Skip to content

Instantly share code, notes, and snippets.

@balloz
Last active August 19, 2019 14:01
Show Gist options
  • Save balloz/ceaf5feb5ac66caaa82342441d32aa88 to your computer and use it in GitHub Desktop.
Save balloz/ceaf5feb5ac66caaa82342441d32aa88 to your computer and use it in GitHub Desktop.
Fix broken unserialize in Magento SUPEE-8788 patch
diff --git a/lib/Unserialize/Parser.php b/lib/Unserialize/Parser.php
index 20a6a3c..88c6555 100644
--- a/lib/Unserialize/Parser.php
+++ b/lib/Unserialize/Parser.php
@@ -34,6 +34,7 @@ class Unserialize_Parser
const TYPE_DOUBLE = 'd';
const TYPE_ARRAY = 'a';
const TYPE_BOOL = 'b';
+ const TYPE_NULL = 'N';
const SYMBOL_QUOTE = '"';
const SYMBOL_SEMICOLON = ';';
diff --git a/lib/Unserialize/Reader/Arr.php b/lib/Unserialize/Reader/Arr.php
index cf039f7..9526017 100644
--- a/lib/Unserialize/Reader/Arr.php
+++ b/lib/Unserialize/Reader/Arr.php
@@ -101,7 +101,10 @@ class Unserialize_Reader_Arr
if ($this->_status == self::READING_VALUE) {
$value = $this->_reader->read($char, $prevChar);
if (!is_null($value)) {
- $this->_result[$this->_reader->key] = $value;
+ $this->_result[$this->_reader->key] =
+ ($value == Unserialize_Reader_Null::NULL_VALUE && $prevChar == Unserialize_Parser::TYPE_NULL)
+ ? null
+ : $value;
if (count($this->_result) < $this->_length) {
$this->_reader = new Unserialize_Reader_ArrKey();
$this->_status = self::READING_KEY;
diff --git a/lib/Unserialize/Reader/ArrValue.php b/lib/Unserialize/Reader/ArrValue.php
index 620e52b..e392d81 100644
--- a/lib/Unserialize/Reader/ArrValue.php
+++ b/lib/Unserialize/Reader/ArrValue.php
@@ -84,6 +84,10 @@ class Unserialize_Reader_ArrValue
$this->_reader = new Unserialize_Reader_Dbl();
$this->_status = self::READING_VALUE;
break;
+ case Unserialize_Parser::TYPE_NULL:
+ $this->_reader = new Unserialize_Reader_Null();
+ $this->_status = self::READING_VALUE;
+ break;
default:
throw new Exception('Unsupported data type ' . $char);
}
diff --git a/lib/Unserialize/Reader/Null.php b/lib/Unserialize/Reader/Null.php
new file mode 100644
index 0000000..ead7f77
--- /dev/null
+++ b/lib/Unserialize/Reader/Null.php
@@ -0,0 +1,64 @@
+<?php
+/**
+ * Magento
+ *
+ * NOTICE OF LICENSE
+ *
+ * This source file is subject to the Open Software License (OSL 3.0)
+ * that is bundled with this package in the file LICENSE.txt.
+ * It is also available through the world-wide-web at this URL:
+ * http://opensource.org/licenses/osl-3.0.php
+ * If you did not receive a copy of the license and are unable to
+ * obtain it through the world-wide-web, please send an email
+ * to license@magento.com so we can send you a copy immediately.
+ *
+ * DISCLAIMER
+ *
+ * Do not edit or add to this file if you wish to upgrade Magento to newer
+ * versions in the future. If you wish to customize Magento for your
+ * needs please refer to http://www.magento.com for more information.
+ *
+ * @category Unserialize
+ * @package Unserialize_Reader
+ * @copyright Copyright (c) 2006-2016 X.commerce, Inc. and affiliates (http://www.magento.com)
+ * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
+ */
+
+/**
+ * Class Unserialize_Reader_Null
+ */
+class Unserialize_Reader_Null
+{
+ /**
+ * @var int
+ */
+ protected $_status;
+
+ /**
+ * @var string
+ */
+ protected $_value;
+
+ const NULL_VALUE = 'null';
+
+ const READING_VALUE = 1;
+
+ /**
+ * @param string $char
+ * @param string $prevChar
+ * @return string|null
+ */
+ public function read($char, $prevChar)
+ {
+ if ($prevChar == Unserialize_Parser::SYMBOL_SEMICOLON) {
+ $this->_value = self::NULL_VALUE;
+ $this->_status = self::READING_VALUE;
+ return null;
+ }
+
+ if ($this->_status == self::READING_VALUE && $char == Unserialize_Parser::SYMBOL_SEMICOLON) {
+ return $this->_value;
+ }
+ return null;
+ }
+}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment