mirror of
https://github.com/EGroupware/egroupware.git
synced 2025-01-14 09:58:16 +01:00
make detection of serialized values more robust, to allow string like eg. "a:hello"
This commit is contained in:
parent
f011a6c3d1
commit
f11f9937ac
@ -313,17 +313,18 @@ class config
|
|||||||
{
|
{
|
||||||
return $str;
|
return $str;
|
||||||
}
|
}
|
||||||
// handling of old PHP serialized and addslashed prefs
|
// handling of old PHP serialized config values
|
||||||
$data = php_safe_unserialize($str);
|
$data = php_safe_unserialize($str);
|
||||||
if($data === false)
|
if($data === false)
|
||||||
{
|
{
|
||||||
// manually retrieve the string lengths of the serialized array if unserialize failed
|
// manually retrieve the string lengths of the serialized array if unserialize failed (iso / utf-8 conversation)
|
||||||
$data = php_safe_unserialize(preg_replace_callback('!s:(\d+):"(.*?)";!s', function($matches)
|
$data = php_safe_unserialize(preg_replace_callback('!s:(\d+):"(.*?)";!s', function($matches)
|
||||||
{
|
{
|
||||||
return 's:'.mb_strlen($matches[2],'8bit').':"'.$matches[2].'";';
|
return 's:'.mb_strlen($matches[2],'8bit').':"'.$matches[2].'";';
|
||||||
}, $str));
|
}, $str));
|
||||||
}
|
}
|
||||||
return $data;
|
// returning original string, if unserialize failed, eg. for "a:hello"
|
||||||
|
return $data === false ? $str : $data;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1549,7 +1549,7 @@ function php_safe_unserialize($str)
|
|||||||
preg_match('/(^|;|{)[OC]:\d+:"/', $str))
|
preg_match('/(^|;|{)[OC]:\d+:"/', $str))
|
||||||
{
|
{
|
||||||
error_log(__METHOD__."('$str') contains objects --> return false");
|
error_log(__METHOD__."('$str') contains objects --> return false");
|
||||||
return false;
|
return null; // null, not false, to not trigger behavior of returning string itself to app code
|
||||||
}
|
}
|
||||||
return unserialize($str);
|
return unserialize($str);
|
||||||
}
|
}
|
||||||
@ -1601,18 +1601,16 @@ if (isset($_SERVER['SCRIPT_FILENAME']) && $_SERVER['SCRIPT_FILENAME'] == __FILE_
|
|||||||
*/
|
*/
|
||||||
function json_php_unserialize($str, $allow_not_serialized=false)
|
function json_php_unserialize($str, $allow_not_serialized=false)
|
||||||
{
|
{
|
||||||
if ($str[0] == 'a' && $str[1] == ':' || $str === 'N;')
|
if (($str[0] == 'a' && $str[1] == ':' || $str === 'N;') &&
|
||||||
|
($arr = php_safe_unserialize($str)) !== false)
|
||||||
{
|
{
|
||||||
return php_safe_unserialize($str);
|
return $arr;
|
||||||
}
|
}
|
||||||
elseif (!$allow_not_serialized || $str[0] == '[' || $str[0] == '{')
|
if (!$allow_not_serialized || $str[0] == '[' || $str[0] == '{')
|
||||||
{
|
{
|
||||||
return json_decode($str, true);
|
return json_decode($str, true);
|
||||||
}
|
}
|
||||||
else
|
return $str;
|
||||||
{
|
|
||||||
return $str;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
Loading…
Reference in New Issue
Block a user