Last active
August 19, 2019 14:01
-
-
Save balloz/ceaf5feb5ac66caaa82342441d32aa88 to your computer and use it in GitHub Desktop.
Fix broken unserialize in Magento SUPEE-8788 patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/lib/Unserialize/Parser.php b/lib/Unserialize/Parser.php | |
index 20a6a3c..88c6555 100644 | |
--- a/lib/Unserialize/Parser.php | |
+++ b/lib/Unserialize/Parser.php | |
@@ -34,6 +34,7 @@ class Unserialize_Parser | |
const TYPE_DOUBLE = 'd'; | |
const TYPE_ARRAY = 'a'; | |
const TYPE_BOOL = 'b'; | |
+ const TYPE_NULL = 'N'; | |
const SYMBOL_QUOTE = '"'; | |
const SYMBOL_SEMICOLON = ';'; | |
diff --git a/lib/Unserialize/Reader/Arr.php b/lib/Unserialize/Reader/Arr.php | |
index cf039f7..9526017 100644 | |
--- a/lib/Unserialize/Reader/Arr.php | |
+++ b/lib/Unserialize/Reader/Arr.php | |
@@ -101,7 +101,10 @@ class Unserialize_Reader_Arr | |
if ($this->_status == self::READING_VALUE) { | |
$value = $this->_reader->read($char, $prevChar); | |
if (!is_null($value)) { | |
- $this->_result[$this->_reader->key] = $value; | |
+ $this->_result[$this->_reader->key] = | |
+ ($value == Unserialize_Reader_Null::NULL_VALUE && $prevChar == Unserialize_Parser::TYPE_NULL) | |
+ ? null | |
+ : $value; | |
if (count($this->_result) < $this->_length) { | |
$this->_reader = new Unserialize_Reader_ArrKey(); | |
$this->_status = self::READING_KEY; | |
diff --git a/lib/Unserialize/Reader/ArrValue.php b/lib/Unserialize/Reader/ArrValue.php | |
index 620e52b..e392d81 100644 | |
--- a/lib/Unserialize/Reader/ArrValue.php | |
+++ b/lib/Unserialize/Reader/ArrValue.php | |
@@ -84,6 +84,10 @@ class Unserialize_Reader_ArrValue | |
$this->_reader = new Unserialize_Reader_Dbl(); | |
$this->_status = self::READING_VALUE; | |
break; | |
+ case Unserialize_Parser::TYPE_NULL: | |
+ $this->_reader = new Unserialize_Reader_Null(); | |
+ $this->_status = self::READING_VALUE; | |
+ break; | |
default: | |
throw new Exception('Unsupported data type ' . $char); | |
} | |
diff --git a/lib/Unserialize/Reader/Null.php b/lib/Unserialize/Reader/Null.php | |
new file mode 100644 | |
index 0000000..ead7f77 | |
--- /dev/null | |
+++ b/lib/Unserialize/Reader/Null.php | |
@@ -0,0 +1,64 @@ | |
+<?php | |
+/** | |
+ * Magento | |
+ * | |
+ * NOTICE OF LICENSE | |
+ * | |
+ * This source file is subject to the Open Software License (OSL 3.0) | |
+ * that is bundled with this package in the file LICENSE.txt. | |
+ * It is also available through the world-wide-web at this URL: | |
+ * http://opensource.org/licenses/osl-3.0.php | |
+ * If you did not receive a copy of the license and are unable to | |
+ * obtain it through the world-wide-web, please send an email | |
+ * to [email protected] so we can send you a copy immediately. | |
+ * | |
+ * DISCLAIMER | |
+ * | |
+ * Do not edit or add to this file if you wish to upgrade Magento to newer | |
+ * versions in the future. If you wish to customize Magento for your | |
+ * needs please refer to http://www.magento.com for more information. | |
+ * | |
+ * @category Unserialize | |
+ * @package Unserialize_Reader | |
+ * @copyright Copyright (c) 2006-2016 X.commerce, Inc. and affiliates (http://www.magento.com) | |
+ * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) | |
+ */ | |
+ | |
+/** | |
+ * Class Unserialize_Reader_Null | |
+ */ | |
+class Unserialize_Reader_Null | |
+{ | |
+ /** | |
+ * @var int | |
+ */ | |
+ protected $_status; | |
+ | |
+ /** | |
+ * @var string | |
+ */ | |
+ protected $_value; | |
+ | |
+ const NULL_VALUE = 'null'; | |
+ | |
+ const READING_VALUE = 1; | |
+ | |
+ /** | |
+ * @param string $char | |
+ * @param string $prevChar | |
+ * @return string|null | |
+ */ | |
+ public function read($char, $prevChar) | |
+ { | |
+ if ($prevChar == Unserialize_Parser::SYMBOL_SEMICOLON) { | |
+ $this->_value = self::NULL_VALUE; | |
+ $this->_status = self::READING_VALUE; | |
+ return null; | |
+ } | |
+ | |
+ if ($this->_status == self::READING_VALUE && $char == Unserialize_Parser::SYMBOL_SEMICOLON) { | |
+ return $this->_value; | |
+ } | |
+ return null; | |
+ } | |
+} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment