Home Explore Help
Sign In
bachir
/
Clameurs
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: d58e084fe3
Branches Tags
Clameurs
/
misc
/
brumann
/
polyfill-unserialize
/
src
/
Unserialize.php

Unserialize.php 1.9 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758 
  1. <?php
    2. 

  2. 

  3. namespace Brumann\Polyfill;
    4. 

  4. 

  5. final class Unserialize
    6. 

  6. {
    7. 

  7.     /**
    8. 

  8.      * @see https://secure.php.net/manual/en/function.unserialize.php
    9. 

  9.      *
    10. 

  10.      * @param string $serialized Serialized data
    11. 

  11.      * @param array $options Associative array containing options
    12. 

  12.      *
    13. 

  13.      * @return mixed
    14. 

  14.      */
    15. 

  15.     public static function unserialize($serialized, array $options = array())
    16. 

  16.     {
    17. 

  17.         if (PHP_VERSION_ID >= 70000) {
    18. 

  18.             return \unserialize($serialized, $options);
    19. 

  19.         }
    20. 

  20.         if (!array_key_exists('allowed_classes', $options)) {
    21. 

  21.             $options['allowed_classes'] = true;
    22. 

  22.         }
    23. 

  23.         $allowedClasses = $options['allowed_classes'];
    24. 

  24.         if (true === $allowedClasses) {
    25. 

  25.             return \unserialize($serialized);
    26. 

  26.         }
    27. 

  27.         if (false === $allowedClasses) {
    28. 

  28.             $allowedClasses = array();
    29. 

  29.         }
    30. 

  30.         if (!is_array($allowedClasses)) {
    31. 

  31.             trigger_error(
    32. 

  32.                 'unserialize(): allowed_classes option should be array or boolean',
    33. 

  33.                 E_USER_WARNING
    34. 

  34.             );
    35. 

  35.             $allowedClasses = array();
    36. 

  36.         }
    37. 

  37. 

  38.         $sanitizedSerialized = preg_replace_callback(
    39. 

  39.             '/(^|;)O:\d+:"([^"]*)":(\d+):{/',
    40. 

  40.             function ($match) use ($allowedClasses) {
    41. 

  41.                 list($completeMatch, $leftBorder, $className, $objectSize) = $match;
    42. 

  42.                 if (in_array($className, $allowedClasses)) {
    43. 

  43.                     return $completeMatch;
    44. 

  44.                 } else {
    45. 

  45.                     return sprintf(
    46. 

  46.                         '%sO:22:"__PHP_Incomplete_Class":%d:{s:27:"__PHP_Incomplete_Class_Name";%s',
    47. 

  47.                         $leftBorder,
    48. 

  48.                         $objectSize + 1, // size of object + 1 for added string
    49. 

  49.                         \serialize($className)
    50. 

  50.                     );
    51. 

  51.                 }
    52. 

  52.             },
    53. 

  53.             $serialized
    54. 

  54.         );
    55. 

  55. 

  56.         return \unserialize($sanitizedSerialized);
    57. 

  57.     }
    58. 

  58. }
    59.