From f332f43fca31bd6be57d58a0ae1a24439f57a716 Mon Sep 17 00:00:00 2001
From: Robert Newson <rnewson@apache.org>
Date: Thu, 23 Apr 2020 20:45:07 +0100
Subject: safer binary_to_term in mango_json_bookmark

---
 src/mango/src/mango_json_bookmark.erl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/mango/src/mango_json_bookmark.erl b/src/mango/src/mango_json_bookmark.erl
index 97f81cfb8..83fd00f29 100644
--- a/src/mango/src/mango_json_bookmark.erl
+++ b/src/mango/src/mango_json_bookmark.erl
@@ -54,7 +54,7 @@ unpack(nil) ->
     nil;
 unpack(Packed) ->
     try
-        Bookmark = binary_to_term(couch_util:decodeBase64Url(Packed)),
+        Bookmark = binary_to_term(couch_util:decodeBase64Url(Packed), [safe]),
         verify(Bookmark)
     catch _:_ ->
         ?MANGO_ERROR({invalid_bookmark, Packed})
-- 
cgit v1.2.1