Changeset 56842 for branches/6.3/src/wp-includes/class-wp-theme.php

Timestamp:

10/12/2023 01:20:35 PM (2 years ago)

Author:

audrasjb

Message:

Prevent unintended behavior when certain objects are unserialized.

Props ehtis, xknown.
Merges [56835] to the 6.3 branch.

Location:

branches/6.3

Files:

• . (modified) (1 prop)
• src/wp-includes/class-wp-theme.php (modified) (2 diffs)

branches/6.3/src/wp-includes/class-wp-theme.php

@@ -743 +743 @@
 
     /**
+     * Perform reinitialization tasks.
+     *
+     * Prevents a callback from being injected during unserialization of an object.
+     *
+     * @return void
+     */
+    public function __wakeup() {
+        if ( $this->parent && ! $this->parent instanceof self ) {
+            throw new UnexpectedValueException();
+        }
+        if ( $this->headers && ! is_array( $this->headers ) ) {
+            throw new UnexpectedValueException();
+        }
+        foreach ( $this->headers as $value ) {
+            if ( ! is_string( $value ) ) {
+                throw new UnexpectedValueException();
+            }
+        }
+        $this->headers_sanitized = array();
+    }
+
+    /**
      * Adds theme data to cache.
      *
@@ -1813 +1835 @@
         return strnatcasecmp( $a->name_translated, $b->name_translated );
     }
+
+    private static function _check_headers_property_has_correct_type( $headers ) {
+        if ( ! is_array( $headers ) ) {
+            return false;
+        }
+        foreach ( $headers as $key => $value ) {
+            if ( ! is_string( $key ) || ! is_string( $value ) ) {
+                return false;
+            }
+        }
+        return true;
+    }
 }