Example #1
0
 /**
  * @group Core
  * @group Cookie
  */
 public function testSafeUnserialize()
 {
     /*
      * serialize() uses its internal maachine representation when floats expressed in E-notation,
      * which may vary between php versions, OS, and hardware platforms
      */
     $testData = $tests['exp float'] = -5.0E+142;
     // intentionally disabled; this doesn't work
     //        $this->assertEquals( safe_serialize($testData), serialize($testData) );
     $this->assertEquals($testData, unserialize(safe_serialize($testData)));
     $this->assertSame($testData, safe_unserialize(safe_serialize($testData)));
     // workaround: cast floats into strings
     $this->assertSame($testData, safe_unserialize(serialize($testData)));
     $unserialized = array('announcement' => true, 'source' => array(array('filename' => 'php-5.3.3.tar.bz2', 'name' => 'PHP 5.3.3 (tar.bz2)', 'md5' => '21ceeeb232813c10283a5ca1b4c87b48', 'date' => '22 July 2010'), array('filename' => 'php-5.3.3.tar.gz', 'name' => 'PHP 5.3.3 (tar.gz)', 'md5' => '5adf1a537895c2ec933fddd48e78d8a2', 'date' => '22 July 2010')), 'date' => '22 July 2010', 'version' => '5.3.3');
     $serialized = 'a:4:{s:12:"announcement";b:1;s:6:"source";a:2:{i:0;a:4:{s:8:"filename";s:17:"php-5.3.3.tar.bz2";s:4:"name";s:19:"PHP 5.3.3 (tar.bz2)";s:3:"md5";s:32:"21ceeeb232813c10283a5ca1b4c87b48";s:4:"date";s:12:"22 July 2010";}i:1;a:4:{s:8:"filename";s:16:"php-5.3.3.tar.gz";s:4:"name";s:18:"PHP 5.3.3 (tar.gz)";s:3:"md5";s:32:"5adf1a537895c2ec933fddd48e78d8a2";s:4:"date";s:12:"22 July 2010";}}s:4:"date";s:12:"22 July 2010";s:7:"version";s:5:"5.3.3";}';
     $this->assertSame($unserialized, unserialize($serialized));
     $this->assertEquals($serialized, serialize($unserialized));
     $this->assertSame($unserialized, safe_unserialize($serialized));
     $this->assertEquals($serialized, safe_serialize($unserialized));
     $this->assertSame($unserialized, safe_unserialize(safe_serialize($unserialized)));
     $this->assertEquals($serialized, safe_serialize(safe_unserialize($serialized)));
     $a = 'O:31:"Test_Piwik_Cookie_Phantom_Class":0:{}';
     $this->assertFalse(safe_unserialize($a), "test: unserializing an object where class not (yet) defined");
     $a = 'O:28:"Test_Piwik_Cookie_Mock_Class":0:{}';
     $this->assertFalse(safe_unserialize($a), "test: unserializing an object where class is defined");
     $a = 'a:1:{i:0;O:28:"Test_Piwik_Cookie_Mock_Class":0:{}}';
     $this->assertFalse(safe_unserialize($a), "test: unserializing nested object where class is defined");
     $a = 'a:2:{i:0;s:4:"test";i:1;O:28:"Test_Piwik_Cookie_Mock_Class":0:{}}';
     $this->assertFalse(safe_unserialize($a), "test: unserializing another nested object where class is defined");
     $a = 'O:28:"Test_Piwik_Cookie_Mock_Class":1:{s:34:"' . "" . 'Test_Piwik_Cookie_Mock_Class' . "" . 'name";s:4:"test";}';
     $this->assertFalse(safe_unserialize($a), "test: unserializing object with member where class is defined");
     // arrays and objects cannot be used as keys, i.e., generates "Warning: Illegal offset type ..."
     $a = 'a:2:{i:0;a:0:{}O:28:"Test_Piwik_Cookie_Mock_Class":0:{}s:4:"test";';
     $this->assertFalse(safe_unserialize($a), "test: unserializing with illegal key");
 }
Example #2
0
 function test_safeSerialize()
 {
     $tests = array('null' => null, 'bool false' => false, 'bool true' => true, 'negative int' => -42, 'zero' => 0, 'positive int' => 42, 'float' => 1.25, 'empty string' => '', 'nul in string' => "", 'carriage return in string' => "first line\r\nsecond line", 'utf7 in string' => 'hello, world', 'utf8 in string' => '是', 'empty array' => array(), 'single element array' => array("test"), 'associative array' => array("alpha", 2 => "beta"), 'mixed keys' => array('first' => 'john', 'last' => 'doe', 10 => 'age'), 'nested arrays' => array('top' => array('middle' => 2, array('bottom'), 'last'), 'the end' => true), 'array confusion' => array('"', "'", '}', ';', ':'));
     foreach ($tests as $id => $testData) {
         $this->assertEqual(safe_serialize($testData), serialize($testData), $id);
     }
     foreach ($tests as $id => $testData) {
         $this->assertEqual(unserialize(safe_serialize($testData)), $testData, $id);
         $this->assertTrue(safe_unserialize(safe_serialize($testData)) === $testData, $id);
         $this->assertTrue(safe_unserialize(serialize($testData)) === $testData, $id);
     }
     /*
      * serialize() uses its internal maachine representation when floats expressed in E-notation,
      * which may vary between php versions, OS, and hardware platforms
      */
     $testData = $tests['exp float'] = -5.0E+142;
     // intentionally disabled; this doesn't work
     //		$this->assertEqual( safe_serialize($testData), serialize($testData) );
     $this->assertEqual(unserialize(safe_serialize($testData)), $testData);
     $this->assertTrue(safe_unserialize(safe_serialize($testData)) === $testData);
     // workaround: cast floats into strings
     $this->assertTrue((string) safe_unserialize(serialize($testData)) === (string) $testData);
     $unserialized = array('announcement' => true, 'source' => array(array('filename' => 'php-5.3.3.tar.bz2', 'name' => 'PHP 5.3.3 (tar.bz2)', 'md5' => '21ceeeb232813c10283a5ca1b4c87b48', 'date' => '22 July 2010'), array('filename' => 'php-5.3.3.tar.gz', 'name' => 'PHP 5.3.3 (tar.gz)', 'md5' => '5adf1a537895c2ec933fddd48e78d8a2', 'date' => '22 July 2010')), 'date' => '22 July 2010', 'version' => '5.3.3');
     $serialized = 'a:4:{s:12:"announcement";b:1;s:6:"source";a:2:{i:0;a:4:{s:8:"filename";s:17:"php-5.3.3.tar.bz2";s:4:"name";s:19:"PHP 5.3.3 (tar.bz2)";s:3:"md5";s:32:"21ceeeb232813c10283a5ca1b4c87b48";s:4:"date";s:12:"22 July 2010";}i:1;a:4:{s:8:"filename";s:16:"php-5.3.3.tar.gz";s:4:"name";s:18:"PHP 5.3.3 (tar.gz)";s:3:"md5";s:32:"5adf1a537895c2ec933fddd48e78d8a2";s:4:"date";s:12:"22 July 2010";}}s:4:"date";s:12:"22 July 2010";s:7:"version";s:5:"5.3.3";}';
     $this->assertTrue(unserialize($serialized) === $unserialized);
     $this->assertEqual(serialize($unserialized), $serialized);
     $this->assertTrue(safe_unserialize($serialized) === $unserialized);
     $this->assertEqual(safe_serialize($unserialized), $serialized);
     $this->assertTrue(safe_unserialize(safe_serialize($unserialized)) === $unserialized);
     $this->assertEqual(safe_serialize(safe_unserialize($serialized)), $serialized);
     $a = 'O:31:"Test_Piwik_Cookie_Phantom_Class":0:{}';
     $this->assertFalse(safe_unserialize($a), "test: unserializing an object where class not (yet) defined");
     $a = 'O:28:"Test_Piwik_Cookie_Mock_Class":0:{}';
     $this->assertFalse(safe_unserialize($a), "test: unserializing an object where class is defined");
     $a = 'a:1:{i:0;O:28:"Test_Piwik_Cookie_Mock_Class":0:{}}';
     $this->assertFalse(safe_unserialize($a), "test: unserializing nested object where class is defined");
     $a = 'a:2:{i:0;s:4:"test";i:1;O:28:"Test_Piwik_Cookie_Mock_Class":0:{}}';
     $this->assertFalse(safe_unserialize($a), "test: unserializing another nested object where class is defined");
     $a = 'O:28:"Test_Piwik_Cookie_Mock_Class":1:{s:34:"' . "" . 'Test_Piwik_Cookie_Mock_Class' . "" . 'name";s:4:"test";}';
     $this->assertFalse(safe_unserialize($a), "test: unserializing object with member where class is defined");
     // arrays and objects cannot be used as keys, i.e., generates "Warning: Illegal offset type ..."
     $a = 'a:2:{i:0;a:0:{}O:28:"Test_Piwik_Cookie_Mock_Class":0:{}s:4:"test";';
     $this->assertFalse(safe_unserialize($a), "test: unserializing with illegal key");
 }
Example #3
0
 /**
  * Returns the string to save in the cookie from the $this->value array of values.
  * It goes through the array and generates the cookie content string.
  *
  * @return string  Cookie content
  */
 protected function generateContentString()
 {
     $cookieStr = '';
     foreach ($this->value as $name => $value) {
         if (!is_numeric($value)) {
             $value = base64_encode(safe_serialize($value));
         }
         $cookieStr .= "{$name}={$value}" . self::VALUE_SEPARATOR;
     }
     if (!empty($cookieStr)) {
         $cookieStr .= '_=';
         // sign cookie
         $signature = sha1($cookieStr . SettingsPiwik::getSalt());
         return $cookieStr . $signature;
     }
     return '';
 }
Example #4
0
 /**
  * Returns the string to save in the cookie from the $this->value array of values.
  * It goes through the array and generates the cookie content string.
  *
  * @return string Cookie content
  */
 protected function generateContentString()
 {
     $cookieStr = '';
     foreach ($this->value as $name => $value) {
         if (!is_numeric($value)) {
             // @see http://bugs.php.net/38680
             if (PHP_VERSION < '5.2.1') {
                 $value = base64_encode(safe_serialize($value));
             } else {
                 $value = base64_encode(json_encode($value));
             }
         }
         $cookieStr .= "{$name}={$value}" . self::VALUE_SEPARATOR;
     }
     if (!empty($cookieStr)) {
         $cookieStr .= '_=';
         // sign cookie
         $signature = sha1($cookieStr . Core_Common::getSalt());
         return $cookieStr . $signature;
     }
     return '';
 }