1 |
fbb66ca6
|
Assos Assos
|
<?php
|
2 |
|
|
|
3 |
|
|
namespace Brumann\Polyfill;
|
4 |
|
|
|
5 |
|
|
final class Unserialize
|
6 |
|
|
{
|
7 |
|
|
|
8 |
|
|
|
9 |
|
|
|
10 |
|
|
|
11 |
|
|
|
12 |
|
|
|
13 |
|
|
|
14 |
|
|
|
15 |
|
|
public static function unserialize($serialized, array $options = array())
|
16 |
|
|
{
|
17 |
|
|
if (PHP_VERSION_ID >= 70000) {
|
18 |
|
|
return \unserialize($serialized, $options);
|
19 |
|
|
}
|
20 |
|
|
if (!array_key_exists('allowed_classes', $options)) {
|
21 |
|
|
$options['allowed_classes'] = true;
|
22 |
|
|
}
|
23 |
|
|
$allowedClasses = $options['allowed_classes'];
|
24 |
|
|
if (true === $allowedClasses) {
|
25 |
|
|
return \unserialize($serialized);
|
26 |
|
|
}
|
27 |
|
|
if (false === $allowedClasses) {
|
28 |
|
|
$allowedClasses = array();
|
29 |
|
|
}
|
30 |
|
|
if (!is_array($allowedClasses)) {
|
31 |
|
|
trigger_error(
|
32 |
|
|
'unserialize(): allowed_classes option should be array or boolean',
|
33 |
|
|
E_USER_WARNING
|
34 |
|
|
);
|
35 |
|
|
$allowedClasses = array();
|
36 |
|
|
}
|
37 |
|
|
|
38 |
|
|
$sanitizedSerialized = preg_replace_callback(
|
39 |
|
|
'/(^|;)O:\d+:"([^"]*)":(\d+):{/',
|
40 |
|
|
function ($match) use ($allowedClasses) {
|
41 |
|
|
list($completeMatch, $leftBorder, $className, $objectSize) = $match;
|
42 |
|
|
if (in_array($className, $allowedClasses)) {
|
43 |
|
|
return $completeMatch;
|
44 |
|
|
} else {
|
45 |
|
|
return sprintf(
|
46 |
|
|
'%sO:22:"__PHP_Incomplete_Class":%d:{s:27:"__PHP_Incomplete_Class_Name";%s',
|
47 |
|
|
$leftBorder,
|
48 |
|
|
$objectSize + 1,
|
49 |
|
|
\serialize($className)
|
50 |
|
|
);
|
51 |
|
|
}
|
52 |
|
|
},
|
53 |
|
|
$serialized
|
54 |
|
|
);
|
55 |
|
|
|
56 |
|
|
return \unserialize($sanitizedSerialized);
|
57 |
|
|
}
|
58 |
|
|
} |