Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-11-10 21:00:59 +01:00
Code Issues Projects Releases Wiki Activity

Prevent unintended behavior when certain objects are unserialized.

Browse Source 
Props ehtis, xknown.
Merges [56835] to the 6.3 branch.




Built from https://develop.svn.wordpress.org/branches/6.3@56842


git-svn-id: http://core.svn.wordpress.org/branches/6.3@56354 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
audrasjb 2023-10-12 13:22:23 +00:00
parent ac9cc8341f
commit 5caf39a880
7 changed files with 86 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wp-includes/Requests/src/Hooks.php
View File

@ -96,4 +96,8 @@ class Hooks implements HookManager {
return true; return true;
} }
public function __wakeup() {
throw new \LogicException( __CLASS__ . ' should never be unserialized' );
}
} }

14
wp-includes/Requests/src/Iri.php
View File

@ -717,6 +717,20 @@ class Iri {
return true; return true;
} }
public function __wakeup() {
$class_props = get_class_vars( __CLASS__ );
$string_props = array( 'scheme', 'iuserinfo', 'ihost', 'port', 'ipath', 'iquery', 'ifragment' );
$array_props = array( 'normalization' );
foreach ( $class_props as $prop => $default_value ) {
if ( in_array( $prop, $string_props, true ) && ! is_string( $this->$prop ) ) {
throw new UnexpectedValueException();
} elseif ( in_array( $prop, $array_props, true ) && ! is_array( $this->$prop ) ) {
throw new UnexpectedValueException();
}
$this->$prop = null;
}
}
/** /**
* Set the entire IRI. Returns true on success, false on failure (if there * Set the entire IRI. Returns true on success, false on failure (if there
* are any invalid characters). * are any invalid characters).

4
wp-includes/Requests/src/Session.php
View File

@ -265,6 +265,10 @@ class Session {
return Requests::request_multiple($requests, $options); return Requests::request_multiple($requests, $options);
} }
public function __wakeup() {
throw new \LogicException( __CLASS__ . ' should never be unserialized' );
}
/** /**
* Merge a request's data with the default data * Merge a request's data with the default data
* *

15
wp-includes/class-wp-block-patterns-registry.php
View File

@ -197,6 +197,21 @@ final class WP_Block_Patterns_Registry {
return isset( $this->registered_patterns[ $pattern_name ] ); return isset( $this->registered_patterns[ $pattern_name ] );
} }
public function __wakeup() {
if ( ! $this->registered_patterns ) {
return;
}
if ( ! is_array( $this->registered_patterns ) ) {
throw new UnexpectedValueException();
}
foreach ( $this->registered_patterns as $value ) {
if ( ! is_array( $value ) ) {
throw new UnexpectedValueException();
}
}
$this->registered_patterns_outside_init = array();
}
/** /**
* Utility method to retrieve the main instance of the class. * Utility method to retrieve the main instance of the class.
* *

14
wp-includes/class-wp-block-type-registry.php
View File

@ -168,6 +168,20 @@ final class WP_Block_Type_Registry {
return isset( $this->registered_block_types[ $name ] ); return isset( $this->registered_block_types[ $name ] );
} }
public function __wakeup() {
if ( ! $this->registered_block_types ) {
return;
}
if ( ! is_array( $this->registered_block_types ) ) {
throw new UnexpectedValueException();
}
foreach ( $this->registered_block_types as $value ) {
if ( ! $value instanceof WP_Block_Type ) {
throw new UnexpectedValueException();
}
}
}
/** /**
* Utility method to retrieve the main instance of the class. * Utility method to retrieve the main instance of the class.
* *

34
wp-includes/class-wp-theme.php
View File

@ -741,6 +741,28 @@ final class WP_Theme implements ArrayAccess {
return isset( $this->parent ) ? $this->parent : false; return isset( $this->parent ) ? $this->parent : false;
} }
/**
* Perform reinitialization tasks.
*
* Prevents a callback from being injected during unserialization of an object.
*
* @return void
*/
public function __wakeup() {
if ( $this->parent && ! $this->parent instanceof self ) {
throw new UnexpectedValueException();
}
if ( $this->headers && ! is_array( $this->headers ) ) {
throw new UnexpectedValueException();
}
foreach ( $this->headers as $value ) {
if ( ! is_string( $value ) ) {
throw new UnexpectedValueException();
}
}
$this->headers_sanitized = array();
}
/** /**
* Adds theme data to cache. * Adds theme data to cache.
* *
@ -1812,4 +1834,16 @@ final class WP_Theme implements ArrayAccess {
private static function _name_sort_i18n( $a, $b ) { private static function _name_sort_i18n( $a, $b ) {
return strnatcasecmp( $a->name_translated, $b->name_translated ); return strnatcasecmp( $a->name_translated, $b->name_translated );
} }
private static function _check_headers_property_has_correct_type( $headers ) {
if ( ! is_array( $headers ) ) {
return false;
}
foreach ( $headers as $key => $value ) {
if ( ! is_string( $key ) || ! is_string( $value ) ) {
return false;
}
}
return true;
}
} }

2
wp-includes/version.php
View File

@ -16,7 +16,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '6.3.2-RC1-56841'; $wp_version = '6.3.2-RC1-56842';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.