External Libraries: Disable deserialization in Requests_Utility_FilteredIterator

Props xknown, peterwilsoncc, desrosj, dd32, whyisjake.



git-svn-id: https://develop.svn.wordpress.org/branches/5.5@49373 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Jake Spurlock 2020-10-29 16:36:19 +00:00
parent 59168bc0e2
commit f854286f9c
2 changed files with 45 additions and 0 deletions

View File

@ -42,4 +42,20 @@ class Requests_Utility_FilteredIterator extends ArrayIterator {
$value = call_user_func($this->callback, $value);
return $value;
}
/**
* @inheritdoc
*/
public function unserialize( $serialized ) {
}
/**
* @inheritdoc
*/
public function __unserialize( $serialized ) { // phpcs:ignore PHPCompatibility.FunctionNameRestrictions.ReservedFunctionNames.MethodDoubleUnderscore,PHPCompatibility.FunctionNameRestrictions.NewMagicMethods.__unserializeFound
}
public function __wakeup() { // phpcs:ignore PHPCompatibility.FunctionNameRestrictions.ReservedFunctionNames.MethodDoubleUnderscore,PHPCompatibility.FunctionNameRestrictions.NewMagicMethods.__wakeupFound
unset( $this->callback );
}
}

View File

@ -269,6 +269,35 @@ class Tests_Functions extends WP_UnitTestCase {
$this->assertSame( $expected, is_serialized( $value ) );
}
/**
* @dataProvider data_serialize_deserialize_objects
*/
function test_deserialize_request_utility_filtered_iterator_objects( $value ) {
$serialized = maybe_serialize( $value );
if ( get_class( $value ) === 'Requests_Utility_FilteredIterator' ) {
$new_value = unserialize( $serialized );
if ( version_compare( PHP_VERSION, '5.3', '>=' ) ) {
$property = ( new ReflectionClass( 'Requests_Utility_FilteredIterator' ) )->getProperty( 'callback' );
$property->setAccessible( true );
$callback_value = $property->getValue( $new_value );
$this->assertSame( null, $callback_value );
} else {
$current_item = @$new_value->current(); // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged
$this->assertSame( null, $current_item );
}
} else {
$this->assertEquals( $value->count(), unserialize( $serialized )->count() );
}
}
function data_serialize_deserialize_objects() {
return array(
array( new Requests_Utility_FilteredIterator( array( 1 ), 'md5' ) ),
array( new Requests_Utility_FilteredIterator( array( 1, 2 ), 'sha1' ) ),
array( new ArrayIterator( array( 1, 2, 3 ) ) ),
);
}
function data_is_serialized() {
return array(
array( serialize( null ), true ),