Merge pull request #15 from soflyy/fix/do-not-allow-objects-to-be-unserialized

fix: don't instantiate serialized objects

Author: Programmer095

import-users-from-csv.php

@@ -3,7 +3,7 @@
 Plugin Name: Import Users from CSV
 Plugin URI: https://wordpress.org/plugins/import-users-from-csv/
 Description: Import Users data and metadata from a csv file.
-Version: 1.2
+Version: 1.3
 Author: WP All Import
 Author URI: https://www.wpallimport.com/
 License: GPL2
@@ -422,7 +422,9 @@ public static function import_csv( $filename, $args ) {
 					/* If no error, let's update the user meta too! */
 					if ( $usermeta ) {
 						foreach ( $usermeta as $metakey => $metavalue ) {
-							$metavalue = maybe_unserialize( $metavalue );
+                            if(is_serialized($metavalue)){
+                               $metavalue = unserialize(trim($metavalue), ['allowed_classes' => false]);
+                            }
 							update_user_meta( $user_id, $metakey, $metavalue );
 						}
 					}

readme.txt

@@ -4,7 +4,7 @@ Tags: import users from csv, import users, import csv, users, csv
 Requires at least: 3.1
 Requires PHP: 7.0
 Tested up to: 6.4.2
-Stable tag: 1.2
+Stable tag: 1.3
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -96,6 +96,9 @@ Thanks to Ulrich Sossou for initially creating this plugin. Be sure to [check ou
 
 == Changelog ==
 
+= 1.3 =
+* bug fix: don't instantiate serialized objects
+
 = 1.2 =
 * BUG FIX: Ensure user running import has the ability to add users
 * Update tested to