From 662d810d2dc87c73919b87936766133c9bb260fa Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Tue, 31 Jan 2017 11:16:51 +0100 Subject: [PATCH] fix json_php_unserialize to return false for not serialized content, as unserialize does and in contray to json_decode which returns null in that case --> fixes SiteMgr no longer shows html blocks containing unserialized content --- api/src/loader/security.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/api/src/loader/security.php b/api/src/loader/security.php index 29a27cae20..7614b93b77 100755 --- a/api/src/loader/security.php +++ b/api/src/loader/security.php @@ -315,7 +315,7 @@ if (isset($_SERVER['SCRIPT_FILENAME']) && $_SERVER['SCRIPT_FILENAME'] == __FILE_ * * @param string $str string with serialized array * @param boolean $allow_not_serialized =false true: return $str as is, if it is no serialized array - * @return array|str|false + * @return array|str|false false if content can not be unserialized (not null like json_decode!) */ function json_php_unserialize($str, $allow_not_serialized=false) { @@ -324,9 +324,14 @@ function json_php_unserialize($str, $allow_not_serialized=false) { return $arr; } - if (!$allow_not_serialized || $str[0] == '[' || $str[0] == '{' || $str[0] == '"' || $str === 'null' || ($val = json_decode($str)) !== null) + if (!$allow_not_serialized || $str[0] == '[' || $str[0] == '{' || $str[0] == '"' || $str === 'null' || ($val = json_decode($str, true)) !== null) { - return isset($val) ? $val : json_decode($str, true); + // json_decode return null, if it cant decode the content + if (isset($val) || ($val = json_decode($str, true)) !== null || $str === 'null') + { + return $val; + } + return false; } return $str; }