From 778bb9d8b339a2b47f5b25dd7cc87eec44726007 Mon Sep 17 00:00:00 2001
From: David <comxd@users.noreply.github.com>
Date: Sat, 7 Apr 2018 03:40:43 +0200
Subject: [PATCH] Add "allowed_classes" argument for unserialize()

---
 security/entity_provider.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/entity_provider.rst b/security/entity_provider.rst
index 77eee1640a2..0e82dd1bd24 100644
--- a/security/entity_provider.rst
+++ b/security/entity_provider.rst
@@ -130,7 +130,7 @@ with the following fields: ``id``, ``username``, ``password``,
                 $this->password,
                 // see section on salt below
                 // $this->salt
-            ) = unserialize($serialized);
+            ) = unserialize($serialized, ['allowed_classes' => false]);
         }
     }