A wrapper in Util for unserialize

elkarte · Jul 11, 2016 · 7ba402a · 7ba402a
1 parent b101e58
commit 7ba402a
Showing 1 changed file with 39 additions and 0 deletions.
diff --git a/sources/subs/Util.class.php b/sources/subs/Util.class.php
@@ -550,4 +550,43 @@ public static function unescapestring_recursive($var)
 
 		return $new_var;
 	}
+
+	/**
+	 * Wrappers for unserialize
+	 * What it does:
+	 * - if using PHP < 7 it will use ext/safe_unserialize
+	 * - if using PHP > 7 will use the built in unserialize
+	 *
+	 * @param string $string The string to unserialize
+	 * @param string[] $options Optional, mimic the PHP 7+ option,
+	 *                          see PHP documentation for the details
+	 *                          additionally, it doesn't allow to use the option:
+	 *                            allowed_classes => true
+	 *                          that is reverted to false.
+	 * @return array|string
+	 */
+	public static function unserialize($string, $options = array())
+	{
+		static $function = null;
+
+		if ($function === null)
+		{
+			if (version_compare(PHP_VERSION, '7', '>='))
+			{
+				$function = 'unserialize';
+			}
+			else
+			{
+				require_once(EXTDIR . '/serialize.php');
+				$function = 'ElkArte\\ext\\upgradephp\\safe_unserialize';
+			}
+		}
+
+		if (!isset($options['allowed_classes']) || $options['allowed_classes'] === true)
+		{
+			$options['allowed_classes'] = false;
+		}
+
+		return @$function($string, $options);
+	}
 }