mirror of
https://github.com/EGroupware/egroupware.git
synced 2025-01-17 03:19:23 +01:00
make detection of serialized values more robust, to allow string like eg. "a:hello"
This commit is contained in:
parent
d1d743e4b9
commit
9adf2b402d
@ -313,17 +313,18 @@ class config
|
||||
{
|
||||
return $str;
|
||||
}
|
||||
// handling of old PHP serialized and addslashed prefs
|
||||
// handling of old PHP serialized config values
|
||||
$data = php_safe_unserialize($str);
|
||||
if($data === false)
|
||||
{
|
||||
// manually retrieve the string lengths of the serialized array if unserialize failed
|
||||
// manually retrieve the string lengths of the serialized array if unserialize failed (iso / utf-8 conversation)
|
||||
$data = php_safe_unserialize(preg_replace_callback('!s:(\d+):"(.*?)";!s', function($matches)
|
||||
{
|
||||
return 's:'.mb_strlen($matches[2],'8bit').':"'.$matches[2].'";';
|
||||
}, $str));
|
||||
}
|
||||
return $data;
|
||||
// returning original string, if unserialize failed, eg. for "a:hello"
|
||||
return $data === false ? $str : $data;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1549,7 +1549,7 @@ function php_safe_unserialize($str)
|
||||
preg_match('/(^|;|{)[OC]:\d+:"/', $str))
|
||||
{
|
||||
error_log(__METHOD__."('$str') contains objects --> return false");
|
||||
return false;
|
||||
return null; // null, not false, to not trigger behavior of returning string itself to app code
|
||||
}
|
||||
return unserialize($str);
|
||||
}
|
||||
@ -1601,18 +1601,16 @@ if (isset($_SERVER['SCRIPT_FILENAME']) && $_SERVER['SCRIPT_FILENAME'] == __FILE_
|
||||
*/
|
||||
function json_php_unserialize($str, $allow_not_serialized=false)
|
||||
{
|
||||
if ($str[0] == 'a' && $str[1] == ':' || $str === 'N;')
|
||||
if (($str[0] == 'a' && $str[1] == ':' || $str === 'N;') &&
|
||||
($arr = php_safe_unserialize($str)) !== false)
|
||||
{
|
||||
return php_safe_unserialize($str);
|
||||
return $arr;
|
||||
}
|
||||
elseif (!$allow_not_serialized || $str[0] == '[' || $str[0] == '{')
|
||||
if (!$allow_not_serialized || $str[0] == '[' || $str[0] == '{')
|
||||
{
|
||||
return json_decode($str, true);
|
||||
}
|
||||
else
|
||||
{
|
||||
return $str;
|
||||
}
|
||||
return $str;
|
||||
}
|
||||
|
||||
/**
|
||||
|
Loading…
Reference in New Issue
Block a user