Unserialize() has been disabled for security reasons

nodrog1061 · July 15, 2020, 1:09pm

https://tf-misfit.co.uk/forums/install/upgrade.php

(please specify the website or account you are asking about)

“Warning [2] unserialize() has been disabled for security reasons - Line: 112 - File: inc/class_datacache.php PHP 7.3.6 (Linux)”

(please share the FULL error message you see)

recently this was not a problem randomly MyBB is trying to get me to upgrade and when I try and do that it says the above I don’t understand how this has happened.

i want to highlight this site was fine only hours ago and i have made no changes to it.

(other information and details relevant to your question)

katufo · July 15, 2020, 1:57pm

Maybe because of this?

Could you try to update it using Softaculous, or reinstall a latest version?

nodrog1061 · July 15, 2020, 1:58pm

im aware of that can I highlight this sentence from my original post

JavesPotato · July 15, 2020, 2:02pm

I think the unserialize() has been deactivated by IFastNet a while ago for security reasons.

IFastNet had made many recent changes in security.

Im still not sure if they disabled it but according to my 10 seconds reseach, that function had a vulnerability.

nodrog1061 · July 15, 2020, 2:03pm

thanks, @JavesPotato I’m going to leave this MyBB forum to post here for @Admin to look at

https://community.mybb.com/thread-228594-post-1352980.html#pid_1352980:~:text=ignore%20reported%20images%20%26%20ignore%20files,screenshot%20of%20error%20message%20containing%20unserialize()

nodrog1061 · July 15, 2020, 4:30pm

somehow the site is now fine thank the web god’s for there help

Miceg29 · July 16, 2020, 5:33am

I need help i have this trouble “unserialize() has been disabled for security reasons”
What I need to do for activate again

nodrog1061 · July 16, 2020, 12:46pm

I would say if I knew it seemingly just fixed its self for me after about 3 hours of downtime are you using MyBB?

Miceg29 · July 16, 2020, 3:41pm

Hi, I’m not using MyBB, I’m using that function with Cakephp 2.9 for my sessions I would like to enabled it again if it’s possible thank’s my dear nodrog 1061 or what I need to do for that trouble.

Sincerely Miriam.

nodrog1061 · July 16, 2020, 4:00pm

i can’t really help you @Admin is the guy to talk to

katufo · July 16, 2020, 6:19pm

Make a new topic so we could help you with your problem, rather than hijacking another topic. @Miceg29

Admin · July 17, 2020, 5:23pm

Security issues were found in old PHP version, which most websites were using before. Disabling the unserialize function is a mitigation that was applied after this issue came to light. Of course, unserialize is a quite common function, so this is a temporary fix. But servers are being upgraded right now to a new PHP version which doesn’t have this issue.

For the account of @nodrog1061, it has been upgraded to PHP 7.4, so unserialize should be working again.

For the account of @Miceg29, your account is currently using PHP 5.4. This is a very old version of PHP which may have unsolved security problems too. Unless you have a very good reason to use an older PHP version, you should switch to PHP 7.4 as well. And if you do have to use another PHP version, please use the latest version that your website will support.

system · August 1, 2020, 5:23pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.