Make WordPress Core

Changeset 56835


Ignore:
Timestamp:
10/12/2023 12:32:43 PM (12 months ago)
Author:
jorbin
Message:

Prevent unintended behavior when certain objects are unserialized.

Props ehtis, xknown.

Location:
trunk/src/wp-includes
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/Requests/src/Hooks.php

    r54997 r56835  
    9797        return true;
    9898    }
     99
     100    public function __wakeup() {
     101        throw new \LogicException( __CLASS__ . ' should never be unserialized' );
     102    }
    99103}
  • trunk/src/wp-includes/Requests/src/Iri.php

    r55629 r56835  
    718718    }
    719719
     720    public function __wakeup() {
     721        $class_props = get_class_vars( __CLASS__ );
     722        $string_props = array( 'scheme', 'iuserinfo', 'ihost', 'port', 'ipath', 'iquery', 'ifragment' );
     723        $array_props = array( 'normalization' );
     724        foreach ( $class_props as $prop => $default_value ) {
     725            if ( in_array( $prop, $string_props, true ) && ! is_string( $this->$prop ) ) {
     726                throw new UnexpectedValueException();
     727            } elseif ( in_array( $prop, $array_props, true ) && ! is_array( $this->$prop ) ) {
     728                throw new UnexpectedValueException();
     729            }
     730            $this->$prop = null;
     731        }
     732    }
     733
    720734    /**
    721735     * Set the entire IRI. Returns true on success, false on failure (if there
  • trunk/src/wp-includes/Requests/src/Session.php

    r54997 r56835  
    266266    }
    267267
     268    public function __wakeup() {
     269        throw new \LogicException( __CLASS__ . ' should never be unserialized' );
     270    }
     271
    268272    /**
    269273     * Merge a request's data with the default data
  • trunk/src/wp-includes/class-wp-block-patterns-registry.php

    r56818 r56835  
    231231    }
    232232
     233    public function __wakeup() {
     234        if ( ! $this->registered_patterns ) {
     235            return;
     236        }
     237        if ( ! is_array( $this->registered_patterns ) ) {
     238            throw new UnexpectedValueException();
     239        }
     240        foreach ( $this->registered_patterns as $value ) {
     241            if ( ! is_array( $value ) ) {
     242                throw new UnexpectedValueException();
     243            }
     244        }
     245        $this->registered_patterns_outside_init = array();
     246    }
     247
    233248    /**
    234249     * Utility method to retrieve the main instance of the class.
  • trunk/src/wp-includes/class-wp-block-type-registry.php

    r54133 r56835  
    169169    }
    170170
     171    public function __wakeup() {
     172        if ( ! $this->registered_block_types ) {
     173            return;
     174        }
     175        if ( ! is_array( $this->registered_block_types ) ) {
     176            throw new UnexpectedValueException();
     177        }
     178        foreach ( $this->registered_block_types as $value ) {
     179            if ( ! $value instanceof WP_Block_Type ) {
     180                throw new UnexpectedValueException();
     181            }
     182        }
     183    }
     184
    171185    /**
    172186     * Utility method to retrieve the main instance of the class.
  • trunk/src/wp-includes/class-wp-theme.php

    r56771 r56835  
    774774
    775775    /**
     776     * Perform reinitialization tasks.
     777     *
     778     * Prevents a callback from being injected during unserialization of an object.
     779     *
     780     * @return void
     781     */
     782    public function __wakeup() {
     783        if ( $this->parent && ! $this->parent instanceof self ) {
     784            throw new UnexpectedValueException();
     785        }
     786        if ( $this->headers && ! is_array( $this->headers ) ) {
     787            throw new UnexpectedValueException();
     788        }
     789        foreach ( $this->headers as $value ) {
     790            if ( ! is_string( $value ) ) {
     791                throw new UnexpectedValueException();
     792            }
     793        }
     794        $this->headers_sanitized = array();
     795    }
     796
     797    /**
    776798     * Adds theme data to cache.
    777799     *
     
    19191941        return strnatcasecmp( $a->name_translated, $b->name_translated );
    19201942    }
     1943
     1944    private static function _check_headers_property_has_correct_type( $headers ) {
     1945        if ( ! is_array( $headers ) ) {
     1946            return false;
     1947        }
     1948        foreach ( $headers as $key => $value ) {
     1949            if ( ! is_string( $key ) || ! is_string( $value ) ) {
     1950                return false;
     1951            }
     1952        }
     1953        return true;
     1954    }
    19211955}
Note: See TracChangeset for help on using the changeset viewer.