Unserialize leading to arbitrary PHP function invoke

In this report, the researcher was able to demonstrate a method to run arbitrary PHP functions on www.rockstargames.com. Although we had previously disabled most harmful PHP functions, it was still possible to cause serious damage if this were to be exploited by a malicious party. To solve this issue, we secured the user input method that the researcher pointed out to us, and we disabled all PHP functions save for those that are absolutely crucial to maintaining and administering our site.