Sanitize cleanCallback on wakeup. Extra security check for APIs like SecurePoll/auth...

diff --git a/includes/Status.php b/includes/Status.php
index 1eb2b66..516ed95 100644 (file)
--- a/includes/Status.php
+++ b/includes/Status.php
@@ -84,6 +84,13 @@ class Status {
                $this->ok = false;
        }
 
+       /**
+        * Sanitize the callback parameter on wakeup, to avoid arbitrary execution.
+        */
+       function __wakeup() {
+               $this->cleanCallback = false;
+       }
+
        protected function cleanParams( $params ) {
                if ( !$this->cleanCallback ) {
                        return $params;