Warning : unserialize() has been disabled for security reasons in /home/vol8_3/epizy.com/epiz_24713782/norwegianairvirtualcc.rf.gd/htdocs/core/classes/SessionManager.class.php on line 76
Other Information
Before the Issues with the Website was on error 502 bad gateway, it was running fine on php 5.6, but after it was up, I got errors.
Last year when this happened I changed php version from 5.4 to 5.6 and it was fine.
It stopped working because we found out that there was a big security hole in the PHP unserialize function. The fix for this issue was created after PHP 5.6 was end of life, so no patch was created for these older PHP versions.
We upgraded to PHP 7.4 to fix this issue in the PHP 7.x version we offer. However, no such fix exists for older PHP versions, which is why disabling this function is our only option.
So you have a few options here:
Make your software work with PHP 7.4, or migrate to software which does work with PHP 7 already.
Edit your software so it doesn’t use the unserialize function anymore.
Switch to premium hosting, which uses HardenedPHP and other security systems which means the unserialize function doesn’t need to be disabled there.
It is disabled on a php version to prevent a dangerous security risk, you should use +PHP 7 for your app.
I cannot find anything on the “serialize” function. It looks like the “unserialize” function works if you are using PHP 7+. I recommend always having the later version of PHP installed for your site, so unless something prevents the upgrading of PHP, I see no reason not to upgrade to 7+ (You can upgrade it in the control panel under “PHP Level”).
In your situation, you would either have to upgrade to PHP 7+ and replace the script that would break, or make your site work without the use of the unserialize function.
You do have one more choice, which is to upgrade to premium, where, due to all of the added security, PHP Unserialize can be used on all PHP levels without restrictions.
Supposedly the script he is running does not allow PHP 7+. There were about 3-4 topics about the 7+ thing, and it was Admin who’s answer I quoted. I hope it’s right
You’re correct @Greenreader9! The particular PHP vulnerability was related to the unserialize function, the serialize function is not affected.
The best thing to do right now @Pilot_Dan is to try and get your website to work on PHP 7. Perhaps your existing website can be updated to work with PHP 7, perhaps you may need to choose different website software that is still being maintained.
We still offer some PHP 5 versions now, but this won’t last forever. If you don’t update your website, you can expect more things to break down or your website to stop working entirely.
Hello!
Thanks for the answer. It’s still Odd that I experience the error now, but I’ve started a new project to make a new version as most of the code is from 2012. So just a new project to fully support php 7.4 is my new mission. Thank you!
