From 661844cf40e3f8d583580789a5a6580697c8b8c8 Mon Sep 17 00:00:00 2001
From: edison-infotel <edison.jace@infotel.com>
Date: Thu, 15 May 2025 10:43:26 +0200
Subject: [PATCH] security correction for Deserialization of Untrusted Data in
 search.php

---
 ajax/search.php | 31 ++++++++++++++++++++-----------
 1 file changed, 20 insertions(+), 11 deletions(-)

diff --git a/ajax/search.php b/ajax/search.php
index 5e983d3..15fefc4 100644
--- a/ajax/search.php
+++ b/ajax/search.php
@@ -34,38 +34,47 @@
 //Html::header_nocache();
 
 $search = new PluginPrintercountersSearch();
-
+$allowed_classes = [PluginPrintercountersRecord::class];
 switch ($_POST['action']) {
     case 'addSearchField':
-        if (!isset($_POST['item'])) {
+        if (!isset($_POST['item']) || !is_numeric($_POST['item'])) {
             exit;
         }
-        if (!isset($_SESSION['plugin_printercounters_item_' . $_POST['item']])) {
+        $session_key = 'plugin_printercounters_item_' . $_POST['item'];
+        if (!isset($_SESSION[$session_key])) {
             exit;
         }
-        $search->addSearchField($_POST['search_count'], unserialize($_SESSION['plugin_printercounters_item_' . $_POST['item']]));
-
+        $item = unserialize($_SESSION[$session_key], ["allowed_classes" => $allowed_classes]);
+        if ($item === false) {
+            exit;
+        }
+        $search->addSearchField($_POST['search_count'], $item);
         break;
 
     case 'resetSearchField':
-        if (!isset($_POST['item'])) {
+        if (!isset($_POST['item']) || !is_numeric($_POST['item'])) {
             exit;
         }
-        if (!isset($_SESSION['plugin_printercounters_item_' . $_POST['item']])) {
+        $session_key = 'plugin_printercounters_item_' . $_POST['item'];
+        if (!isset($_SESSION[$session_key])) {
             exit;
         }
-        $item = unserialize($_SESSION['plugin_printercounters_item_' . $_POST['item']]);
-        if (!get_class($item) == PluginPrintercountersRecord::class) {
+        $item = unserialize($_SESSION[$session_key], ["allowed_classes" => $allowed_classes]);
+        if (get_class($item) !== PluginPrintercountersRecord::class) {
             return;
         }
         $search->showHistoryGenericSearch($item);
         break;
 
     case 'initSearch':
-        if (!isset($_POST['item'])) {
+        if (!isset($_POST['item']) || !is_numeric($_POST['item'])) {
+            exit;
+        }
+        $session_key = 'plugin_printercounters_item_' . $_POST['item'];
+        if (!isset($_SESSION[$session_key])) {
             exit;
         }
-        $item = unserialize($_SESSION['plugin_printercounters_item_' . $_POST['item']]);
+        $item = unserialize($_SESSION[$session_key], ["allowed_classes" => $allowed_classes]);
         if (!get_class($item) == PluginPrintercountersRecord::class) {
             return;
         }