Make WordPress Core

Changeset 56842


Ignore:
Timestamp:
10/12/2023 01:20:35 PM (12 months ago)
Author:
audrasjb
Message:

Prevent unintended behavior when certain objects are unserialized.

Props ehtis, xknown.
Merges [56835] to the 6.3 branch.

Location:
branches/6.3
Files:
7 edited

Legend:

Unmodified
Added
Removed
  • branches/6.3

  • branches/6.3/src/wp-includes/Requests/src/Hooks.php

    r54997 r56842  
    9797        return true;
    9898    }
     99
     100    public function __wakeup() {
     101        throw new \LogicException( __CLASS__ . ' should never be unserialized' );
     102    }
    99103}
  • branches/6.3/src/wp-includes/Requests/src/Iri.php

    r55629 r56842  
    718718    }
    719719
     720    public function __wakeup() {
     721        $class_props = get_class_vars( __CLASS__ );
     722        $string_props = array( 'scheme', 'iuserinfo', 'ihost', 'port', 'ipath', 'iquery', 'ifragment' );
     723        $array_props = array( 'normalization' );
     724        foreach ( $class_props as $prop => $default_value ) {
     725            if ( in_array( $prop, $string_props, true ) && ! is_string( $this->$prop ) ) {
     726                throw new UnexpectedValueException();
     727            } elseif ( in_array( $prop, $array_props, true ) && ! is_array( $this->$prop ) ) {
     728                throw new UnexpectedValueException();
     729            }
     730            $this->$prop = null;
     731        }
     732    }
     733
    720734    /**
    721735     * Set the entire IRI. Returns true on success, false on failure (if there
  • branches/6.3/src/wp-includes/Requests/src/Session.php

    r54997 r56842  
    266266    }
    267267
     268    public function __wakeup() {
     269        throw new \LogicException( __CLASS__ . ' should never be unserialized' );
     270    }
     271
    268272    /**
    269273     * Merge a request's data with the default data
  • branches/6.3/src/wp-includes/class-wp-block-patterns-registry.php

    r55693 r56842  
    198198    }
    199199
     200    public function __wakeup() {
     201        if ( ! $this->registered_patterns ) {
     202            return;
     203        }
     204        if ( ! is_array( $this->registered_patterns ) ) {
     205            throw new UnexpectedValueException();
     206        }
     207        foreach ( $this->registered_patterns as $value ) {
     208            if ( ! is_array( $value ) ) {
     209                throw new UnexpectedValueException();
     210            }
     211        }
     212        $this->registered_patterns_outside_init = array();
     213    }
     214
    200215    /**
    201216     * Utility method to retrieve the main instance of the class.
  • branches/6.3/src/wp-includes/class-wp-block-type-registry.php

    r54133 r56842  
    169169    }
    170170
     171    public function __wakeup() {
     172        if ( ! $this->registered_block_types ) {
     173            return;
     174        }
     175        if ( ! is_array( $this->registered_block_types ) ) {
     176            throw new UnexpectedValueException();
     177        }
     178        foreach ( $this->registered_block_types as $value ) {
     179            if ( ! $value instanceof WP_Block_Type ) {
     180                throw new UnexpectedValueException();
     181            }
     182        }
     183    }
     184
    171185    /**
    172186     * Utility method to retrieve the main instance of the class.
  • branches/6.3/src/wp-includes/class-wp-theme.php

    r56180 r56842  
    743743
    744744    /**
     745     * Perform reinitialization tasks.
     746     *
     747     * Prevents a callback from being injected during unserialization of an object.
     748     *
     749     * @return void
     750     */
     751    public function __wakeup() {
     752        if ( $this->parent && ! $this->parent instanceof self ) {
     753            throw new UnexpectedValueException();
     754        }
     755        if ( $this->headers && ! is_array( $this->headers ) ) {
     756            throw new UnexpectedValueException();
     757        }
     758        foreach ( $this->headers as $value ) {
     759            if ( ! is_string( $value ) ) {
     760                throw new UnexpectedValueException();
     761            }
     762        }
     763        $this->headers_sanitized = array();
     764    }
     765
     766    /**
    745767     * Adds theme data to cache.
    746768     *
     
    18131835        return strnatcasecmp( $a->name_translated, $b->name_translated );
    18141836    }
     1837
     1838    private static function _check_headers_property_has_correct_type( $headers ) {
     1839        if ( ! is_array( $headers ) ) {
     1840            return false;
     1841        }
     1842        foreach ( $headers as $key => $value ) {
     1843            if ( ! is_string( $key ) || ! is_string( $value ) ) {
     1844                return false;
     1845            }
     1846        }
     1847        return true;
     1848    }
    18151849}
Note: See TracChangeset for help on using the changeset viewer.