Mercurial > hg > cmmr2012-drupal-site

annotate vendor/brumann/polyfill-unserialize/src/Unserialize.php @ 5:12f9dff5fda9 tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to Drupal core 8.7.1
author Chris Cannam
date Thu, 09 May 2019 15:34:47 +0100
parents
children
rev   line source
Chris@5 1 <?php
Chris@5 2
Chris@5 3 namespace Brumann\Polyfill;
Chris@5 4
Chris@5 5 final class Unserialize
Chris@5 6 {
Chris@5 7 /**
Chris@5 8 * @see https://secure.php.net/manual/en/function.unserialize.php
Chris@5 9 *
Chris@5 10 * @param string $serialized Serialized data
Chris@5 11 * @param array $options Associative array containing options
Chris@5 12 *
Chris@5 13 * @return mixed
Chris@5 14 */
Chris@5 15 public static function unserialize($serialized, array $options = array())
Chris@5 16 {
Chris@5 17 if (PHP_VERSION_ID >= 70000) {
Chris@5 18 return \unserialize($serialized, $options);
Chris@5 19 }
Chris@5 20 if (!array_key_exists('allowed_classes', $options)) {
Chris@5 21 $options['allowed_classes'] = true;
Chris@5 22 }
Chris@5 23 $allowedClasses = $options['allowed_classes'];
Chris@5 24 if (true === $allowedClasses) {
Chris@5 25 return \unserialize($serialized);
Chris@5 26 }
Chris@5 27 if (false === $allowedClasses) {
Chris@5 28 $allowedClasses = array();
Chris@5 29 }
Chris@5 30 if (!is_array($allowedClasses)) {
Chris@5 31 trigger_error(
Chris@5 32 'unserialize(): allowed_classes option should be array or boolean',
Chris@5 33 E_USER_WARNING
Chris@5 34 );
Chris@5 35 $allowedClasses = array();
Chris@5 36 }
Chris@5 37
Chris@5 38 $sanitizedSerialized = preg_replace_callback(
Chris@5 39 '/(^|;)O:\d+:"([^"]*)":(\d+):{/',
Chris@5 40 function ($match) use ($allowedClasses) {
Chris@5 41 list($completeMatch, $leftBorder, $className, $objectSize) = $match;
Chris@5 42 if (in_array($className, $allowedClasses)) {
Chris@5 43 return $completeMatch;
Chris@5 44 } else {
Chris@5 45 return sprintf(
Chris@5 46 '%sO:22:"__PHP_Incomplete_Class":%d:{s:27:"__PHP_Incomplete_Class_Name";%s',
Chris@5 47 $leftBorder,
Chris@5 48 $objectSize + 1, // size of object + 1 for added string
Chris@5 49 \serialize($className)
Chris@5 50 );
Chris@5 51 }
Chris@5 52 },
Chris@5 53 $serialized
Chris@5 54 );
Chris@5 55
Chris@5 56 return \unserialize($sanitizedSerialized);
Chris@5 57 }
Chris@5 58 }