| [ Index ] |
PHP Cross Reference of JPSpan 0.4 (beta) |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * @package JPSpan 4 * @subpackage Unserialzier 5 * @version $Id: PHP.php,v 1.1 2004/11/14 16:49:13 harryf Exp $ 6 */ 7 8 //-------------------------------------------------------------------------------- 9 /** 10 * Unserialize call back function - checks that classes exist in the JPSpan map, 11 * and includes them where needed. Throws an E_USER_ERROR if not found and dies 12 * @param string classname (passed by PHP) 13 * @param boolean set to TRUE to get back the name of the last failed class 14 * @return mixed void unless getFailed param is true 15 * @access private 16 * @package JPSpan 17 * @subpackage Unserialzier 18 */ 19 function JPSpan_Unserializer_PHP_Callback ($className, $getFailed = FALSE) { 20 static $failedClass = NULL; 21 if ( !$getFailed ) { 22 $className = strtolower($className); 23 if (array_key_exists($className,$GLOBALS['_JPSPAN_UNSERIALIZER_MAP']) ) { 24 if ( !is_null($GLOBALS['_JPSPAN_UNSERIALIZER_MAP'][$className]) ) { 25 require_once $GLOBALS['_JPSPAN_UNSERIALIZER_MAP'][$className]; 26 } 27 } else { 28 $failedClass = strtolower($className); 29 } 30 } else { 31 return $failedClass; 32 } 33 } 34 35 //--------------------------------------------------------------------------- 36 /** 37 * Unserializes PHP serialized strings 38 * @package JPSpan 39 * @subpackage Unserialzier 40 * @access public 41 */ 42 class JPSpan_Unserializer_PHP { 43 44 /** 45 * Unserialize a string into PHP data types. Changes the unserialize callback 46 * function temporarily to JPSpan_Unserializer_PHP_Callback 47 * @param string data serialized with PHP's serialization protocol 48 * @return mixed PHP data 49 * @access public 50 */ 51 function unserialize($data) { 52 53 if ( is_string($data) ) { 54 if ( !$this->validateClasses($data) ) { 55 return FALSE; 56 } 57 } else { 58 // It's not a string - give it back 59 return $data; 60 } 61 62 $old_cb = ini_get('unserialize_callback_func'); 63 ini_set('unserialize_callback_func','JPSpan_Unserializer_PHP_Callback'); 64 65 $result = @unserialize($data); 66 67 ini_set('unserialize_callback_func',$old_cb); 68 69 // Check for a serialized FALSE value 70 if ( $result !== FALSE || $data == 'b:0;' ) { 71 return $result; 72 } 73 return $data; 74 } 75 76 /** 77 * Validates unserialized data, checking the class names of serialized objects, 78 * to prevent unexpected objects from being instantiated by PHP's unserialize() 79 * @param mixed data to validate 80 * @return boolean TRUE if valid 81 * @access private 82 */ 83 function validateClasses($data) { 84 foreach ( $this->getClasses($data) as $class ) { 85 86 if ( !array_key_exists(strtolower($class),$GLOBALS['_JPSPAN_UNSERIALIZER_MAP']) ) { 87 88 trigger_error('Illegal type: '.strtolower($class),E_USER_ERROR); 89 return FALSE; 90 91 } 92 93 } 94 95 return TRUE; 96 } 97 98 /** 99 * Parses the serialized string, extracting class names 100 * @param string serialized string to parse 101 * @return array list of classes found 102 * @access private 103 */ 104 function getClasses($string) { 105 106 // Stip any string representations (which might contain object syntax) 107 $string = preg_replace('/s:[0-9]+:".*"/Us','',$string); 108 109 // Pull out the class named 110 preg_match_all('/O:[0-9]+:"(.*)"/U',$string,$matches,PREG_PATTERN_ORDER); 111 112 // Make sure names are unique (same object serialized twice) 113 return array_unique($matches[1]); 114 } 115 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Fri Nov 26 11:42:46 2004 | Cross-referenced by PHPXref 0.6 |