From 8cec96dceec27753387d77e40386b3bced1e6546 Mon Sep 17 00:00:00 2001 From: eileen Date: Mon, 1 Jul 2019 12:21:49 +1200 Subject: [PATCH] Block classes in unserialize field for IDE cheer --- CRM/Core/BAO/PrevNextCache.php | 3 ++- CRM/Core/DAO.php | 7 ++++--- api/v3/Dedupe.php | 2 +- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/CRM/Core/BAO/PrevNextCache.php b/CRM/Core/BAO/PrevNextCache.php index 3cc23eb301..116f87c19e 100644 --- a/CRM/Core/BAO/PrevNextCache.php +++ b/CRM/Core/BAO/PrevNextCache.php @@ -172,6 +172,7 @@ WHERE cachekey = %3 AND * @param array $conflicts * * @return bool + * @throws CRM_Core_Exception */ public static function markConflict($id1, $id2, $cacheKey, $conflicts) { if (empty($cacheKey) || empty($conflicts)) { @@ -194,7 +195,7 @@ WHERE cachekey = %3 AND while ($pncFind->fetch()) { $data = $pncFind->data; if (!empty($data)) { - $data = unserialize($data); + $data = CRM_Core_DAO::unSerializeField($data, CRM_Core_DAO::SERIALIZE_PHP); $data['conflicts'] = implode(",", array_values($conflicts)); $pncUp = new CRM_Core_DAO_PrevNextCache(); diff --git a/CRM/Core/DAO.php b/CRM/Core/DAO.php index a54d1a1ca4..82c4ebc9f2 100644 --- a/CRM/Core/DAO.php +++ b/CRM/Core/DAO.php @@ -2877,8 +2877,9 @@ SELECT contact_id * * @param string|null $value * @param $serializationType + * * @return array|null - * @throws \Exception + * @throws CRM_Core_Exception */ public static function unSerializeField($value, $serializationType) { if ($value === NULL) { @@ -2898,13 +2899,13 @@ SELECT contact_id return strlen($value) ? json_decode($value, TRUE) : []; case self::SERIALIZE_PHP: - return strlen($value) ? unserialize($value) : []; + return strlen($value) ? unserialize($value, ['allowed_classes' => FALSE]) : []; case self::SERIALIZE_COMMA: return explode(',', trim(str_replace(', ', '', $value))); default: - throw new Exception('Unknown serialization method for field.'); + throw new CRM_Core_Exception('Unknown serialization method for field.'); } } diff --git a/api/v3/Dedupe.php b/api/v3/Dedupe.php index 0a27dcffeb..0099206918 100644 --- a/api/v3/Dedupe.php +++ b/api/v3/Dedupe.php @@ -51,7 +51,7 @@ function civicrm_api3_dedupe_get($params) { } foreach ($result as $index => $values) { if (isset($values['data']) && !empty($values['data'])) { - $result[$index]['data'] = unserialize($values['data']); + $result[$index]['data'] = CRM_Core_DAO::unSerializeField($values['data'], CRM_Core_DAO::SERIALIZE_PHP); } } return civicrm_api3_create_success($result, $params, 'PrevNextCache'); -- 2.25.1