From 8be71d467d0e185bb8554a8ac8f0f9a9babef458 Mon Sep 17 00:00:00 2001 From: rodelgc Date: Sat, 27 Jul 2024 03:31:51 +0800 Subject: [PATCH] Whitelist a line in WC Beta Tester from QIT security tests (#49965) * Whitelist succeeding line from QIT's security scanner * Add changelog --- .../changelog/update-qit-false-positive | 4 ++++ .../includes/class-wc-beta-tester-import-export.php | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 plugins/woocommerce-beta-tester/changelog/update-qit-false-positive diff --git a/plugins/woocommerce-beta-tester/changelog/update-qit-false-positive b/plugins/woocommerce-beta-tester/changelog/update-qit-false-positive new file mode 100644 index 00000000000..4ef13c4c93c --- /dev/null +++ b/plugins/woocommerce-beta-tester/changelog/update-qit-false-positive @@ -0,0 +1,4 @@ +Significance: patch +Type: dev + +Whitelist line with maybe_unserialize() function call from QIT security tests. diff --git a/plugins/woocommerce-beta-tester/includes/class-wc-beta-tester-import-export.php b/plugins/woocommerce-beta-tester/includes/class-wc-beta-tester-import-export.php index f118be302f0..301835f23e8 100644 --- a/plugins/woocommerce-beta-tester/includes/class-wc-beta-tester-import-export.php +++ b/plugins/woocommerce-beta-tester/includes/class-wc-beta-tester-import-export.php @@ -78,7 +78,7 @@ class WC_Beta_Tester_Import_Export { // show error/update messages. if ( ! empty( $this->message ) ) { ?> -
message['type'] ) ? esc_attr( $this->message['type'] ) : ''; ?> @@ -172,6 +172,7 @@ class WC_Beta_Tester_Import_Export { if ( ! isset( $settings[ $option_name ] ) ) { continue; } + // nosemgrep scanner.php.wp.security.object-injection, audit.php.wp.security.object-injection $setting = maybe_unserialize( $settings[ $option_name ] ); if ( is_null( $setting ) ) { delete_option( $option_name );