paulgoughbooks_old
This repository has no backups This repository's network speed is throttled to 100KB/sec
Upgrade your account to fix these warnings, or use backups.vc for automated backups
@ 2
paulgoughbooks_old / trunk / system / ThirdParty / Kint / Parser / SerializePlugin.php
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 |
<?php
/*
* The MIT License (MIT)
*
* Copyright (c) 2013 Jonathan Vollebregt (jnvsor@gmail.com), Rokas Šleinius (raveren@gmail.com)
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
* the Software, and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
namespace Kint\Parser;
use Kint\Object\BasicObject;
use Kint\Object\Representation\Representation;
class SerializePlugin extends Plugin
{
/**
* Disables automatic unserialization on arrays and objects.
*
* As the PHP manual notes:
*
* > Unserialization can result in code being loaded and executed due to
* > object instantiation and autoloading, and a malicious user may be able
* > to exploit this.
*
* The natural way to stop that from happening is to just refuse to unserialize
* stuff by default. Which is what we're doing for anything that's not scalar.
*
* @var bool
*/
public static $safe_mode = true;
public static $options = array(true);
public function getTypes()
{
return array('string');
}
public function getTriggers()
{
return Parser::TRIGGER_SUCCESS;
}
public function parse(&$var, BasicObject &$o, $trigger)
{
$trimmed = \rtrim($var);
if ('N;' !== $trimmed && !\preg_match('/^(?:[COabis]:\\d+[:;]|d:\\d+(?:\\.\\d+);)/', $trimmed)) {
return;
}
if (!self::$safe_mode || !\in_array($trimmed[0], array('C', 'O', 'a'), true)) {
// Second parameter only supported on PHP 7
if (KINT_PHP70) {
// Suppress warnings on unserializeable variable
$data = @\unserialize($trimmed, self::$options);
} else {
$data = @\unserialize($trimmed);
}
if (false === $data && 'b:0;' !== \substr($trimmed, 0, 4)) {
return;
}
}
$base_obj = new BasicObject();
$base_obj->depth = $o->depth + 1;
$base_obj->name = 'unserialize('.$o->name.')';
if ($o->access_path) {
$base_obj->access_path = 'unserialize('.$o->access_path;
if (!KINT_PHP70 || self::$options === array(true)) {
$base_obj->access_path .= ')';
} elseif (self::$options === array(false)) {
$base_obj->access_path .= ', false)';
} else {
$base_obj->access_path .= ', Serialize::$options)';
}
}
$r = new Representation('Serialized');
if (isset($data)) {
$r->contents = $this->parser->parse($data, $base_obj);
} else {
$base_obj->hints[] = 'blacklist';
$r->contents = $base_obj;
}
$o->addRepresentation($r, 0);
}
}
|
Commits for paulgoughbooks_old/trunk/system/ThirdParty/Kint/Parser/SerializePlugin.php
| Revision | Author | Commited | Message |
|---|---|---|---|
| 2 |
 tporter
|
Tue 03 Nov, 2020 08:50:21 +0000 | Migration of Paul Goughs Books site to Codeignitor 4 |
View complete history
Commits RSS feed for