upgradephp: add contributed safe_serialize()/safe_unserialize() functions
|Reported by:||vipsoft||Owned by:|
Written in PHP, these compatibility functions differ from the built-ins in one respect: they don't serialize/unserialize objects.
We currently sign and apply a blacklist on cookies, so this doesn't add any security value there.
But PhpSecInfo has a test that unserializes content from php.net.