lti/Entity/ImsLtiTool.php
@ -3,7 +3,6 @@
 namespace Chamilo\PluginBundle\Entity\ImsLti;
 use Brumann\Polyfill\Unserialize;
 use Chamilo\CoreBundle\Entity\Course;
 use Chamilo\CoreBundle\Entity\GradebookEvaluation;
 use Doctrine\Common\Collections\ArrayCollection;
@ -466,10 +465,7 @@ class ImsLtiTool
     */
    public function unserializePrivacy()
    {
-        return Unserialize::unserialize(
+        return api_unserialize_content('not_allowed_classes', $this->privacy);
            $this->privacy,
            ['allowed_classes' => false]
        );
    }
    /**
--- a/src/Chamilo/CourseBundle/Component/CourseCopy/CourseArchiver.php
+++ b/src/Chamilo/CourseBundle/Component/CourseCopy/CourseArchiver.php
@ -3,35 +3,8 @@
 namespace Chamilo\CourseBundle\Component\CourseCopy;
 use Brumann\Polyfill\Unserialize;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\Announcement;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\Asset;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\Attendance;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\CalendarEvent;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseCopyLearnpath;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseCopyTestCategory;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseDescription;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\CourseSession;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\Document;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\Forum;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\ForumCategory;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\ForumPost;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\ForumTopic;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\Glossary;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\GradeBookBackup;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\Link;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\LinkCategory;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\Quiz;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\QuizQuestion;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\QuizQuestionOption;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\ScormDocument;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\Survey;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\SurveyInvitation;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\SurveyQuestion;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\Thematic;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\ToolIntro;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\Wiki;
 use Chamilo\CourseBundle\Component\CourseCopy\Resources\Work;
 use Symfony\Component\Filesystem\Filesystem;
 /**
@ -370,42 +343,8 @@ class CourseArchiver
        class_alias('Chamilo\CourseBundle\Component\CourseCopy\Resources\Wiki', 'Wiki');
        class_alias('Chamilo\CourseBundle\Component\CourseCopy\Resources\Work', 'Work');
-        $course = Unserialize::unserialize(
+        /** @var Course $course */
-            base64_decode($contents),
+        $course = api_unserialize_content('course', base64_decode($contents));
            [
                'allowed_classes' => [
                    Course::class,
                    Announcement::class,
                    Attendance::class,
                    CalendarEvent::class,
                    CourseCopyLearnpath::class,
                    CourseCopyTestCategory::class,
                    CourseDescription::class,
                    CourseSession::class,
                    Document::class,
                    Forum::class,
                    ForumCategory::class,
                    ForumPost::class,
                    ForumTopic::class,
                    Glossary::class,
                    GradeBookBackup::class,
                    Link::class,
                    LinkCategory::class,
                    Quiz::class,
                    QuizQuestion::class,
                    QuizQuestionOption::class,
                    ScormDocument::class,
                    Survey::class,
                    SurveyInvitation::class,
                    SurveyQuestion::class,
                    Thematic::class,
                    ToolIntro::class,
                    Wiki::class,
                    Work::class,
                    \stdClass::class,
                ],
            ]
        );
        if (!in_array(
            get_class($course),
--- a/src/Chamilo/PageBundle/Entity/User.php
+++ b/src/Chamilo/PageBundle/Entity/User.php
@ -3,7 +3,6 @@
 namespace Chamilo\PageBundle\Entity;
 use Brumann\Polyfill\Unserialize;
 use Chamilo\CoreBundle\Entity\ExtraFieldValues;
 use Chamilo\CoreBundle\Entity\UsergroupRelUser;
 use Doctrine\Common\Collections\ArrayCollection;
@ -2283,10 +2282,7 @@ class User extends BaseUser
     */
    public function unserialize($serialized)
    {
-        $data = Unserialize::unserialize(
+        $data = api_unserialize_content('not_allowed_classes', $serialized);
            $serialized,
            ['allowed_classes' => false]
        );
        // add a few extra elements in the array to ensure that we have enough keys when unserializing
        // older data which does not include all properties.
        $data = array_merge($data, array_fill(0, 2, null));