Replace hopefully all user-facing serializations with json

elkarte · Jun 19, 2016 · 0d6abfd · 0d6abfd
1 parent e544bbb
commit 0d6abfd
Show file tree

Hide file tree

Showing 10 changed files with 27 additions and 27 deletions.
diff --git a/sources/Load.php b/sources/Load.php
@@ -1423,10 +1423,10 @@ function loadTheme($id_theme = 0, $initialize = true)
 		$context['user']['name'] = $txt['guest_title'];
 
 	// Set up some additional interface preference context
-	$context['admin_preferences'] = !empty($options['admin_preferences']) ? unserialize($options['admin_preferences']) : array();
+	$context['admin_preferences'] = !empty($options['admin_preferences']) ? json_decode($options['admin_preferences'], true) : array();
 
 	if (!$user_info['is_guest'])
-		$context['minmax_preferences'] = !empty($options['minmax_preferences']) ? unserialize($options['minmax_preferences']) : array();
+		$context['minmax_preferences'] = !empty($options['minmax_preferences']) ? json_decode($options['minmax_preferences'], true) : array();
 	// Guest may have collapsed the header, check the cookie to prevent collapse jumping
 	elseif ($user_info['is_guest'] && isset($_COOKIE['upshrink']))
 		$context['minmax_preferences'] = array('upshrink' => $_COOKIE['upshrink']);

diff --git a/sources/admin/ManageMembers.controller.php b/sources/admin/ManageMembers.controller.php
@@ -283,7 +283,7 @@ public function action_list()
 
 			$search_params = array();
 			if ($context['sub_action'] == 'query' && !empty($_REQUEST['params']) && empty($_POST['types']))
-				$search_params = @unserialize(base64_decode($_REQUEST['params']));
+				$search_params = @json_decode(base64_decode($_REQUEST['params']), true);
 			elseif (!empty($_POST))
 			{
 				$search_params['types'] = $_POST['types'];
@@ -292,7 +292,7 @@ public function action_list()
 						$search_params[$param_name] = $_POST[$param_name];
 			}
 
-			$search_url_params = isset($search_params) ? base64_encode(serialize($search_params)) : null;
+			$search_url_params = isset($search_params) ? base64_encode(json_encode($search_params)) : null;
 
 			// @todo Validate a little more.
 			// Loop through every field of the form.

diff --git a/sources/admin/ManageThemes.controller.php b/sources/admin/ManageThemes.controller.php
@@ -1331,26 +1331,26 @@ public function action_jsoption()
 		// If this is the admin preferences the passed value will just be an element of it.
 		if ($_GET['var'] == 'admin_preferences')
 		{
-			$options['admin_preferences'] = !empty($options['admin_preferences']) ? unserialize($options['admin_preferences']) : array();
+			$options['admin_preferences'] = !empty($options['admin_preferences']) ? json_decode($options['admin_preferences'], true) : array();
 
 			// New thingy...
 			if (isset($_GET['admin_key']) && strlen($_GET['admin_key']) < 5)
 				$options['admin_preferences'][$_GET['admin_key']] = $_GET['val'];
 
 			// Change the value to be something nice,
-			$_GET['val'] = serialize($options['admin_preferences']);
+			$_GET['val'] = json_encode($options['admin_preferences']);
 		}
 		// If this is the window min/max settings, the passed window name will just be an element of it.
 		elseif ($_GET['var'] == 'minmax_preferences')
 		{
-			$options['minmax_preferences'] = !empty($options['minmax_preferences']) ? unserialize($options['minmax_preferences']) : array();
+			$options['minmax_preferences'] = !empty($options['minmax_preferences']) ? json_decode($options['minmax_preferences'], true) : array();
 
 			// New value for them
 			if (isset($_GET['minmax_key']) && strlen($_GET['minmax_key']) < 10)
 				$options['minmax_preferences'][$_GET['minmax_key']] = $_GET['val'];
 
 			// Change the value to be something nice,
-			$_GET['val'] = serialize($options['minmax_preferences']);
+			$_GET['val'] = json_encode($options['minmax_preferences']);
 		}
 
 		// Update the option.

diff --git a/sources/admin/Modlog.controller.php b/sources/admin/Modlog.controller.php
@@ -95,7 +95,7 @@ public function action_log()
 		if (!empty($_REQUEST['params']) && empty($_REQUEST['is_search']))
 		{
 			$search_params = base64_decode(strtr($_REQUEST['params'], array(' ' => '+')));
-			$search_params = @unserialize($search_params);
+			$search_params = @json_decode($search_params, true);
 		}
 
 		// This array houses all the valid quick search types.
@@ -126,7 +126,7 @@ public function action_log()
 		);
 
 		// Setup the search context.
-		$context['search_params'] = empty($search_params['string']) ? '' : base64_encode(serialize($search_params));
+		$context['search_params'] = empty($search_params['string']) ? '' : base64_encode(json_encode($search_params));
 		$context['search'] = array(
 			'string' => $search_params['string'],
 			'type' => $search_params['type'],

diff --git a/sources/admin/Packages.controller.php b/sources/admin/Packages.controller.php
@@ -699,15 +699,15 @@ public function action_install()
 									'type' => $txt['package_delete'] . ' ' . ($action_data['type'] == 'require-dir' ? $txt['package_tree'] : $txt['package_file']),
 									'action' => strtr($real_path, array('\\' => '/', BOARDDIR => '.')),
 									'description' => '',
-									'value' => base64_encode(serialize(array('type' => $action_data['type'], 'orig' => $action_data['filename'], 'future' => $real_path, 'id' => $id))),
+									'value' => base64_encode(json_encode(array('type' => $action_data['type'], 'orig' => $action_data['filename'], 'future' => $real_path, 'id' => $id))),
 									'not_mod' => true,
 								);
 							else
 								$context['theme_actions'][$id]['actions'][] = array(
 									'type' => $txt['package_extract'] . ' ' . ($action_data['type'] == 'require-dir' ? $txt['package_tree'] : $txt['package_file']),
 									'action' => strtr($real_path, array('\\' => '/', BOARDDIR => '.')),
 									'description' => '',
-									'value' => base64_encode(serialize(array('type' => $action_data['type'], 'orig' => $action_data['destination'], 'future' => $real_path, 'id' => $id))),
+									'value' => base64_encode(json_encode(array('type' => $action_data['type'], 'orig' => $action_data['destination'], 'future' => $real_path, 'id' => $id))),
 									'not_mod' => true,
 								);
 						}
@@ -832,7 +832,7 @@ public function action_install2()
 			{
 				if (empty($change))
 					continue;
-				$theme_data = unserialize(base64_decode($change));
+				$theme_data = json_decode(base64_decode($change), true);
 				if (empty($theme_data['type']))
 					continue;
 
@@ -1778,7 +1778,7 @@ public function action_perms()
 		// Have we got a load of back-catalogue trees to expand from a submit etc?
 		if (!empty($_GET['back_look']))
 		{
-			$potententialTrees = unserialize(base64_decode($_GET['back_look']));
+			$potententialTrees = json_decode(base64_decode($_GET['back_look']), true);
 			foreach ($potententialTrees as $tree)
 				$context['look_for'][] = $tree;
 		}
@@ -1787,7 +1787,7 @@ public function action_perms()
 		if (!empty($_POST['back_look']))
 			$context['only_find'] = array_merge($context['only_find'], $_POST['back_look']);
 
-		$context['back_look_data'] = base64_encode(serialize(array_slice($context['look_for'], 0, 15)));
+		$context['back_look_data'] = base64_encode(json_encode(array_slice($context['look_for'], 0, 15)));
 
 		// Are we finding more files than first thought?
 		$context['file_offset'] = !empty($_REQUEST['fileoffset']) ? (int) $_REQUEST['fileoffset'] : 0;
@@ -1865,7 +1865,7 @@ public function action_perms_save()
 
 			// Continuing?
 			if (isset($_POST['toProcess']))
-				$_POST['permStatus'] = unserialize(base64_decode($_POST['toProcess']));
+				$_POST['permStatus'] = json_decode(base64_decode($_POST['toProcess']), true);
 
 			if (isset($_POST['permStatus']))
 			{
@@ -1906,7 +1906,7 @@ public function action_perms_save()
 
 				// Nothing to do?
 				if (empty($context['to_process']))
-					redirectexit('action=admin;area=packages;sa=perms' . (!empty($context['back_look_data']) ? ';back_look=' . base64_encode(serialize($context['back_look_data'])) : '') . ';' . $context['session_var'] . '=' . $context['session_id']);
+					redirectexit('action=admin;area=packages;sa=perms' . (!empty($context['back_look_data']) ? ';back_look=' . base64_encode(json_encode($context['back_look_data'])) : '') . ';' . $context['session_var'] . '=' . $context['session_id']);
 			}
 			// Should never get here,
 			else
@@ -1945,7 +1945,7 @@ public function action_perms_save()
 		{
 			$context['predefined_type'] = isset($_POST['predefined']) ? $_POST['predefined'] : 'restricted';
 			$context['total_items'] = isset($_POST['totalItems']) ? (int) $_POST['totalItems'] : 0;
-			$context['directory_list'] = isset($_POST['dirList']) ? unserialize(base64_decode($_POST['dirList'])) : array();
+			$context['directory_list'] = isset($_POST['dirList']) ? json_decode(base64_decode($_POST['dirList']), true) : array();
 			$context['file_offset'] = isset($_POST['fileOffset']) ? (int) $_POST['fileOffset'] : 0;
 
 			// Haven't counted the items yet?
@@ -1974,7 +1974,7 @@ public function action_perms_save()
 			elseif ($context['predefined_type'] === 'free')
 				$context['special_files'] = array();
 			else
-				$context['special_files'] = unserialize(base64_decode($_POST['specialFiles']));
+				$context['special_files'] = json_decode(base64_decode($_POST['specialFiles']), true);
 
 			// Now we definitely know where we are, we need to go through again doing the chmod!
 			foreach ($context['directory_list'] as $path => $dummy)
@@ -2028,7 +2028,7 @@ public function action_perms_save()
 		}
 
 		// If we're here we are done!
-		redirectexit('action=admin;area=packages;sa=perms' . (!empty($context['back_look_data']) ? ';back_look=' . base64_encode(serialize($context['back_look_data'])) : '') . ';' . $context['session_var'] . '=' . $context['session_id']);
+		redirectexit('action=admin;area=packages;sa=perms' . (!empty($context['back_look_data']) ? ';back_look=' . base64_encode(json_decode($context['back_look_data'], true)) : '') . ';' . $context['session_var'] . '=' . $context['session_id']);
 	}
 
 	/**

diff --git a/sources/controllers/ModerationCenter.controller.php b/sources/controllers/ModerationCenter.controller.php
@@ -77,7 +77,7 @@ public function prepareModcenter()
 		loadLanguage('ModerationCenter');
 		loadTemplate(false, 'admin');
 
-		$context['admin_preferences'] = !empty($options['admin_preferences']) ? unserialize($options['admin_preferences']) : array();
+		$context['admin_preferences'] = !empty($options['admin_preferences']) ? json_decode($options['admin_preferences'], true) : array();
 		$context['robot_no_index'] = true;
 
 		// Moderation counts for things that this moderator can take care of
@@ -1200,7 +1200,7 @@ public function action_viewWarningLog()
 		if (!empty($_REQUEST['params']) && empty($_REQUEST['is_search']))
 		{
 			$search_params = base64_decode(strtr($_REQUEST['params'], array(' ' => '+')));
-			$search_params = @unserialize($search_params);
+			$search_params = @json_decode($search_params);
 		}
 
 		// This array houses all the valid search types.
@@ -1230,7 +1230,7 @@ public function action_viewWarningLog()
 		);
 
 		// Setup the search context.
-		$context['search_params'] = empty($search_params['string']) ? '' : base64_encode(serialize($search_params));
+		$context['search_params'] = empty($search_params['string']) ? '' : base64_encode(json_encode($search_params));
 		$context['search'] = array(
 			'string' => $search_params['string'],
 			'type' => $search_params['type'],

diff --git a/sources/controllers/OpenID.controller.php b/sources/controllers/OpenID.controller.php
@@ -98,7 +98,7 @@ public function action_openidreturn()
 			fatal_lang_error('openid_load_data');
 
 		// Any save fields to restore?
-		$context['openid_save_fields'] = isset($_GET['sf']) ? unserialize(base64_decode($_GET['sf'])) : array();
+		$context['openid_save_fields'] = isset($_GET['sf']) ? json_decode(base64_decode($_GET['sf']), true) : array();
 		$context['openid_claimed_id'] = $_GET['openid_claimed_id'];
 
 		// Is there a user with this OpenID_uri?

diff --git a/sources/controllers/Suggest.controller.php b/sources/controllers/Suggest.controller.php
@@ -60,7 +60,7 @@ public function action_suggest()
 		loadTemplate('Xml');
 
 		// Any parameters?
-		$context['search_param'] = isset($_REQUEST['search_param']) ? unserialize(base64_decode($_REQUEST['search_param'])) : array();
+		$context['search_param'] = isset($_REQUEST['search_param']) ? json_decode(base64_decode($_REQUEST['search_param']), true) : array();
 
 		if (isset($_REQUEST['suggest_type'], $_REQUEST['search']) && isset($searchTypes[$_REQUEST['suggest_type']]))
 		{

diff --git a/sources/subs/Admin.subs.php b/sources/subs/Admin.subs.php
@@ -405,7 +405,7 @@ function updateAdminPreferences()
 		return false;
 
 	// This is what we'll be saving.
-	$options['admin_preferences'] = serialize($context['admin_preferences']);
+	$options['admin_preferences'] = json_encode($context['admin_preferences']);
 
 	require_once(SUBSDIR . '/Themes.subs.php');
 

diff --git a/sources/subs/OpenID.subs.php b/sources/subs/OpenID.subs.php
@@ -92,7 +92,7 @@ public function validate($openid_uri, $return = false, $save_fields = array(), $
 			'openid.identity=' . $openid_identity,
 			'openid.claimed_id=' . $openid_claimedid,
 			'openid.assoc_handle=' . urlencode($assoc['handle']),
-			'openid.return_to=' . urlencode($scripturl . '?action=openidreturn&sa=' . (!empty($return_action) ? $return_action : $_REQUEST['action']) . '&t=' . $request_time . (!empty($save_fields) ? '&sf=' . base64_encode(serialize($save_fields)) : '')),
+			'openid.return_to=' . urlencode($scripturl . '?action=openidreturn&sa=' . (!empty($return_action) ? $return_action : $_REQUEST['action']) . '&t=' . $request_time . (!empty($save_fields) ? '&sf=' . base64_encode(json_encode($save_fields)) : '')),
 			'openid.sreg.required=email',
 		);