diff --git a/wp-includes/Requests/src/Hooks.php b/wp-includes/Requests/src/Hooks.php index 74fba0b3e1..d8023ed0bb 100644 --- a/wp-includes/Requests/src/Hooks.php +++ b/wp-includes/Requests/src/Hooks.php @@ -96,4 +96,8 @@ class Hooks implements HookManager { return true; } + + public function __wakeup() { + throw new \LogicException( __CLASS__ . ' should never be unserialized' ); + } } diff --git a/wp-includes/Requests/src/Iri.php b/wp-includes/Requests/src/Iri.php index c452c7365b..41ea7a8a8c 100644 --- a/wp-includes/Requests/src/Iri.php +++ b/wp-includes/Requests/src/Iri.php @@ -717,6 +717,20 @@ class Iri { return true; } + public function __wakeup() { + $class_props = get_class_vars( __CLASS__ ); + $string_props = array( 'scheme', 'iuserinfo', 'ihost', 'port', 'ipath', 'iquery', 'ifragment' ); + $array_props = array( 'normalization' ); + foreach ( $class_props as $prop => $default_value ) { + if ( in_array( $prop, $string_props, true ) && ! is_string( $this->$prop ) ) { + throw new UnexpectedValueException(); + } elseif ( in_array( $prop, $array_props, true ) && ! is_array( $this->$prop ) ) { + throw new UnexpectedValueException(); + } + $this->$prop = null; + } + } + /** * Set the entire IRI. Returns true on success, false on failure (if there * are any invalid characters). diff --git a/wp-includes/Requests/src/Session.php b/wp-includes/Requests/src/Session.php index 000d2526d4..0a63279022 100644 --- a/wp-includes/Requests/src/Session.php +++ b/wp-includes/Requests/src/Session.php @@ -265,6 +265,10 @@ class Session { return Requests::request_multiple($requests, $options); } + public function __wakeup() { + throw new \LogicException( __CLASS__ . ' should never be unserialized' ); + } + /** * Merge a request's data with the default data * diff --git a/wp-includes/class-wp-block-patterns-registry.php b/wp-includes/class-wp-block-patterns-registry.php index a83b35185b..75f34e0749 100644 --- a/wp-includes/class-wp-block-patterns-registry.php +++ b/wp-includes/class-wp-block-patterns-registry.php @@ -197,6 +197,21 @@ final class WP_Block_Patterns_Registry { return isset( $this->registered_patterns[ $pattern_name ] ); } + public function __wakeup() { + if ( ! $this->registered_patterns ) { + return; + } + if ( ! is_array( $this->registered_patterns ) ) { + throw new UnexpectedValueException(); + } + foreach ( $this->registered_patterns as $value ) { + if ( ! is_array( $value ) ) { + throw new UnexpectedValueException(); + } + } + $this->registered_patterns_outside_init = array(); + } + /** * Utility method to retrieve the main instance of the class. * diff --git a/wp-includes/class-wp-block-type-registry.php b/wp-includes/class-wp-block-type-registry.php index 84adecd5d0..49e7bd60ae 100644 --- a/wp-includes/class-wp-block-type-registry.php +++ b/wp-includes/class-wp-block-type-registry.php @@ -168,6 +168,20 @@ final class WP_Block_Type_Registry { return isset( $this->registered_block_types[ $name ] ); } + public function __wakeup() { + if ( ! $this->registered_block_types ) { + return; + } + if ( ! is_array( $this->registered_block_types ) ) { + throw new UnexpectedValueException(); + } + foreach ( $this->registered_block_types as $value ) { + if ( ! $value instanceof WP_Block_Type ) { + throw new UnexpectedValueException(); + } + } + } + /** * Utility method to retrieve the main instance of the class. * diff --git a/wp-includes/class-wp-theme.php b/wp-includes/class-wp-theme.php index 5841ec3d9d..4f4b44eae9 100644 --- a/wp-includes/class-wp-theme.php +++ b/wp-includes/class-wp-theme.php @@ -741,6 +741,28 @@ final class WP_Theme implements ArrayAccess { return isset( $this->parent ) ? $this->parent : false; } + /** + * Perform reinitialization tasks. + * + * Prevents a callback from being injected during unserialization of an object. + * + * @return void + */ + public function __wakeup() { + if ( $this->parent && ! $this->parent instanceof self ) { + throw new UnexpectedValueException(); + } + if ( $this->headers && ! is_array( $this->headers ) ) { + throw new UnexpectedValueException(); + } + foreach ( $this->headers as $value ) { + if ( ! is_string( $value ) ) { + throw new UnexpectedValueException(); + } + } + $this->headers_sanitized = array(); + } + /** * Adds theme data to cache. * @@ -1812,4 +1834,16 @@ final class WP_Theme implements ArrayAccess { private static function _name_sort_i18n( $a, $b ) { return strnatcasecmp( $a->name_translated, $b->name_translated ); } + + private static function _check_headers_property_has_correct_type( $headers ) { + if ( ! is_array( $headers ) ) { + return false; + } + foreach ( $headers as $key => $value ) { + if ( ! is_string( $key ) || ! is_string( $value ) ) { + return false; + } + } + return true; + } } diff --git a/wp-includes/version.php b/wp-includes/version.php index 7b380a4c3a..3713f499d3 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -16,7 +16,7 @@ * * @global string $wp_version */ -$wp_version = '6.3.2-RC1-56841'; +$wp_version = '6.3.2-RC1-56842'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.