Merge pull request #2819 from apache/mango-bookmark-2.3.x
safer binary_to_term in mango_json_bookmark
diff --git a/src/mango/src/mango_json_bookmark.erl b/src/mango/src/mango_json_bookmark.erl
index 97f81cf..83fd00f 100644
--- a/src/mango/src/mango_json_bookmark.erl
+++ b/src/mango/src/mango_json_bookmark.erl
@@ -54,7 +54,7 @@
nil;
unpack(Packed) ->
try
- Bookmark = binary_to_term(couch_util:decodeBase64Url(Packed)),
+ Bookmark = binary_to_term(couch_util:decodeBase64Url(Packed), [safe]),
verify(Bookmark)
catch _:_ ->
?MANGO_ERROR({invalid_bookmark, Packed})