Merge remote-tracking branch 'origin/MAGETWO-95157' into 2.1.16-develop-pr58

SeruyV · SeruyV · commit ad5f2e27e69d · 2018-10-19T14:17:23.000+03:00
diff --git a/app/code/Magento/Braintree/Model/Adminhtml/System/Config/CountryCreditCard.php b/app/code/Magento/Braintree/Model/Adminhtml/System/Config/CountryCreditCard.php
@@ -8,11 +8,13 @@
 use Magento\Framework\App\Cache\TypeListInterface;
 use Magento\Framework\App\Config\ScopeConfigInterface;
 use Magento\Framework\App\Config\Value;
+use Magento\Framework\App\ObjectManager;
 use Magento\Framework\Data\Collection\AbstractDb;
 use Magento\Framework\Math\Random;
 use Magento\Framework\Model\Context;
 use Magento\Framework\Model\ResourceModel\AbstractResource;
 use Magento\Framework\Registry;
+use Magento\Framework\Unserialize\SecureUnserializer;
 
 /**
  * Class CountryCreditCard
@@ -24,6 +26,11 @@ class CountryCreditCard extends Value
      */
     protected $mathRandom;
 
+    /**
+     * @var SecureUnserializer
+     */
+    private $secureUnserializer;
+
     /**
      * @param \Magento\Framework\Model\Context $context
      * @param \Magento\Framework\Registry $registry
@@ -32,6 +39,7 @@ class CountryCreditCard extends Value
      * @param \Magento\Framework\Math\Random $mathRandom
      * @param \Magento\Framework\Model\ResourceModel\AbstractResource $resource
      * @param \Magento\Framework\Data\Collection\AbstractDb $resourceCollection
+     * @param SecureUnserializer|null $secureUnserializer
      * @param array $data
      */
     public function __construct(
@@ -42,9 +50,11 @@ public function __construct(
         Random $mathRandom,
         AbstractResource $resource = null,
         AbstractDb $resourceCollection = null,
+        SecureUnserializer $secureUnserializer = null,
         array $data = []
     ) {
         $this->mathRandom = $mathRandom;
+        $this->secureUnserializer = $secureUnserializer ?: ObjectManager::getInstance()->get(SecureUnserializer::class);
         parent::__construct($context, $registry, $config, $cacheTypeList, $resource, $resourceCollection, $data);
     }
 
@@ -58,7 +68,7 @@ public function beforeSave()
         $value = $this->getValue();
         if (!is_array($value)) {
             try {
-                $value = unserialize($value);
+                $value = $this->secureUnserializer->unserialize($value);
             } catch (\InvalidArgumentException $e) {
                 $value = [];
             }
