Fixed: create a new function cacti_unserialize to cover all raw unser…

…ialize function compatible usage (#5438)

data_debug.php

@@ -591,7 +591,7 @@ function debug_wizard() {
 	if (cacti_sizeof($checks)) {
 		foreach ($checks as $check) {
 			if (isset($check['info']) && $check['info'] != '') {
-				$info = unserialize($check['info']);
+				$info = cacti_unserialize($check['info']);
 			} else {
 				$info = '';
 			}
@@ -682,7 +682,7 @@ function debug_view() {
 	$check_exists = cacti_sizeof($check);
 
 	if (isset($check) && is_array($check)) {
-		$check['info'] = unserialize($check['info']);
+		$check['info'] = cacti_unserialize($check['info']);
 	}
 
 	$dtd = db_fetch_row_prepared('SELECT *

graphs_new.php

@@ -201,7 +201,7 @@ function host_reload_query() {
    ------------------- */
 
 function host_new_graphs_save($host_id) {
-	$selected_graphs_array = sanitize_unserialize_selected_graphs(get_nfilter_request_var('selected_graphs_array'));
+	$selected_graphs_array = cacti_unserialize(stripslashes(get_nfilter_request_var('selected_graphs_array')));
 
 	$values    = array();
 	$form_data = array();

lib/data_query.php

@@ -1715,7 +1715,7 @@ function rewrite_snmp_enum_value($field_name, $value=null, $map=null) {
 
 		$map = $newmap;
 	} else {
-		$map = unserialize($map);
+		$map = cacti_unserialize($map);
 	}
 
 	if ($map === false || !is_array($map)) {

lib/dsdebug.php

@@ -125,7 +125,8 @@ function dsdebug_poller_output(&$rrd_update_array) {
 				foreach ($rrd_update_array as $item) {
 					if ($c['datasource'] == $item['local_data_id']) {
 						if (isset($item['times'][key($item['times'])])) {
-							$c['info']                = unserialize($c['info']);
+							$c['info'] = cacti_unserialize($c['info']);
+
 							$c['info']['last_result'] = $item['times'][key($item['times'])];
 							$c['info']                = serialize($c['info']);
 							db_execute_prepared('UPDATE data_debug SET `info` = ? WHERE `id` = ?', array($c['info'], $c['id']));
@@ -163,7 +164,7 @@ function dsdebug_poller_bottom() {
 
 		foreach ($checks as $c) {
 			$c['issue'] = array();
-			$info       = unserialize($c['info']);
+			$info = cacti_unserialize($c['info']);
 
 			$dtd = db_fetch_row_prepared('SELECT *
 				FROM data_template_data
@@ -339,7 +340,7 @@ function dsdebug_run_repair($id) {
 		array($id));
 
 	if (cacti_sizeof($check)) {
-		$check['info'] = unserialize($check['info']);
+		$check['info'] = cacti_unserialize($check['info']);
 
 		if (isset($check['info']['rrd_match_array']['tune'])) {
 			$path = get_data_source_path($id, true);

lib/functions.php

@@ -8951,3 +8951,7 @@ function get_keyup_delay() {
 
 	return $keyup_delay;
 }
+
+function cacti_unserialize($strobj) {
+		return unserialize($strobj, array('allowed_classes' => false));
+}

managers.php

@@ -944,7 +944,7 @@ function form_actions() {
 
 	if (isset_request_var('selected_items')) {
 		if (isset_request_var('action_receivers')) {
-			$selected_items = sanitize_unserialize_selected_items(get_nfilter_request_var('selected_items'));
+			$selected_items = cacti_unserialize(stripslashes(get_nfilter_request_var('selected_graphs_array')));
 
 			if ($selected_items != false) {
 				if (get_nfilter_request_var('drp_action') == '1') { // delete
@@ -966,7 +966,7 @@ function form_actions() {
 			get_filter_request_var('id');
 			/* ==================================================== */
 
-			$selected_items = sanitize_unserialize_selected_items(get_nfilter_request_var('selected_items'));
+			$selected_items = cacti_unserialize(stripslashes(get_nfilter_request_var('selected_items')));
 
 			if ($selected_items !== false) {
 				if (get_nfilter_request_var('drp_action') == '1') { // disable