projects / civicrm-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 99741c0)
Block classes in unserialize field for IDE cheer
authoreileen <emcnaughton@wikimedia.org>
Mon, 1 Jul 2019 00:21:49 +0000 (12:21 +1200)
committereileen <emcnaughton@wikimedia.org>
Mon, 1 Jul 2019 00:25:04 +0000 (12:25 +1200)
CRM/Core/BAO/PrevNextCache.php patch | blob | blame | history
CRM/Core/DAO.php patch | blob | blame | history
api/v3/Dedupe.php patch | blob | blame | history

diff --git a/CRM/Core/BAO/PrevNextCache.php b/CRM/Core/BAO/PrevNextCache.php
index 3cc23eb3017e1b051a54a052f2097437b0c686d5..116f87c19e972eaad5a8038d1063b5959c56700f 100644 (file)
--- a/CRM/Core/BAO/PrevNextCache.php
+++ b/CRM/Core/BAO/PrevNextCache.php
@@ -172,6 +172,7 @@ WHERE  cachekey     = %3 AND
    * @param array $conflicts
    *
    * @return bool
+   * @throws CRM_Core_Exception
    */
   public static function markConflict($id1, $id2, $cacheKey, $conflicts) {
     if (empty($cacheKey) || empty($conflicts)) {
@@ -194,7 +195,7 @@ WHERE  cachekey     = %3 AND
     while ($pncFind->fetch()) {
       $data = $pncFind->data;
       if (!empty($data)) {
-        $data = unserialize($data);
+        $data = CRM_Core_DAO::unSerializeField($data, CRM_Core_DAO::SERIALIZE_PHP);
         $data['conflicts'] = implode(",", array_values($conflicts));
 
         $pncUp = new CRM_Core_DAO_PrevNextCache();
diff --git a/CRM/Core/DAO.php b/CRM/Core/DAO.php
index a54d1a1ca49f23c769c57a2377604fafc7ae891c..82c4ebc9f264d217d02b4c10b4876a917611ec0a 100644 (file)
--- a/CRM/Core/DAO.php
+++ b/CRM/Core/DAO.php
@@ -2877,8 +2877,9 @@ SELECT contact_id
    *
    * @param string|null $value
    * @param $serializationType
+   *
    * @return array|null
-   * @throws \Exception
+   * @throws CRM_Core_Exception
    */
   public static function unSerializeField($value, $serializationType) {
     if ($value === NULL) {
@@ -2898,13 +2899,13 @@ SELECT contact_id
         return strlen($value) ? json_decode($value, TRUE) : [];
 
       case self::SERIALIZE_PHP:
-        return strlen($value) ? unserialize($value) : [];
+        return strlen($value) ? unserialize($value, ['allowed_classes' => FALSE]) : [];
 
       case self::SERIALIZE_COMMA:
         return explode(',', trim(str_replace(', ', '', $value)));
 
       default:
-        throw new Exception('Unknown serialization method for field.');
+        throw new CRM_Core_Exception('Unknown serialization method for field.');
     }
   }
 
diff --git a/api/v3/Dedupe.php b/api/v3/Dedupe.php
index 0a27dcffeb0ae8447094b2a37059a32aada12f7c..00992069184055a2c76082a58ee96c3aa41189c9 100644 (file)
--- a/api/v3/Dedupe.php
+++ b/api/v3/Dedupe.php
@@ -51,7 +51,7 @@ function civicrm_api3_dedupe_get($params) {
   }
   foreach ($result as $index => $values) {
     if (isset($values['data']) && !empty($values['data'])) {
-      $result[$index]['data'] = unserialize($values['data']);
+      $result[$index]['data'] = CRM_Core_DAO::unSerializeField($values['data'], CRM_Core_DAO::SERIALIZE_PHP);
     }
   }
   return civicrm_api3_create_success($result, $params, 'PrevNextCache');