Created
November 18, 2022 17:03
-
-
Save danielbachhuber/6c429bfdd43cae3ddb72559ad1f54446 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/src/WP_CLI/SearchReplacer.php b/src/WP_CLI/SearchReplacer.php | |
index f8e314ad..556a5400 100644 | |
--- a/src/WP_CLI/SearchReplacer.php | |
+++ b/src/WP_CLI/SearchReplacer.php | |
@@ -83,13 +83,7 @@ private function run_recursively( $data, $serialised, $recursion_level = 0, $vis | |
} | |
} | |
- // The error suppression operator is not enough in some cases, so we disable | |
- // reporting of notices and warnings as well. | |
- $error_reporting = error_reporting(); | |
- error_reporting( $error_reporting & ~E_NOTICE & ~E_WARNING ); | |
- $unserialized = is_string( $data ) ? @unserialize( $data ) : false; | |
- error_reporting( $error_reporting ); | |
- | |
+ $unserialized = $this->is_serialized( $data ) ? @unserialize( $data ) : false; | |
if ( false !== $unserialized ) { | |
$data = $this->run_recursively( $unserialized, true, $recursion_level + 1 ); | |
} elseif ( is_array( $data ) ) { | |
@@ -185,4 +179,75 @@ private function preg_error_message( $error ) { | |
? $error_names[ $error ] | |
: '<unknown error>'; | |
} | |
+ | |
+ /** | |
+ * Checks value to find if it was serialized. | |
+ * | |
+ * If $data is not a string, then returned value will always be false. | |
+ * Serialized data is always a string. | |
+ * | |
+ * Copied over from WordPress core /src/wp-includes/functions.php. | |
+ * | |
+ * @param string $data Value to check to see if was serialized. | |
+ * @param bool $strict Optional. Whether to be strict about the end of the string. Default true. | |
+ * @return bool False if not serialized and true if it was. | |
+ */ | |
+ private function is_serialized( $data, $strict = true ) { | |
+ // If it isn't a string, it isn't serialized. | |
+ if ( ! is_string( $data ) ) { | |
+ return false; | |
+ } | |
+ $data = trim( $data ); | |
+ if ( 'N;' === $data ) { | |
+ return true; | |
+ } | |
+ if ( strlen( $data ) < 4 ) { | |
+ return false; | |
+ } | |
+ if ( ':' !== $data[1] ) { | |
+ return false; | |
+ } | |
+ if ( $strict ) { | |
+ $lastc = substr( $data, -1 ); | |
+ if ( ';' !== $lastc && '}' !== $lastc ) { | |
+ return false; | |
+ } | |
+ } else { | |
+ $semicolon = strpos( $data, ';' ); | |
+ $brace = strpos( $data, '}' ); | |
+ // Either ; or } must exist. | |
+ if ( false === $semicolon && false === $brace ) { | |
+ return false; | |
+ } | |
+ // But neither must be in the first X characters. | |
+ if ( false !== $semicolon && $semicolon < 3 ) { | |
+ return false; | |
+ } | |
+ if ( false !== $brace && $brace < 4 ) { | |
+ return false; | |
+ } | |
+ } | |
+ $token = $data[0]; | |
+ switch ( $token ) { | |
+ case 's': | |
+ if ( $strict ) { | |
+ if ( '"' !== substr( $data, -2, 1 ) ) { | |
+ return false; | |
+ } | |
+ } elseif ( false === strpos( $data, '"' ) ) { | |
+ return false; | |
+ } | |
+ // Or else fall through. | |
+ case 'a': | |
+ case 'O': | |
+ case 'E': | |
+ return (bool) preg_match( "/^{$token}:[0-9]+:/s", $data ); | |
+ case 'b': | |
+ case 'i': | |
+ case 'd': | |
+ $end = $strict ? '$' : ''; | |
+ return (bool) preg_match( "/^{$token}:[0-9.E+-]+;$end/", $data ); | |
+ } | |
+ return false; | |
+ } | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment