Skip to content

Commit add6bed

Browse files
committed
External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
Props xknown, peterwilsoncc, desrosj, dd32, whyisjake. Merges [49373] to trunk. git-svn-id: https://develop.svn.wordpress.org/trunk@49382 602fd350-edb4-49c9-b593-d223f7449a82
1 parent c9e6b98 commit add6bed

File tree

2 files changed

+45
-0
lines changed

2 files changed

+45
-0
lines changed

Diff for: src/wp-includes/Requests/Utility/FilteredIterator.php

+16
Original file line numberDiff line numberDiff line change
@@ -42,4 +42,20 @@ public function current() {
4242
$value = call_user_func($this->callback, $value);
4343
return $value;
4444
}
45+
46+
/**
47+
* @inheritdoc
48+
*/
49+
public function unserialize( $serialized ) {
50+
}
51+
52+
/**
53+
* @inheritdoc
54+
*/
55+
public function __unserialize( $serialized ) { // phpcs:ignore PHPCompatibility.FunctionNameRestrictions.ReservedFunctionNames.MethodDoubleUnderscore,PHPCompatibility.FunctionNameRestrictions.NewMagicMethods.__unserializeFound
56+
}
57+
58+
public function __wakeup() { // phpcs:ignore PHPCompatibility.FunctionNameRestrictions.ReservedFunctionNames.MethodDoubleUnderscore,PHPCompatibility.FunctionNameRestrictions.NewMagicMethods.__wakeupFound
59+
unset( $this->callback );
60+
}
4561
}

Diff for: tests/phpunit/tests/functions.php

+29
Original file line numberDiff line numberDiff line change
@@ -269,6 +269,35 @@ function test_is_serialized( $value, $expected ) {
269269
$this->assertSame( $expected, is_serialized( $value ) );
270270
}
271271

272+
/**
273+
* @dataProvider data_serialize_deserialize_objects
274+
*/
275+
function test_deserialize_request_utility_filtered_iterator_objects( $value ) {
276+
$serialized = maybe_serialize( $value );
277+
if ( get_class( $value ) === 'Requests_Utility_FilteredIterator' ) {
278+
$new_value = unserialize( $serialized );
279+
if ( version_compare( PHP_VERSION, '5.3', '>=' ) ) {
280+
$property = ( new ReflectionClass( 'Requests_Utility_FilteredIterator' ) )->getProperty( 'callback' );
281+
$property->setAccessible( true );
282+
$callback_value = $property->getValue( $new_value );
283+
$this->assertSame( null, $callback_value );
284+
} else {
285+
$current_item = @$new_value->current(); // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged
286+
$this->assertSame( null, $current_item );
287+
}
288+
} else {
289+
$this->assertEquals( $value->count(), unserialize( $serialized )->count() );
290+
}
291+
}
292+
293+
function data_serialize_deserialize_objects() {
294+
return array(
295+
array( new Requests_Utility_FilteredIterator( array( 1 ), 'md5' ) ),
296+
array( new Requests_Utility_FilteredIterator( array( 1, 2 ), 'sha1' ) ),
297+
array( new ArrayIterator( array( 1, 2, 3 ) ) ),
298+
);
299+
}
300+
272301
function data_is_serialized() {
273302
return array(
274303
array( serialize( null ), true ),

0 commit comments

Comments
 (0)