public static function verifySerialized(&$serial, XenForo_DataWriter $dw, $fieldName = false) { if (!is_string($serial)) { $serial = serialize($serial); $verifyValidSerialization = false; } else { // already serialized, so we need to check whether this is valid $verifyValidSerialization = true; } if (XenForo_Helper_Php::serializedContainsObject($serial)) { throw new XenForo_Exception("Serialized value contains an object and this is not allowed"); } if ($verifyValidSerialization) { if (@unserialize($serial) === false && $serial != serialize(false)) { $dw->error('The data provided as a serialized array does not unserialize.', $fieldName); return false; } } return true; }
/** * Casts the field value based on the specified type (TYPE_* constants). * * @param string $fieldType Type to cast to * @param mixed $value Value to cast * @param string $fieldName Name of the field being cast * @param array Array of all field data information, for extra options * * @return mixed */ protected function _castValueToType($fieldType, $value, $fieldName, array $fieldData) { switch ($fieldType) { case self::TYPE_STRING: if (isset($fieldData['noTrim'])) { return strval($value); } else { return trim(strval($value)); } case self::TYPE_BINARY: return strval($value); case self::TYPE_UINT_FORCED: $value = intval($value); return $value < 0 ? 0 : $value; case self::TYPE_UINT: case self::TYPE_INT: return intval($value); case self::TYPE_FLOAT: return strval($value) + 0; case self::TYPE_BOOLEAN: return $value ? 1 : 0; case self::TYPE_SERIALIZED: if (!is_string($value)) { $value = serialize($value); $verifyValidSerialization = false; } else { // already serialized, so we need to check whether this is valid $verifyValidSerialization = true; } if (empty($fieldData['unsafe']) && XenForo_Helper_Php::serializedContainsObject($value)) { throw new XenForo_Exception("Serialized value contains an object and this is not allowed"); } if ($verifyValidSerialization) { if (@unserialize($value) === false && $value != serialize(false)) { throw new XenForo_Exception('Value is not unserializable'); } } return $value; case self::TYPE_JSON: if (!is_string($value)) { return json_encode($value); } if (json_decode($value) === null) { throw new XenForo_Exception('Value cannot be JSON decoded'); } return $value; case self::TYPE_UNKNOWN: return $value; // unmodified // unmodified default: throw new XenForo_Exception($fieldName === false ? "There is no field type '{$fieldType}'." : "The field type specified for '{$fieldName}' is not valid ({$fieldType})."); } }