Beispiel #1
0
 public static function verifySerialized(&$serial, XenForo_DataWriter $dw, $fieldName = false)
 {
     if (!is_string($serial)) {
         $serial = serialize($serial);
         $verifyValidSerialization = false;
     } else {
         // already serialized, so we need to check whether this is valid
         $verifyValidSerialization = true;
     }
     if (XenForo_Helper_Php::serializedContainsObject($serial)) {
         throw new XenForo_Exception("Serialized value contains an object and this is not allowed");
     }
     if ($verifyValidSerialization) {
         if (@unserialize($serial) === false && $serial != serialize(false)) {
             $dw->error('The data provided as a serialized array does not unserialize.', $fieldName);
             return false;
         }
     }
     return true;
 }
Beispiel #2
0
 /**
  * Casts the field value based on the specified type (TYPE_* constants).
  *
  * @param string $fieldType Type to cast to
  * @param mixed $value Value to cast
  * @param string $fieldName Name of the field being cast
  * @param array Array of all field data information, for extra options
  *
  * @return mixed
  */
 protected function _castValueToType($fieldType, $value, $fieldName, array $fieldData)
 {
     switch ($fieldType) {
         case self::TYPE_STRING:
             if (isset($fieldData['noTrim'])) {
                 return strval($value);
             } else {
                 return trim(strval($value));
             }
         case self::TYPE_BINARY:
             return strval($value);
         case self::TYPE_UINT_FORCED:
             $value = intval($value);
             return $value < 0 ? 0 : $value;
         case self::TYPE_UINT:
         case self::TYPE_INT:
             return intval($value);
         case self::TYPE_FLOAT:
             return strval($value) + 0;
         case self::TYPE_BOOLEAN:
             return $value ? 1 : 0;
         case self::TYPE_SERIALIZED:
             if (!is_string($value)) {
                 $value = serialize($value);
                 $verifyValidSerialization = false;
             } else {
                 // already serialized, so we need to check whether this is valid
                 $verifyValidSerialization = true;
             }
             if (empty($fieldData['unsafe']) && XenForo_Helper_Php::serializedContainsObject($value)) {
                 throw new XenForo_Exception("Serialized value contains an object and this is not allowed");
             }
             if ($verifyValidSerialization) {
                 if (@unserialize($value) === false && $value != serialize(false)) {
                     throw new XenForo_Exception('Value is not unserializable');
                 }
             }
             return $value;
         case self::TYPE_JSON:
             if (!is_string($value)) {
                 return json_encode($value);
             }
             if (json_decode($value) === null) {
                 throw new XenForo_Exception('Value cannot be JSON decoded');
             }
             return $value;
         case self::TYPE_UNKNOWN:
             return $value;
             // unmodified
         // unmodified
         default:
             throw new XenForo_Exception($fieldName === false ? "There is no field type '{$fieldType}'." : "The field type specified for '{$fieldName}' is not valid ({$fieldType}).");
     }
 }